* Fix several overflows in box and track processing
* Use size_of::<Type>() instead of magic numbers
* Fix a panic in Mp4Track::read_sample() for one-past-the-end
This appears to be a bug unmasked by other changes. read_sample() calls
sample_offset() then sample_size(), and assumes that if the former returns Ok
then the latter does as well. However, if the sample_id is one past the end,
sample_offset() might succeed (it only checks samples _up to_ the given
sample_id but not _including_ it) while sample_size() fails (because the sample
doesn't exist). read_sample() will then panic.
Fix this by duplicating the error propagation (that is currently done for
sample_offset) for sample_size, instead of unwrapping. This is a cautious
change that fixes the bug; alternatively, having sample_offset() call
sample_size() on the given sample_id and propagate any error might also work.
* Account for header size in box processing overflow fixes
* Ensure that boxes aren't bigger than their containers
Together with the entry_count checks, this eliminates several OOMs when reading
incorrect mp4 files.
* Fix order of arithmetic operations
This was due to an incorrect transcription when switching to checked
arithmetic, and fixes a bug that could cause attempted lookups of the wrong
chunk_id.
* fix clippy::unused_io_amount
See related clippy documentation,
but in short some partial reads can occur
in particular with io on the networl.
read_exact/write_all transparently handle such errors.
The fix actually revealed a bug
in 'mp4a' atom parsing, but this is a dangerous change:
Parsing bugs that were transparently ignored
are now failing with error (unattended io eof).
* fix trivial clippy errors
* fix clippy error with always 0 value
* run ci/cd with clippy and latest rust version
Initial effort to reduce or eliminate the use of assertions in the
production code (i.e. not test code). See issue 43 for an example of how
this can cause an application (thread) to panic when reading an unusual
file. Not all of the changes were as simple as returning an Err, since some
functions did not return a Result. Also, the error type used (InvalidData)
is just a catch-all with a message, and in some cases a more refined error
type may be in order.
cargo test passes
