From patchwork Thu Oct 17 08:29:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 15799 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 580E3449FA2 for ; Thu, 17 Oct 2019 11:30:49 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3668468A745; Thu, 17 Oct 2019 11:30:49 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f67.google.com (mail-wr1-f67.google.com [209.85.221.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2F5FA68A682 for ; Thu, 17 Oct 2019 11:30:41 +0300 (EEST) Received: by mail-wr1-f67.google.com with SMTP id r5so1254739wrm.12 for ; Thu, 17 Oct 2019 01:30:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=auxjaeTdAa+0iWMzvoFMfIItPDuzy2lnvs3vNKrpIh0=; b=IN1WNOXBzxkovN1yuFbCPnLHRgp0yRBDFf0tmoh56qEjz6OpIRQg8UADYnBpjcaUNT k/r0YRWAJtJIVBxPA0GQKF6W+g9ZccCADHtzTVVCQm0GIebwVyrkHb2WDHKqwrew8b9m pR+xCCEKkzhoeAsbMcHHNzzuue1RUJD3uotAFvK31NQ5p9CGwSEUglxUgov37dHM3Jyw yCs46GRduT7Dhcr9ZhQZy0PAUmWKBcWXooU3LX1DFmt00H39rXeEv8hRiVvefUzGpmTm G1XjNADhclTXFy3iNZSwJH5BHkXsNobVJ+dfJaILjdDOT0ye1XZpPSYFMGBUH7ZjKZaa GWzA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=auxjaeTdAa+0iWMzvoFMfIItPDuzy2lnvs3vNKrpIh0=; b=Vz0GrDX/FKedZrjXoi0gFIp0neB6XYniH4tpC3dSrvEw9vVhJBR2QPWvVdljkeLej0 pumBnq530SOvWz2mclxGIb/sTtduLNS1d7C/qNf/+nN7ad6/QOFwh4OwjdGo6cdPMlBi SI4Rs/X1ne07nqH4mdvzNo1B1Bz0Ct1yvp7v7Xsgaevku78CVR8xDWRtuFiWVXNS+Pfo bfBAF9WxP026DHzL+G4J/I4joMqcExOm0v6BQ4OEyoysf8WSXSTYNvDh0P23mB2KePkK yr1vxcDVTfcGF+WAwDun8AGxeTFm972DRJ/DuYnBOWgC9SuBpgF3ftNXeyWNPjrkXjny qjDw== X-Gm-Message-State: APjAAAUiD0VET1EURYVqpfKr9xQR9Ixp+gGYCMHc0qJLAVgfytDphlI2 ZkZINm2US/hsKRG6t50YnFtzkfkI X-Google-Smtp-Source: APXvYqwP9OjopIjGXd6nmSyMHYuuF4cb4lurNOfO7pM3kwJjCPkV6CI3xZA7UQjFGMIP1bIaZVUalA== X-Received: by 2002:a5d:43c3:: with SMTP id v3mr862281wrr.41.1571301040485; Thu, 17 Oct 2019 01:30:40 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc08937.dynamic.kabel-deutschland.de. [188.192.137.55]) by smtp.gmail.com with ESMTPSA id l7sm1369273wrv.77.2019.10.17.01.30.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 17 Oct 2019 01:30:40 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 17 Oct 2019 10:29:35 +0200 Message-Id: <20191017082945.13534-5-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191017082945.13534-1-andreas.rheinhardt@gmail.com> References: <20191017082945.13534-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 05/15] h264_mp4toannexb: Add a comment about possible overread X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Before reading a 16bit size field during parsing of extradata, no check is performed to make sure that said length field is actually contained in the extradata. Given that this overread is not dangerous (the extradata is supposed to be padded), only a comment for it has been added; the error itself will be detected as part of the normal check for overreads. Signed-off-by: Andreas Rheinhardt --- libavcodec/h264_mp4toannexb_bsf.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index 4390bc3dc5..629f63a751 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -98,6 +98,7 @@ static int h264_extradata_to_annexb(AVBSFContext *ctx, const int padding) while (unit_nb--) { int err; + /* possible overread ok due to padding */ unit_size = bytestream2_get_be16u(gb); total_size += unit_size + 4; av_assert1(total_size <= INT_MAX - padding);