From patchwork Tue Sep 14 10:50:38 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Lance Wang <lance.lmwang@gmail.com>
X-Patchwork-Id: 30241
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp4866232iov;
        Tue, 14 Sep 2021 03:51:15 -0700 (PDT)
X-Google-Smtp-Source: 
 ABdhPJz4jEpKbjeiTZGeVGJtjr676pAODv8AcSehn/++SADKJx6/ejp5oFfYMmLQihp31mj+YoE4
X-Received: by 2002:a17:906:9b1:: with SMTP id
 q17mr18050769eje.546.1631616674891;
        Tue, 14 Sep 2021 03:51:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1631616674; cv=none;
        d=google.com; s=arc-20160816;
        b=QHvN1I4Ug6pIgS8+um20iAqXwiuc0OI8GMkt1+ksC2DBvMM9QJB/dZBzAsx8m91OB3
         85OJCy/VNDwbAnA2NhLkNDtDXGaAUZ9xrRZTxsqgKMCREWMeliFYL8fw6u6QAKXLbRFM
         nJMZzxIckhandXfKa5kInIjaguAKpQ/Qqba+lHNSzJ0JNmFk6iQ4NeaG25SMNPiyw2T9
         rYmzZRGSpXhMkklefC5MMQVqXT1ulL8tDbB4XQ2t8ttyftuyUkzra32T0gzFYStOFSNw
         gBAuar5AdbSUmwBL3058ZxtFUXTP8FBd/jRgdOjjKmL7tDd0o+2zMQx+hHdq8x3TX5JB
         hOkQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:dkim-signature:delivered-to;
        bh=GH3rZioSbg/q1bbuJNQ7mJy9WVCVDTqB1rdPZ1LhjAs=;
        b=lbVgzB3OcYzSYw6ouac0d5+t2lQoET1oGX6XTkz+Yt+rYH5U+YX/fH6/C3M97+L4Vo
         MXJnD7jQe1BPlENsICW2b/Plo+/zUFnxb9Z+7k9KByKkvEVPOauZ53kQaByOtyRZ5WI1
         8NEozKaqQMdfLmsmC1QyI41/PTKXiBrK/C3Y6+0VgX17o9AHEfuReA3F/IseQT3/67W4
         kJBvnRwLIhJH9KyKw8WMvdt1bULrrzg3zXfJrZ3uq9v4ZaVoH9vdz3CB3ElL9LI4Lh3R
         3dKWXBinpUBS/Mkk1M6E+yuZ+aDU+rX65urfKZlUa6159mEOEQZT09UaJUugd52C/3ST
         iXng==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=U+t6Xawj;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 k13si10970065ejp.411.2021.09.14.03.51.14;
        Tue, 14 Sep 2021 03:51:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20210112 header.b=U+t6Xawj;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5322A68AF35;
	Tue, 14 Sep 2021 13:50:54 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com
 [209.85.210.173])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5452268AF0C
 for <ffmpeg-devel@ffmpeg.org>; Tue, 14 Sep 2021 13:50:47 +0300 (EEST)
Received: by mail-pf1-f173.google.com with SMTP id y17so11784597pfl.13
 for <ffmpeg-devel@ffmpeg.org>; Tue, 14 Sep 2021 03:50:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=FQ3wcnyvbEuekeD+mi3fgORPn7WkcttAu3ctdxmM8N0=;
 b=U+t6XawjXpI9hJXwSqHk9mPsnTDEzkmkMT916h/rCobhqpHdKdEmX7TzbIGeBaJ3B/
 0wM7zBc8KXPVVhug7kjsZLJn+JpSboL6Q5TgEHZFrieYmYarzzYplkzT+Bi72D0sVz3E
 OdYv8jf+am0//vTra5o0MfkVhcqlBELi+0viWFN6ZPxQYs/la6/Q/g+FcePDyk+eL6Cr
 TjmDq6bWqyAe2nlbfD2V9lF/c3GE/mD7kyV4FWtR6dXnoRGNnJtK/UrzUoCwpengBAVO
 MvGNPnUi19XxQ//LJ0o2Qx4484fyZT+m0Bf8aeegPF7ZBpk3eoCeK9aIPpaXNCZKZ1Yq
 +nyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=FQ3wcnyvbEuekeD+mi3fgORPn7WkcttAu3ctdxmM8N0=;
 b=oAeE74hML9vY48+dHuNka8SiPMTabGogOjVgAfbGRqujxyZHKRX6RfuJmMeuJaSHrM
 DL00II4nAqXF5fkiycfFMOF7ZpThvE3ZYDUag0yh4x24DOfcnGBO841FQrb9Bih0nPPz
 ibf37M+DkxgOJFEw9cY/AjK4Yz3JFc11oI1+7grF+09OdJ2ZkQvAkjrpVN1QmLXOFxtl
 owp7aNfCMuExHqN/3fGPbfvjXxPNRNvvXdW9D2yBfpL/nfmVwyYFZ8fchSgJIHi+8oOU
 jca4auUREh6n3bV+hmmkGbNcLdeN77fVbG9mKdyPd/yP636oYOLcNoWg6bULOaLz34Nz
 AE8g==
X-Gm-Message-State: AOAM532B6EMRyaYIdZ3deBCFdePqrNfP6n7i4MLI0OY7lJf111x2ODtq
 9XcINxH0gh02OKsbtn2Gb5Ek2kXwCTg=
X-Received: by 2002:a62:798f:0:b0:438:faa3:5508 with SMTP id
 u137-20020a62798f000000b00438faa35508mr4101293pfc.75.1631616645606;
 Tue, 14 Sep 2021 03:50:45 -0700 (PDT)
Received: from vpn2.localdomain ([161.117.202.209])
 by smtp.gmail.com with ESMTPSA id p24sm9905732pfh.136.2021.09.14.03.50.44
 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
 Tue, 14 Sep 2021 03:50:45 -0700 (PDT)
From: lance.lmwang@gmail.com
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 14 Sep 2021 18:50:38 +0800
Message-Id: <1631616638-20151-3-git-send-email-lance.lmwang@gmail.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1631616638-20151-1-git-send-email-lance.lmwang@gmail.com>
References: <1631616638-20151-1-git-send-email-lance.lmwang@gmail.com>
Subject: [FFmpeg-devel] [PATCH 3/3] avcodec/dynamic_hdr10_plus: check size
 before using it
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Limin Wang <lance.lmwang@gmail.com>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: ENSNve+AS8zM

From: Limin Wang <lance.lmwang@gmail.com>

Signed-off-by: Limin Wang <lance.lmwang@gmail.com>
---
 libavcodec/dynamic_hdr10_plus.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/dynamic_hdr10_plus.c b/libavcodec/dynamic_hdr10_plus.c
index 854e70d..34a44aa 100644
--- a/libavcodec/dynamic_hdr10_plus.c
+++ b/libavcodec/dynamic_hdr10_plus.c
@@ -40,10 +40,10 @@ int ff_parse_itu_t_t35_to_dynamic_hdr10_plus(AVDynamicHDRPlus *s, const uint8_t
     if (ret < 0)
         return ret;
 
-    s->application_version = get_bits(gb, 8);
-
-    if (get_bits_left(gb) < 2)
+    if (get_bits_left(gb) < 10)
         return AVERROR_INVALIDDATA;
+
+    s->application_version = get_bits(gb, 8);
     s->num_windows = get_bits(gb, 2);
 
     if (s->num_windows < 1 || s->num_windows > 3) {