fix: underflow due to sub_segment data (#63)

Author: blahspam

.golangci.yaml

@@ -6,6 +6,9 @@ run:
 linters-settings:
   errcheck:
     check-type-assertions: true
+  gosec:
+    excludes:
+      - G115
 
 linters:
   enable:
@@ -17,7 +20,6 @@ linters:
     - errname
     - errorlint
     - exhaustive
-    - exportloopref
     - gci
     - gochecknoinits
     - gocritic

go.mod

@@ -8,15 +8,15 @@ require (
 	github.com/bamiaux/iobit v0.0.0-20170418073505-498159a04883
 	github.com/spf13/cobra v1.8.1
 	github.com/stretchr/testify v1.9.0
-	golang.org/x/text v0.16.0
+	golang.org/x/text v0.22.0
 )
 
 require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/kr/pretty v0.1.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/spf13/pflag v1.0.6 // indirect
 	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -15,12 +15,13 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
 github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
-github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
+github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
 github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
-golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

pkg/scte35/scte35_test.go

@@ -53,7 +53,7 @@ func TestDecodeBase64(t *testing.T) {
 				EncryptedPacket: scte35.EncryptedPacket{EncryptionAlgorithm: scte35.EncryptionAlgorithmNone, CWIndex: 255},
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(0x072bd0050),
+						PTSTime: ptr(uint64(0x072bd0050)),
 					},
 				},
 				SpliceDescriptors: []scte35.SpliceDescriptor{
@@ -65,7 +65,7 @@ func TestDecodeBase64(t *testing.T) {
 						},
 						SegmentationEventID:  uint32(0x4800008e),
 						SegmentationTypeID:   scte35.SegmentationTypeProviderPOStart,
-						SegmentationDuration: uint64ptr(0x0001a599b0),
+						SegmentationDuration: ptr(uint64(0x0001a599b0)),
 						SegmentationUPIDs: []scte35.SegmentationUPID{
 							scte35.NewSegmentationUPID(scte35.SegmentationUPIDTypeTI, toBytes(0x000000002ca0a18a)),
 						},
@@ -89,7 +89,7 @@ func TestDecodeBase64(t *testing.T) {
 					OutOfNetworkIndicator: true,
 					Program: &scte35.SpliceInsertProgram{
 						SpliceTime: scte35.SpliceTime{
-							PTSTime: uint64ptr(0x07369c02e),
+							PTSTime: ptr(uint64(0x07369c02e)),
 						},
 					},
 				},
@@ -108,7 +108,7 @@ func TestDecodeBase64(t *testing.T) {
 				EncryptedPacket: scte35.EncryptedPacket{EncryptionAlgorithm: scte35.EncryptionAlgorithmNone, CWIndex: 255},
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(0x0746290a0),
+						PTSTime: ptr(uint64(0x0746290a0)),
 					},
 				},
 				SpliceDescriptors: []scte35.SpliceDescriptor{
@@ -137,7 +137,7 @@ func TestDecodeBase64(t *testing.T) {
 				EncryptedPacket: scte35.EncryptedPacket{EncryptionAlgorithm: scte35.EncryptionAlgorithmNone, CWIndex: 255},
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(0x07a4d88b6),
+						PTSTime: ptr(uint64(0x07a4d88b6)),
 					},
 				},
 				SpliceDescriptors: []scte35.SpliceDescriptor{
@@ -178,7 +178,7 @@ func TestDecodeBase64(t *testing.T) {
 				EncryptedPacket: scte35.EncryptedPacket{EncryptionAlgorithm: scte35.EncryptionAlgorithmNone, CWIndex: 255},
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(0x0aebfff64),
