From patchwork Sun Jul 23 22:33:36 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tyler Jones X-Patchwork-Id: 4429 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.1.76 with SMTP id 73csp3552364vsb; Sun, 23 Jul 2017 15:41:28 -0700 (PDT) X-Received: by 10.28.0.19 with SMTP id 19mr3364674wma.168.1500849688029; Sun, 23 Jul 2017 15:41:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1500849687; cv=none; d=google.com; s=arc-20160816; b=gcuYY1PV126PGf6cdqjAkNctCHp8ut4TnjzlFaMkkcxSLo7g3MXcoaaoYR3UPupYq7 HZr3MGGc1t+2rot32Lbu1/4CL55TDu+ivMRshLhx0z3lITmQw9r5K00ZxI0cGI50ePSv 3dmzZdQFvUEw/gRq50vcT23ZLS41hb7hDR1tDIdzDGgxU8Q1CaB/yoG9F/w346+Mi70/ z9b9Ms0KaXjvo5Qb8Wippm+x9jPlyKMXuXDJvGrVGi5IKmR3OMAkY0E816oEyIAjlaRp Z1UK1hr3yLorGYDGu/LvSjaYBeXY5Bj5E9bXqvdkmFSpzdU4xbjt3oJFHIPrjfj8kndf XpzA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:user-agent :mime-version:message-id:to:from:date:dkim-signature:delivered-to :arc-authentication-results; bh=gh5HVbuxQzJ9ZlTTKFrT26cis4V0MeXSg6PsUSmC6co=; b=qxysXsr083kqqCgdbCVuyStpqdQmRRL4HEIm7EMehoaBsIeef15WHMwe7T71SaZnTi BL6WZiLTkve/zAhpr1hGqGVA/FN/1qnhFiNVKvnMezgUuC/db5GNz/IqDyRSITci4k49 c8LnOroxvIabXzDtg6DnqXyPFowlbiu3FBAMU+EHq2ZUKDCXqVdB8OHEng7BNXZzaRgv KLN1dbOTj9AeX9FpUlrkYjVMEvlmkJJ0Jkk+qN0/2uoe8w9Mfng9Cn7g3K6oiRuQ1rWu XNiN4Ltv2r1ufvf23I/2RpmWgFWInqmryWoOQ9t2+MJV/U3Kjhy68fL8o/fcNu0DNj99 x5Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.b=KrIH1Ede; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 79si1163903wmh.180.2017.07.23.15.41.27; Sun, 23 Jul 2017 15:41:27 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.b=KrIH1Ede; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A82736897DD; Mon, 24 Jul 2017 01:41:15 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-it0-f65.google.com (mail-it0-f65.google.com [209.85.214.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id AA2686807B8 for ; Mon, 24 Jul 2017 01:41:09 +0300 (EEST) Received: by mail-it0-f65.google.com with SMTP id v127so6669790itd.2 for ; Sun, 23 Jul 2017 15:41:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:subject:message-id:mime-version:content-disposition :user-agent; bh=9u5RY0ViO3MYfbMhYgcQrfAdPJxbBabpXnEsGnfZpWM=; b=KrIH1EdexkJxrxlut2R0ahbKmc9zLY8u7/jEnnBg8z8dJTWsDU6hshxryCZkEJJNX9 vAJtsyVhkP+W9g0skpC5oQqTRALYk7o0xcVgBvLLryVy2rHbv8c0Lxq9bNZqt43HH9QN uW/qMW8oUmiUSwdPEY8K2BkIIqPT7WdHkAErSKY0QblnpeAPJMOlaBGXs/9tJihARXmG xDoG19VbUGQ8swUgA/2dhaxGJvqytYmivjH9hUMY8sJbHLYWjOkIwSTlu7XuchIu56tV BJiPCFoW8DWH2n9DulERu/+bqt3190QnYkKvnb6bjgf23b7Aewhbtrrqpvm1rOIsS970 tQHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition:user-agent; bh=9u5RY0ViO3MYfbMhYgcQrfAdPJxbBabpXnEsGnfZpWM=; b=V6xt960jr5V7+RrvfZZJkHvODLVfgcDuM7wCt0/LF1nzIBO4XSkW45qa5u1h3XhdoS