Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix long-running loop in QuickTimeVideo::sampleDesc #2424

Merged
merged 3 commits into from
Nov 27, 2022
Merged

Fix long-running loop in QuickTimeVideo::sampleDesc #2424

merged 3 commits into from
Nov 27, 2022

Conversation

kevinbackhouse
Copy link
Collaborator

Fixes: #2423

The most important change here is to add a break to the loop in QuickTimeVideo::sampleDesc. The second important change is to make sure that all the private fields of QuickTimeVideo are initialized. I also did some cleanup of the types of some of the local variables.

@kevinbackhouse kevinbackhouse added bug OSS-Fuzz Bug reported by https://google.github.io/oss-fuzz/ labels Nov 20, 2022
piponazo
piponazo previously approved these changes Nov 20, 2022
View reviewed changes
Copy link
Collaborator

@piponazo piponazo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Feel free to do something about the comment I have made or not, it is just a suggestion. Everything else looks good!

src/quicktimevideo.cpp
io_->readOrThrow(buf.data(), 4);
temp = buf.read_uint32(0, bigEndian);
const uint64_t temp = buf.read_uint32(0, bigEndian);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does it makes sense to treat the variable temp as uint64_t when we are reading here a uint32_t? Since we are talking about frames in a video, I doubt we will ever need to process such a large video to need uint64_t for the totalFrames :)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did that because of the multiplication two lines later:

exiv2/src/quicktimevideo.cpp

Line 1106 in cf15cc5

timeOfFrames += temp * buf.read_uint32(0, bigEndian);

If temp is a uint64_t then the multiplication can't overflow. (Probably not a big deal if it does overflow, but I figure we might as well avoid it.)

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to use here some of the SafeXXX operations then to throw in case of overflow?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately, we don't currently have a Safe::multiply. But I think it makes sense to replace this += with a Safe::add, which will make this code safe. I'll add a follow-up commit.

@codecov
Copy link

codecov bot commented Nov 20, 2022
edited
Loading

Codecov Report

Merging #2424 (9d044d3) into main (861625c) will increase coverage by 0.00%.
The diff coverage is 85.71%.

@@           Coverage Diff           @@
##             main    #2424   +/-   ##
=======================================
  Coverage   64.54%   64.54%           
=======================================
  Files         119      119           
  Lines       21112    21114    +2     
  Branches    10420    10421    +1     
=======================================
+ Hits        13626    13629    +3     
  Misses       5324     5324           
+ Partials     2162     2161    -1
Impacted Files Coverage Δ
src/quicktimevideo.cpp 59.08% <85.71%> (+0.21%) ⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

@hassec
Copy link
Member

hassec commented Nov 20, 2022

@kevinbackhouse looks like conan-io/conan-center-index#14259 caused the conan problem here.

removing:

exiv2/conanfile.py

Lines 36 to 37 in cf15cc5

if self.settings.build_type == "Debug":
self.options['gtest'].debug_postfix = ''

should do the trick

@piponazo
Copy link
Collaborator

@kevinbackhouse looks like conan-io/conan-center-index#14259 caused the conan problem here.

removing:

exiv2/conanfile.py

Lines 36 to 37 in cf15cc5

if self.settings.build_type == "Debug":
self.options['gtest'].debug_postfix = ''

should do the trick

😱 ! I'll take a look to this issue

@mergify mergify bot dismissed piponazo’s stale review November 21, 2022 10:51

Pull request has been modified.

piponazo
piponazo previously approved these changes Nov 21, 2022
View reviewed changes
@piponazo piponazo mentioned this pull request Nov 21, 2022
Merged
@piponazo
Copy link
Collaborator

When you rebase this branch on top of master, the failing CI jobs should turn green (Except for the cygwin one 🙈 )

@mergify mergify bot dismissed piponazo’s stale review November 23, 2022 12:38

Pull request has been modified.

@kevinbackhouse
Copy link
Collaborator Author

Is this one ok to merge?

@hassec hassec removed their request for review November 27, 2022 13:31
@kevinbackhouse kevinbackhouse merged commit dcc203b into Exiv2:main Nov 27, 2022
@kevinbackhouse kevinbackhouse deleted the fix-issue-2423 branch November 27, 2022 13:52
@nehaljwani nehaljwani mentioned this pull request Apr 30, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hassec hassec hassec approved these changes

@piponazo piponazo piponazo left review comments

Assignees
No one assigned
Labels
bug OSS-Fuzz Bug reported by https://google.github.io/oss-fuzz/
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Long-running loop in QuickTimeVideo::sampleDesc
3 participants
@kevinbackhouse @hassec @piponazo