+						PTSTime: ptr(uint64(0x0aebfff64)),
 					},
 				},
 				SpliceDescriptors: []scte35.SpliceDescriptor{
@@ -206,7 +206,7 @@ func TestDecodeBase64(t *testing.T) {
 				EncryptedPacket: scte35.EncryptedPacket{EncryptionAlgorithm: scte35.EncryptionAlgorithmNone, CWIndex: 255},
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(0x0932e380b),
+						PTSTime: ptr(uint64(0x0932e380b)),
 					},
 				},
 				SpliceDescriptors: []scte35.SpliceDescriptor{
@@ -247,7 +247,7 @@ func TestDecodeBase64(t *testing.T) {
 				EncryptedPacket: scte35.EncryptedPacket{EncryptionAlgorithm: scte35.EncryptionAlgorithmNone, CWIndex: 255},
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(0x0aef17c4c),
+						PTSTime: ptr(uint64(0x0aef17c4c)),
 					},
 				},
 				SpliceDescriptors: []scte35.SpliceDescriptor{
@@ -275,7 +275,7 @@ func TestDecodeBase64(t *testing.T) {
 				EncryptedPacket: scte35.EncryptedPacket{EncryptionAlgorithm: scte35.EncryptionAlgorithmNone, CWIndex: 255},
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(0x0a8cd44ed),
+						PTSTime: ptr(uint64(0x0a8cd44ed)),
 					},
 				},
 				SpliceDescriptors: []scte35.SpliceDescriptor{
@@ -460,11 +460,11 @@ func TestDecodeBase64(t *testing.T) {
 							{
 								Type:             scte35.SegmentationUPIDTypeMPU,
 								Format:           scte35.SegmentationUPIDFormatBase64,
-								FormatIdentifier: uint32ptr(1145656131),
+								FormatIdentifier: ptr(uint32(1145656131)),
 								Value:            "WU1XRjA0NTIwMDBI",
 							},
 						},
-						SegmentationDuration: uint64ptr(10800000),
+						SegmentationDuration: ptr(uint64(10800000)),
 						SegmentationEventID:  39965,
 						SegmentationTypeID:   scte35.SegmentationTypeProviderAdEnd,
 						SegmentNum:           1,
@@ -497,7 +497,7 @@ func TestDecodeBase64(t *testing.T) {
 								Value:  "urn:nbcuni.com:brc:499866434",
 							},
 						},
-						SegmentationDuration: uint64ptr(1347087),
+						SegmentationDuration: ptr(uint64(1347087)),
 						SegmentationEventID:  4294967295,
 						SegmentationTypeID:   scte35.SegmentationTypeProviderAdEnd,
 						SegmentNum:           10,
@@ -534,12 +534,47 @@ func TestDecodeBase64(t *testing.T) {
 			},
 			legacy: true, // binary wont match because of stuffing
 		},
+		"Unused Subsegments Included": {
+			binary: "/DCRAAAAAAAAAP/wBQb/9peOEAB7AjhDVUVJAAAAnH+/DilhdmFpbGlkPTkxNDg2NjA2NSZiaXRtYXA9JmluYWN0aXZpdHk9MzEyMDEHCgI/Q1VFSQAAAJ1//wAANu6ADilhdmFpbGlkPTkxMDkwMTM4OSZiaXRtYXA9JmluYWN0aXZpdHk9MzEyMDAICgAAoJMeaA==",
+			expected: scte35.SpliceInfoSection{
+				SAPType: scte35.SAPTypeNotSpecified,
+				Tier:    4095,
+				SpliceCommand: &scte35.TimeSignal{
+					SpliceTime: scte35.SpliceTime{
+						PTSTime: ptr(uint64(8432094736)),
+					},
+				},
+				SpliceDescriptors: scte35.SpliceDescriptors{
+					&scte35.SegmentationDescriptor{
+						SegmentationEventID: uint32(156),
+						SegmentationTypeID:  scte35.SegmentationTypeProviderAdEnd,
+						SegmentNum:          7,
+						SegmentsExpected:    10,
+						SegmentationUPIDs: []scte35.SegmentationUPID{
+							{Type: scte35.SegmentationUPIDTypeADS, Format: scte35.SegmentationUPIDFormatText, Value: "availid=914866065\u0026bitmap=\u0026inactivity=3120"},
