From patchwork Tue Aug 1 06:33:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Rodger Combs X-Patchwork-Id: 4558 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.1.85 with SMTP id 82csp3299931vsb; Mon, 31 Jul 2017 23:39:44 -0700 (PDT) X-Received: by 10.28.132.13 with SMTP id g13mr534026wmd.58.1501569584758; Mon, 31 Jul 2017 23:39:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501569584; cv=none; d=google.com; s=arc-20160816; b=rbtYpt70zCEmTdFXEywBchL/aTMTE89eOh4n0okeLLTiM5SAxS04m7s1g4DEUooNYa 9+7fu895tQYEfDQXBrC1v6uyq79g7IcF+NFe/JXz7PXzr+OxGik3OJfoicC0TcZfjP3e 3a9RXcIurB1rdyVmzSe04SOTsJ/QDAZfpj84lAaq6Ks16vFmtEun7Ty87q6u7QE4Sbvi KA6fmkt8Fm0Q/dKgog5WSS3lSRX5Z+kr/hGwQh3qJKPhZ+shw+zCt99WaPZUgCrInYBi fJC0C+USNsAACQYfoy1JQextzDMSRazqradV8/2glhlfzMC/RrSzhAxhVRLmmjq0gOvR 7Hmg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:dkim-signature:delivered-to:arc-authentication-results; bh=MJxolCiaQ75VmmOz5TGJljJUz08Vg9E1BgmyDLXwJ3g=; b=vClCGW0iXGPWpqfGFGdXTLg1oUT542mzPct47+tZixONSTgj3e49VVmdhMeKyT8Ff7 CuSUe4GP00701CQCQAha+0dlE8cQmMaEv7iMzHQh2vvRS6Sy4BhpFydSd68Wy6syeh7r UenQ6Fzypx54Sst1gVyMxBpUpApsZugAn/o3SLXLnlBXdmvYyf0ea+yCtWdy31HoXEto CJElvANGgj+p2tw0XStCERBCXiENpJQViCiV1ZljdQ5GsrD+plsMJczlaMc5GMHXkTyZ W8j2p3oJd3Onu8HG689y0P8LSR06p4gnBfmNpJxm5DNeMGy8DISgWIbA+oDXTrzfL/UK F1xQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.b=em7E+Jyj; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id g85si595854wmc.20.2017.07.31.23.39.44; Mon, 31 Jul 2017 23:39:44 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.b=em7E+Jyj; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F2B6D68A2D9; Tue, 1 Aug 2017 09:39:38 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-it0-f53.google.com (mail-it0-f53.google.com [209.85.214.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 76EE268A2C7 for ; Tue, 1 Aug 2017 09:39:32 +0300 (EEST) Received: by mail-it0-f53.google.com with SMTP id v127so18131565itd.0 for ; Mon, 31 Jul 2017 23:39:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:in-reply-to:references; bh=4Kb5f4M7Z6dBAUXt6/9rc6lQnTaNGBW5ic8YqNABSEo=; b=em7E+Jyjuhek0newaZkR84YCwR4bifqf3Ugu+RgxgincuEynHZv3FG0DqSBxXW+3o7 DfAhspk4+WMuxGRWODpCYE6dcGQHk/kSTPdS5VZo4TQ9Vw2V99fx/idkhssZPStcrNJL ZmdAtsspOC5j3W3wZjSht00aC1/NqXCZ/VMoqoE/aSgaCUgcBtjEFXTXoNrcP2rGmaNO AcnK2oZMH/i2zdPmycJ4K1yh0tCJ1eqPeThB8NQ97pqrr9tlHC2+iaedDQ2gzkgRapuU H31jzC6p74DnklS0eeODrH44iy+WwqIn3DZllPlb2mX7oNy/6M1Uzy/CrrQWYqzqiCEI 9N9A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references; bh=4Kb5f4M7Z6dBAUXt6/9rc6lQnTaNGBW5ic8YqNABSEo=; b=kZA9mOuGNcn3tPVX0POB6dDbzf61JE3qWUJsJ8tl7v4Io/C3lbtpE95OVjKzvv/wUv bF9AlauE6ScNeUInwO546cKFj+kvlrq+dhQXKrHP+7M5XwX+x+6zQykxi9wtBwvZz6aK uM7XBsK6B5Hjs0JMq9uUbk+BVV/VlIEbOvRXB/jWCoRkKoYNP4ziF3C2VpR5LIzXnhZm zcAWoqtv7LuefoJUTg3ZF4YKqLMY1PH/0WxrWT35xLv0IpNASTteIA022b2ZmxuaCrPV aFnjEJDc+wLbq8WNS5ba6hJR41wCMfFwMEpcx4nFoSN8xIPJs/Lo+4ES86yFDeUHwUiP N7gA== X-Gm-Message-State: AIVw113jnpjpVKLWidsBA749FR4ncSdrAabLFitN6dltZtQebsFgUZeg 5OHCgCVBjMGAAxzKbJ4= X-Received: by 10.36.13.11 with SMTP id 11mr615526itx.93.1501569243424; Mon, 31 Jul 2017 23:34:03 -0700 (PDT) Received: from rcombs-NAS.hsd1.il.comcast.net. (c-73-110-121-59.hsd1.il.comcast.net. [73.110.121.59]) by smtp.gmail.com with ESMTPSA id 186sm13887294iow.44.2017.07.31.23.34.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 31 Jul 2017 23:34:02 -0700 (PDT) From: Rodger Combs To: ffmpeg-devel@ffmpeg.org Date: Tue, 1 Aug 2017 01:33:53 -0500 Message-Id: <1501569234-29896-6-git-send-email-rodger.combs@gmail.com> X-Mailer: git-send-email 2.6.4 In-Reply-To: <1501569234-29896-1-git-send-email-rodger.combs@gmail.com> References: <1501569234-29896-1-git-send-email-rodger.combs@gmail.com> Subject: [FFmpeg-devel] [PATCH 6/7] lavf/flacenc: avoid buffer overread with unexpected extradata sizes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" --- libavformat/flacenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/flacenc.c b/libavformat/flacenc.c index 9768b6a..1906aee 100644 --- a/libavformat/flacenc.c +++ b/libavformat/flacenc.c @@ -322,7 +322,7 @@ static int flac_write_trailer(struct AVFormatContext *s) if (!c->write_header || !streaminfo) return 0; - if (pb->seekable & AVIO_SEEKABLE_NORMAL) { + if (pb->seekable & AVIO_SEEKABLE_NORMAL && (c->streaminfo || s->streams[0]->codecpar->extradata_size == FLAC_STREAMINFO_SIZE)) { /* rewrite the STREAMINFO header block data */ file_size = avio_tell(pb); avio_seek(pb, 8, SEEK_SET);