Skip to content

Crc crash #108

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mkver wants to merge 4 commits into
base: master
Choose a base branch
from
Open

Crc crash #108

mkver wants to merge 4 commits into from

Conversation

@mkver
Copy link

@mkver mkver commented Jul 11, 2025

The main aim of this patchset is to fix ticket 11233.

mkver added 4 commits July 11, 2025 22:58
@mkver
avformat/aviobuf: Keep checksum_ptr consistent in avio_seek()
b4bef4a 
Otherwise it might be > buf_ptr in which case ffio_get_checksum()
could segfault (s->buf_ptr - s->checksum_ptr would be negative
which would be converted to something very big when converted
to unsigned for the update_checksum callback).

Fixes ticket #11233.

Reported-by: Du4t
Signed-off-by: Andreas Rheinhardt <[email protected]>
@mkver
avformat/oggdec: Don't skip over data whose checksum is used
87b2a6b 
The behavior of the ffio_*_checksum feature is not well defined
when using avio_skip(). The code in oggdec.c relied on the skipped
data (four bytes) to be checksummed, which is mostly true
because short_seek_threshold is 32768 by default, so that
avio_seek() will normally read data instead of calling the
underlying seek function. Yet this has two problems:

a) It relies on implementation details of avio_seek().
b) There is an exception, namely if the AVIO_FLAG_DIRECT is set.
In this case the underlying seek function (if set) is always
called and the data is skipped, leading to CRC errors.

So don't skip the data.

Signed-off-by: Andreas Rheinhardt <[email protected]>
@mkver
avformat/tta: Avoid seek when reading header
13e40af 
Signed-off-by: Andreas Rheinhardt <[email protected]>
@mkver
avformat/takdec: Don't truncate return value
cdc79ae 
This is unlikely to matter for real files.

Signed-off-by: Andreas Rheinhardt <[email protected]>
@mkver
Copy link
Author

mkver commented Jul 11, 2025

/submit

@ffmpeg-codebot
Copy link

ffmpeg-codebot bot commented Jul 11, 2025

Submitted as [email protected]

To fetch this version into FETCH_HEAD:

git fetch https://github.com/ffstaging/FFmpeg pr-ffstaging-108/mkver/crc_crash-v1

To fetch this version to local tag pr-ffstaging-108/mkver/crc_crash-v1:

git fetch --no-tags https://github.com/ffstaging/FFmpeg tag pr-ffstaging-108/mkver/crc_crash-v1

@ffmpeg-codebot
Copy link

ffmpeg-codebot bot commented Jul 13, 2025

On the FFmpeg mailing list, Andreas Rheinhardt wrote (reply to this):

ffmpegagent:
> The main aim of this patchset is to fix ticket 11233.
> 
> Andreas Rheinhardt (4):
>   avformat/aviobuf: Keep checksum_ptr consistent in avio_seek()
>   avformat/oggdec: Don't skip over data whose checksum is used
>   avformat/tta: Avoid seek when reading header
>   avformat/takdec: Don't truncate return value
> 
>  libavformat/aviobuf.c |  2 +-
>  libavformat/oggdec.c  |  2 +-
>  libavformat/takdec.c  |  9 +++++----
>  libavformat/tta.c     | 41 +++++++++++++++++++----------------------
>  4 files changed, 26 insertions(+), 28 deletions(-)
> 
> 
> base-commit: 3ce348063c9433e33a5cb1ac79ac1efa37c21621
> Published-As: https://github.com/ffstaging/FFmpeg/releases/tag/pr-ffstaging-108%2Fmkver%2Fcrc_crash-v1
> Fetch-It-Via: git fetch https://github.com/ffstaging/FFmpeg pr-ffstaging-108/mkver/crc_crash-v1
> Pull-Request: https://github.com/ffstaging/FFmpeg/pull/108

Will apply this patchset tomorrow unless there are objections.

- Andreas

_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mkver