Opened 3 years ago

Last modified 2 years ago

#8385 open defect

libavformat/aviobuf: A part of conditional expression is always true: whence != 2

Reported by: Balling Owned by:
Priority: normal Component: avformat
Version: git-master Keywords:
Cc: Blocked By:
Blocking: Reproduced by developer: no
Analyzed by developer: no

Description

If you look here https://github.com/FFmpeg/FFmpeg/blob/b741a84a15aed8afa01800dbc4b8b0e344e5d2da/libavformat/aviobuf.c#L297 you will see that on line 265 we would have already returned if whence were SEEK_END (2). It is not changed in between.

This change was done in commit: https://github.com/FFmpeg/FFmpeg/commit/7a6fe01f99cb95797ba59134f44b6666b1a5e792

whence != SEEK_END is always true, so short circuiting and force will not be checked.
Also see #8156 https://trac.ffmpeg.org/attachment/ticket/8156/project2019.tasks

Dunno how to fix it.

The code is like this ():

    if (whence != SEEK_CUR && whence != SEEK_SET)
        return AVERROR(EINVAL);

    if (whence == SEEK_CUR) {
        offset1 = pos + (s->buf_ptr - s->buffer);
        if (offset == 0)
            return offset1;
        if (offset > INT64_MAX - offset1)
            return AVERROR(EINVAL);
        offset += offset1;
    }
    if (offset < 0)
        return AVERROR(EINVAL);

    if (s->short_seek_get) {
        short_seek = s->short_seek_get(s->opaque);
        /* fallback to default short seek */
        if (short_seek <= 0)
            short_seek = s->short_seek_threshold;
    } else
        short_seek = s->short_seek_threshold;

    offset1 = offset - pos; // "offset1" is the relative offset from the beginning of s->buffer
    s->buf_ptr_max = FFMAX(s->buf_ptr_max, s->buf_ptr);
    if ((!s->direct || !s->seek) &&
        offset1 >= 0 && offset1 <= (s->write_flag ? s->buf_ptr_max - s->buffer : buffer_size)) {
        /* can do the seek inside the buffer */
        s->buf_ptr = s->buffer + offset1;
    } else if ((!(s->seekable & AVIO_SEEKABLE_NORMAL) ||
               offset1 <= buffer_size + short_seek) &&
               !s->write_flag && offset1 >= 0 &&
               (!s->direct || !s->seek) &&
              (whence != SEEK_END || force)) {

Change History (1)

comment:1 by Balling, 2 years ago

Status: newopen

Maybe you will fix this?))

Note: See TracTickets for help on using tickets.