From: Andre Noll Date: Wed, 29 Jun 2022 11:38:02 +0000 (+0200) Subject: mp4: Don't abort on truncated files. X-Git-Tag: v0.7.1~7^2 X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=7944326236f20f9ecccfe6ed0e471d665aba0123;p=paraslash.git mp4: Don't abort on truncated files. If the source file got truncated it may happen that a chunk cannot be read because the computed file offset is beyond EOF. Currently, aac_afh_get_chunk() aborts in this case because we assert that the file offset is within range. Return a proper error code instead and also change aac_get_file_info() to bail out if aac_afh_get_chunk() returns negative. --- diff --git a/aac_afh.c b/aac_afh.c index 7be441ab..79fa30dd 100644 --- a/aac_afh.c +++ b/aac_afh.c @@ -101,7 +101,8 @@ static int aac_afh_get_chunk(uint32_t chunk_num, void *afh_context, ret = mp4_get_sample_size(c->mp4, chunk_num, &ss); if (ret < 0) return ret; - assert(ss + offset <= c->mapsize); + if (ss + offset > c->mapsize) /* file got truncated?! */ + return -E_MP4_CORRUPT; *buf = c->map + offset; *len = ss; return 1; @@ -141,18 +142,21 @@ static int aac_get_file_info(char *map, size_t numbytes, __a_unused int fd, afhi->max_chunk_size = 0; for (n = 0; n < afhi->chunks_total; n++) { - if (aac_afh_get_chunk(n, c, &buf, &len) < 0) - break; + ret = aac_afh_get_chunk(n, c, &buf, &len); + if (ret < 0) + goto out; afhi->max_chunk_size = PARA_MAX(afhi->max_chunk_size, len); } milliseconds = mp4_get_duration(c->mp4); afhi->seconds_total = milliseconds / 1000; ms2tv(milliseconds / afhi->chunks_total, &afhi->chunk_tv); - if (aac_afh_get_chunk(0, c, &buf, &len) >= 0) - numbytes -= buf - map; + if (aac_afh_get_chunk(0, c, &buf, &len) < 0) + goto out; + numbytes -= buf - map; afhi->bitrate = 8 * numbytes / afhi->seconds_total / 1000; aac_afh_get_taginfo(c->mp4, &afhi->tags); ret = 1; +out: aac_afh_close(c); return ret; }