OsW523gqmtrqCi8ts8B4Ys+0ks0IT64lnJbMFjotl7iDWcSjy4hu4y4fU7wA1cWkEm3p qIVNenHfksFdB/QJ3jg9Xp1TM/tnMZFTnktClz6rJu1lIUGaL9p2YT/DLNA5WXSSuP2I HdaOxHn3rm3yORYiC9mlXlJHNHXFVM/D+OTVplMKi+F5RGfIrSTL1P7K1u7SflrrysZr y7yHeE1VXy8tzP0fvI91Dba8Bd815zXBXCML+tuaTqwesIu2Hkgzu4+t6Mj8FgCwf6sJ am7A== X-Gm-Message-State: AIVw110/BLF/OhJv6BMjbloXSDZjuI7vatXx28UvdEjdJGcN9EqpeM8d FhH0TgJAvrg+x435 X-Received: by 10.36.131.10 with SMTP id d10mr5660196ite.126.1500849218681; Sun, 23 Jul 2017 15:33:38 -0700 (PDT) Received: from tdjones.localdomain ([72.166.237.56]) by smtp.gmail.com with ESMTPSA id a188sm3187718ita.19.2017.07.23.15.33.37 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 23 Jul 2017 15:33:37 -0700 (PDT) Date: Sun, 23 Jul 2017 16:33:36 -0600 From: Tyler Jones To: ffmpeg-devel@ffmpeg.org Message-ID: <20170723223336.GA22084@tdjones.localdomain> MIME-Version: 1.0 User-Agent: Mutt/1.8.3 (2017-05-23) Subject: [FFmpeg-devel] [PATCH] avcodec/vorbisdec: Check for legal version, window and transform types X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Vorbis I specification requires that the version number as well as the window and transform types in the setup header be equal to 0. Signed-off-by: Tyler Jones --- libavcodec/vorbisdec.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index 2a4f482031..f9c3848c4e 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -898,8 +898,16 @@ static int vorbis_parse_setup_hdr_modes(vorbis_context *vc) vorbis_mode *mode_setup = &vc->modes[i]; mode_setup->blockflag = get_bits1(gb); - mode_setup->windowtype = get_bits(gb, 16); //FIXME check - mode_setup->transformtype = get_bits(gb, 16); //FIXME check + mode_setup->windowtype = get_bits(gb, 16); + if (mode_setup->windowtype) { + av_log(vc->avctx, AV_LOG_ERROR, "Invalid window type, must equal 0.\n"); + return AVERROR_INVALIDDATA; + } + mode_setup->transformtype = get_bits(gb, 16); + if (mode_setup->transformtype) { + av_log(vc->avctx, AV_LOG_ERROR, "Invalid transform type, must equal 0.\n"); + return AVERROR_INVALIDDATA; + } GET_VALIDATED_INDEX(mode_setup->mapping, 8, vc->mapping_count); ff_dlog(NULL, " %u mode: blockflag %d, windowtype %d, transformtype %d, mapping %d\n", @@ -969,7 +977,11 @@ static int vorbis_parse_id_hdr(vorbis_context *vc) return AVERROR_INVALIDDATA; } - vc->version = get_bits_long(gb, 32); //FIXME check 0 + vc->version = get_bits_long(gb, 32); + if (vc->version) { + av_log(vc->avctx, AV_LOG_ERROR, "Invalid version number\n"); + return AVERROR_INVALIDDATA; + } vc->audio_channels = get_bits(gb, 8); if (vc->audio_channels <= 0) { av_log(vc->avctx, AV_LOG_ERROR, "Invalid number of channels\n");