| Message ID | 20200325104548.28367-1-lance.lmwang@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [FFmpeg-devel,v1,1/2] avfilter/vf_showinfo: check if the s12m data size is valid | expand |
| Context | Check | Description |
|---|---|---|
| andriy/ffmpeg-patchwork | success | Make fate finished |
On Wed, Mar 25, 2020 at 06:45:47PM +0800, lance.lmwang@gmail.com wrote: > From: Limin Wang <lance.lmwang@gmail.com> > > Signed-off-by: Limin Wang <lance.lmwang@gmail.com> > --- > libavfilter/vf_showinfo.c | 4 ++++ > 1 file changed, 4 insertions(+) will apply thx [...]
On Fri, Mar 27, 2020 at 01:42:02AM +0100, Michael Niedermayer wrote: > On Wed, Mar 25, 2020 at 06:45:47PM +0800, lance.lmwang@gmail.com wrote: > > From: Limin Wang <lance.lmwang@gmail.com> > > > > Signed-off-by: Limin Wang <lance.lmwang@gmail.com> > > --- > > libavfilter/vf_showinfo.c | 4 ++++ > > 1 file changed, 4 insertions(+) > > will apply Thanks, please help to review patchset#2, it'll check the valid of tc[0] to avoid buffer overflow access. > > thx > > [...] > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > In a rich man's house there is no place to spit but his face. > -- Diogenes of Sinope > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
diff --git a/libavfilter/vf_showinfo.c b/libavfilter/vf_showinfo.c index 79b79db2d3..71534d1fa8 100644 --- a/libavfilter/vf_showinfo.c +++ b/libavfilter/vf_showinfo.c @@ -318,6 +318,10 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *frame) break; case AV_FRAME_DATA_S12M_TIMECODE: { uint32_t *tc = (uint32_t*)sd->data; + if (sd->size != 16) { + av_log(ctx, AV_LOG_ERROR, "invalid data"); + break; + } for (int j = 1; j <= tc[0]; j++) { char tcbuf[AV_TIMECODE_STR_SIZE]; av_timecode_make_smpte_tc_string(tcbuf, tc[j], 0);