+						},
+					},
+					&scte35.SegmentationDescriptor{
+						SegmentationEventID:  uint32(157),
+						SegmentationTypeID:   scte35.SegmentationTypeProviderAdStart,
+						SegmentationDuration: ptr(uint64(3600000)),
+						SegmentNum:           8,
+						SegmentsExpected:     10,
+						SubSegmentNum:        ptr(uint32(0)),
+						SubSegmentsExpected:  ptr(uint32(0)),
+						SegmentationUPIDs: []scte35.SegmentationUPID{
+							{Type: scte35.SegmentationUPIDTypeADS, Format: scte35.SegmentationUPIDFormatText, Value: "availid=910901389\u0026bitmap=\u0026inactivity=3120"},
+						},
+					},
+				},
+			},
+		},
 		"UPID with Valid ASCII Invalid UTF8": {
 			binary: "/DDHAAAAABc0AP/wBQb/tVo+agCxAhdDVUVJQA4hwH+fCAgAAAAAPj6IcCMAAAIXQ1VFSUAOI1x/nwgIAAAAAD4+iHARAAACF0NVRUlADiHgf58ICAAAAAA+Poi2EAAAAhxDVUVJQA4hyn/fAABSlKwICAAAAAA+Poi2IgAAAkZDVUVJQA4h1n/PAABSlKwNMgoMFHf5uXs0AAAAAAAADhh0eXBlPUxBJmR1cj02MDAwMCZ0aWVy/DDHAAAAAAAAAP8ABQb/HPCt2w==",
 			expected: scte35.SpliceInfoSection{
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(7337557610),
+						PTSTime: ptr(uint64(7337557610)),
 					},
 				},
 				SpliceDescriptors: scte35.SpliceDescriptors{
@@ -584,7 +619,7 @@ func TestDecodeBase64(t *testing.T) {
 					},
 					&scte35.SegmentationDescriptor{
 						SegmentationEventID:  uint32(1074667978),
-						SegmentationDuration: uint64ptr(5412012),
+						SegmentationDuration: ptr(uint64(5412012)),
 						SegmentationTypeID:   scte35.SegmentationTypeBreakStart,
 						DeliveryRestrictions: &scte35.DeliveryRestrictions{
 							ArchiveAllowedFlag:     true,
@@ -599,7 +634,7 @@ func TestDecodeBase64(t *testing.T) {
 					&scte35.SegmentationDescriptor{
 						SegmentationEventID:  uint32(1074667990),
 						SegmentationTypeID:   0x05,
-						SegmentationDuration: uint64ptr(5412012),
+						SegmentationDuration: ptr(uint64(5412012)),
 						SegmentNum:           6,
 						SegmentsExpected:     255,
 						DeliveryRestrictions: &scte35.DeliveryRestrictions{
@@ -678,7 +713,7 @@ func TestDecodeHex(t *testing.T) {
 				EncryptedPacket: scte35.EncryptedPacket{EncryptionAlgorithm: scte35.EncryptionAlgorithmNone, CWIndex: 255},
 				SpliceCommand: &scte35.TimeSignal{
 					SpliceTime: scte35.SpliceTime{
-						PTSTime: uint64ptr(0x072bd0050),
+						PTSTime: ptr(uint64(0x072bd0050)),
 					},
 				},
 				SpliceDescriptors: []scte35.SpliceDescriptor{
@@ -690,7 +725,7 @@ func TestDecodeHex(t *testing.T) {
 						},
 						SegmentationEventID:  uint32(0x4800008e),
 						SegmentationTypeID:   scte35.SegmentationTypeProviderPOStart,
-						SegmentationDuration: uint64ptr(0x0001a599b0),
+						SegmentationDuration: ptr(uint64(0x0001a599b0)),
 						SegmentationUPIDs: []scte35.SegmentationUPID{
 							scte35.NewSegmentationUPID(scte35.SegmentationUPIDTypeTI, toBytes(0x000000002ca0a18a)),
 						},
@@ -714,7 +749,7 @@ func TestDecodeHex(t *testing.T) {
 					OutOfNetworkIndicator: true,
 					Program: &scte35.SpliceInsertProgram{
 						SpliceTime: scte35.SpliceTime{
-							PTSTime: uint64ptr(0x07369c02e),
+							PTSTime: ptr(uint64(0x07369c02e)),
 						},
 					},
 				},
@@ -803,10 +838,6 @@ func toXML(sis *scte35.SpliceInfoSection) string {
 	return string(b)
 }
 
