From patchwork Thu May 31 16:33:36 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jacob Trimble X-Patchwork-Id: 9181 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:11c:0:0:0:0:0 with SMTP id c28-v6csp717489jad; Thu, 31 May 2018 09:34:01 -0700 (PDT) X-Google-Smtp-Source: ADUXVKLbDjfWrKU9h6kjl6N4Y1a0TTc7GvTdOTCNye4RfOEDKTN6qX28hvJ3UEjP2fDonop9++bL X-Received: by 2002:adf:f482:: with SMTP id l2-v6mr5920091wro.259.1527784441308; Thu, 31 May 2018 09:34:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527784441; cv=none; d=google.com; s=arc-20160816; b=lQlZKG33UI8cm83XY5jAtIfU+DLU9bpv967I9Vs1BFHy5yAZ0MDQ5qugcHPMx+6VMA kDp099sY69AHHA8JDJ0J+qKuXRt+EEpDnRnIGq6ouVQp4lCW11hDJBKLHfldNv4oUfvN bDKhiiC+BLUzErH34wNCAuSBpy5OgkzRKc7f4SQWXDXze2BuA72dqoY/2rtaEMA9cDCG dWnNnKQSsQ1fMKh5ai1Zk7splCJoV5Aez2WajLetMApKWi54Yr/1EmRzSA3JMltDCiP8 dPwAaZVjl72EqpVbR5AjEqc+bmfPvkSJvlD78zjx+l06ljweTR60xUVQG0wQPze/AHUc R5qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:to:from:message-id:date:mime-version :dkim-signature:delivered-to:arc-authentication-results; bh=fc3YsvyJprbmYZTiK+pgmUoq+8fLyxNYJUPjd51kqao=; b=zI3vaN5TJoqywHZiPYQOTUV3cwimVExYnlFHNkfIwqK/P4uObqJfxNXgsXsTpIKyEG jo/tHWv6iczjvvtcp44NzxRfPWMBV07EKnqkYm0anpFRQpQOGrMvVF/GEB4yDYxYJ96l zBcy73Zls4wVzJtboWYfBAcB8OYkoioTSFg3Ph0CpjdLyumLTgry4SVWsqvIWJ5BXc2/ tSEuCEPtHgwsLgk5FgT9rCLImm6iupQPyPkfC/fb94cS2+OUZ/6rsUP8RTWdvMCrCvun ejCCUFV0EyH8WO1U6wjbwhQDHUkiE8wqxDxg5TEdzbun3K4VCgYjOIb/RgVolhXERaSX Gl9A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b=vHZbIxrO; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id g28-v6si11348497wra.434.2018.05.31.09.34.01; Thu, 31 May 2018 09:34:01 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b=vHZbIxrO; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0F1B068A484; Thu, 31 May 2018 19:33:15 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-yw0-f202.google.com (mail-yw0-f202.google.com [209.85.161.202]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id ED0DA68A180 for ; Thu, 31 May 2018 19:33:07 +0300 (EEST) Received: by mail-yw0-f202.google.com with SMTP id d129-v6so4359447ywe.4 for ; Thu, 31 May 2018 09:33:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:date:message-id:subject:from:to:cc; bh=cnBKiIKqpPkANh31pZkWi+Jz1pBsSeRaYtoK3GEGb04=; b=vHZbIxrOdeSKN2SUaazoVD0/lix4f2xz8wSRYu+49DcLWzY8lZxeG74Ged0Jps6fgd LGlqHPQ5ge0gPcHVWCFogNXA+314t/b1bmm6v/kE70CLQynK7DIYK+7JV5pjSmWZ4gfT jpemqCaBK9syk5LgYfS53Ek0JhExT4nq9OQvsaKlaWIo5bK3TqdLPYeDjzufh0AJgfVR /5JX3c9I0Q34If8rTMkvJaHNwpOn0KBMPQ0oyJP+JdR5/31syY+dB0N1h3LEpEnsh3HD /6uz1Vpfwn4CQhvFYgcW1yhXo3gb4Tp9Rltr5u80f9DlFv9sIZDvJ5KAm5R4YCEGip94 bRRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:date:message-id:subject:from:to:cc; bh=cnBKiIKqpPkANh31pZkWi+Jz1pBsSeRaYtoK3GEGb04=; b=f2iu2APjdZvnl6mLGJ6IsU4G9YbPbcgux1UXfTCJbnWPgH3o5kMl01E0twLgpVNbha HteHvTUGqbz/dxX9ehILrvU6SAbvZm3GseR7ZYr4KMGtqSC5rH6xwlrVnNzUsJtQcvsP Wzqioi+I3dzMFQCs5/crCmeRcRUjTmH5hksAnE0dKzZ5tCRZQAPxIEQYuU1qq+EK91Hf HPziMME6r0+CRUW9ThoVXNzYnqLbOG96W8YdrjGZkqh9JoBLUHx2mU+lKCkbspkxdFyc hgPnT+jiaL8o6PDUjaLWYIRRTj1vn4NSarrJPC7+03g/szDTjJvcldaf1CiNO8CjYKZ/ WdOQ== X-Gm-Message-State: ALKqPwcGwy2PoPKQGK7Ime2w1Vg8mnVf6nMrLeolJ5Px/vgLIlfm6EUI R0e8XvIprZzyhYgpio8HZr3QODL0qzdah0fo9BmIo5Tit3/TLZdg/PHeEhBpy2E91bu0DAt7KTM UdEKMN1vBm4vlkxuseo/ZkMVq7MT5c9kRwilPVcnwVGNsZ56Ni1zO6+wM2hc8Rqif8KaN MIME-Version: 1.0 X-Received: by 2002:a81:6e83:: with SMTP id j125-v6mr2113390ywc.149.1527784431588; Thu, 31 May 2018 09:33:51 -0700 (PDT) Date: Thu, 31 May 2018 09:33:36 -0700 Message-Id: <20180531163336.61888-1-modmaker@google.com> X-Mailer: git-send-email 2.17.0.921.gf22659ad46-goog From: Jacob Trimble To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH] libavutil/encryption_info: Add NULL checks. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Jacob Trimble Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Found by Chrome's ClusterFuzz: http://crbug.com/846662. Signed-off-by: Jacob Trimble --- libavutil/encryption_info.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavutil/encryption_info.c b/libavutil/encryption_info.c index 20a752d6b4..a48ded922c 100644 --- a/libavutil/encryption_info.c +++ b/libavutil/encryption_info.c @@ -64,6 +64,8 @@ AVEncryptionInfo *av_encryption_info_clone(const AVEncryptionInfo *info) { AVEncryptionInfo *ret; + if (!info) + return NULL; ret = av_encryption_info_alloc(info->subsample_count, info->key_id_size, info->iv_size); if (!ret) return NULL; @@ -127,7 +129,7 @@ uint8_t *av_encryption_info_add_side_data(const AVEncryptionInfo *info, size_t * uint8_t *buffer, *cur_buffer; uint32_t i; - if (UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA < info->key_id_size || + if (!info || !size || UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA < info->key_id_size || UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA - info->key_id_size < info->iv_size || (UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA - info->key_id_size - info->iv_size) / 8 < info->subsample_count) { return NULL; @@ -260,7 +262,8 @@ uint8_t *av_encryption_init_info_add_side_data(const AVEncryptionInitInfo *info, uint8_t *buffer, *cur_buffer; uint32_t i, max_size; - if (UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA < info->system_id_size || + if (!info || !side_data_size || + UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA < info->system_id_size || UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA - info->system_id_size < info->data_size) { return NULL; }