From patchwork Mon May 8 04:36:23 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rodger Combs X-Patchwork-Id: 3608 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.3.129 with SMTP id 123csp684075vsd; Sun, 7 May 2017 21:42:05 -0700 (PDT) X-Received: by 10.223.128.80 with SMTP id 74mr33707432wrk.30.1494218525709; Sun, 07 May 2017 21:42:05 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id i198si9866247wmg.103.2017.05.07.21.42.05; Sun, 07 May 2017 21:42:05 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E6F20688287; Mon, 8 May 2017 07:41:56 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qk0-f196.google.com (mail-qk0-f196.google.com [209.85.220.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 83269688287 for ; Mon, 8 May 2017 07:41:50 +0300 (EEST) Received: by mail-qk0-f196.google.com with SMTP id k74so8633259qke.2 for ; Sun, 07 May 2017 21:41:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=C7mKbue0v6ssEMGhasb0w+Gqn97zig8IO7Cq0HuOySI=; b=Qt9HsLDnoxywP1Q04CsbHc1l/zIgWo/2XNc72VQJEx4J86sFRyOBqvbBIBUqnaoXeg /mZFUwm80wy3TyAZDtX1ImMUYS8mGzpLs/J+y5Qxe2dSwxuUA6GLPiaIWNlHR+l5EpIN cUck+ZAjsb9mzBnKGiVZ+YGoYMg8fEUYPBR9aN3fKeAx28Js/XP3bJ5nrbRN6pUpRL8D LmCIpyXUhVXXw50khP/Bl5kjyNr7R7/P2t572aBKq0aCj5KcwlwKWnUywwgkYMvrqyyq jhpq/ieXFHL1bXegT32tUcwFqJosNZWL/TBn6XFGGdeayy2QqpcTeOvUv35bo3UnWhb0 aojg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=C7mKbue0v6ssEMGhasb0w+Gqn97zig8IO7Cq0HuOySI=; b=CUPIsMLjBEBf8mlvKLyHvoxqf2ymaEWUZMzD+WqtRS6iQXH7Xp1AKdih5P3QQEWvgZ OWJzOWi6ab+qNa4weEzghkyjaMzdD3GZTjVXuJ+C3ChWgdNtvC8Lg+MtpaozvR4BfFeS 3AkRbSyh6XGIZJe7WRPmOUs1G5DOewIdsg0jYosP9OViLC0mMzTrBd/j6ktVZPrZviDF R32sH2im+VGGSyOEogvCTg58nRG860Q4eX21NGNN77wK3xfD+klgjqugsXKg1CiFhUsD yGXHxwcuuHLdctxvKs3L3wGyjDM+2NwzxWTw6HQgjJVDhtnh3Sdt5zdU9vPcpAcNuIqz LTyg== X-Gm-Message-State: AN3rC/4hKfw1qrNpfMyQW4+BifHtnkvFgOa4GeVYxZ6MY/1glnfdL35s otvX+LhhWHSbMOGUWb0= X-Received: by 10.55.52.79 with SMTP id b76mr25411655qka.140.1494218191422; Sun, 07 May 2017 21:36:31 -0700 (PDT) Received: from rcombs-NAS.hsd1.il.comcast.net. (c-73-110-121-59.hsd1.il.comcast.net. [73.110.121.59]) by smtp.gmail.com with ESMTPSA id 88sm10056162qkx.68.2017.05.07.21.36.30 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 07 May 2017 21:36:31 -0700 (PDT) From: Rodger Combs To: ffmpeg-devel@ffmpeg.org Date: Sun, 7 May 2017 23:36:23 -0500 Message-Id: <1494218184-17850-6-git-send-email-rodger.combs@gmail.com> X-Mailer: git-send-email 2.6.4 In-Reply-To: <1494218184-17850-1-git-send-email-rodger.combs@gmail.com> References: <1494218184-17850-1-git-send-email-rodger.combs@gmail.com> Subject: [FFmpeg-devel] [PATCH 6/7] lavf/flacenc: avoid buffer overread with unexpected extradata sizes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" --- libavformat/flacenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flacenc.c b/libavformat/flacenc.c index 9bb4947..b8800cc 100644 --- a/libavformat/flacenc.c +++ b/libavformat/flacenc.c @@ -315,7 +315,7 @@ static int flac_write_trailer(struct AVFormatContext *s) if (!c->write_header || !streaminfo) return 0; - if (pb->seekable & AVIO_SEEKABLE_NORMAL) { + if (pb->seekable & AVIO_SEEKABLE_NORMAL && (c->streaminfo || s->streams[0]->codecpar->extradata_size == FLAC_STREAMINFO_SIZE)) { /* rewrite the STREAMINFO header block data */ file_size = avio_tell(pb); avio_seek(pb, 8, SEEK_SET);