-func uint32ptr(i uint32) *uint32 {
-	return &i
-}
-
-func uint64ptr(i uint64) *uint64 {
+func ptr[T any](i T) *T {
 	return &i
 }

pkg/scte35/segmentation_descriptor.go

@@ -326,8 +326,6 @@ func (sd *SegmentationDescriptor) SegmentationUpidLength() int {
 
 // decode updates this splice_descriptor from binary.
 func (sd *SegmentationDescriptor) decode(b []byte) error {
-	var err error
-
 	r := iobit.NewReader(b)
 	r.Skip(8)  // splice_descriptor_tag
 	r.Skip(8)  // descriptor_length
@@ -399,21 +397,15 @@ func (sd *SegmentationDescriptor) decode(b []byte) error {
 		sd.SegmentNum = r.Uint32(8)
 		sd.SegmentsExpected = r.Uint32(8)
 
-		// these fields are new in 2016 so we need a secondary check whether
-		// they were actually included in the binary payload
-		if sd.SegmentationTypeID == SegmentationTypeProviderPOStart || sd.SegmentationTypeID == SegmentationTypeDistributorPOStart {
-			if r.LeftBits() == 16 {
-				n := r.Uint32(8)
-				e := r.Uint32(8)
-				sd.SubSegmentNum = &n
-				sd.SubSegmentsExpected = &e
-			}
+		// If exactly 2 bytes remain, these are subsegment indicators.
+		if r.LeftBits() == 16 {
+			n := r.Uint32(8)
+			e := r.Uint32(8)
+			sd.SubSegmentNum = &n
+			sd.SubSegmentsExpected = &e
 		}
 	}
 
-	if err != nil {
-		return err
-	}
 	if err := readerError(r); err != nil {
 		return fmt.Errorf("segmentation_descriptor: %w", err)
 	}

pkg/scte35/splice_descriptor.go

@@ -155,10 +155,11 @@ func (sds *SpliceDescriptors) UnmarshalXML(d *xml.Decoder, start xml.StartElemen
 func decodeSpliceDescriptors(b []byte) ([]SpliceDescriptor, error) {
 	r := iobit.NewReader(b)
 
+	var err error
 	var sds []SpliceDescriptor
 	for r.LeftBits() > 0 {
 		// Peek to get splice_descriptor_tag, descriptor_length, and
-		// identifier
+		// identifier.
 		sdr := r.Peek()
 		spliceDescriptorTag := sdr.Uint32(8)
 		descriptorLength := int(sdr.Uint32(8))
@@ -167,12 +168,12 @@ func decodeSpliceDescriptors(b []byte) ([]SpliceDescriptor, error) {
 		// Decode the full splice_descriptor (including splice_descriptor_tag
 		// and descriptor_length).
 		sd := NewSpliceDescriptor(identifier, spliceDescriptorTag)
-		err := sd.decode(r.Bytes(descriptorLength + 2))
-		if err != nil {
-			return sds, err
+		if derr := sd.decode(r.Bytes(descriptorLength + 2)); derr != nil {
+			// Store the error but continue decoding the rest of the signal.
+			err = derr
 		}
 		sds = append(sds, sd)
 	}
 
-	return sds, nil
+	return sds, err
 }