From patchwork Wed Jul 24 17:15:54 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 14058 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 8BD7A448079 for ; Wed, 24 Jul 2019 20:24:51 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6DFC7688357; Wed, 24 Jul 2019 20:24:51 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f65.google.com (mail-wr1-f65.google.com [209.85.221.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 79B4A6898A0 for ; Wed, 24 Jul 2019 20:24:45 +0300 (EEST) Received: by mail-wr1-f65.google.com with SMTP id n9so22778889wrr.4 for ; Wed, 24 Jul 2019 10:24:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=HJ6f6ZYQ1yKsuJ/H6ZJpmkFXfP5ibDhfHAV/y58TNqM=; b=Mtdt4FTnJb5IISXydTALjPx8q8MxHg6B8q1m8uSYmNkndLQBfvT/PgRblqg5tKikHO Tc8Rm/C5TNonIfUqbWbMvVsif9jUp9a7O3DHYayuEadzehMcwQD7rYqE8KswQKheGIPL I/fZ1WDzToEbWIaOmzXjCfejW4iWXdi4Y1/pEnQyD2kgc9YS6ZdI5arZ/YA8dSk67ov6 i8txN3eAmkNxEmh6JrKZ+GNKwMwyk42iZ4CEwd8fh8KwI0mwtuwHrP53ug8zXYQL+gfC Wrc+acMVnY6RteiHwZGP16JZldQg9sZaaqKwW42VKAU2pJJjlHn/kjsuHMUaRiveBQde w7Dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=HJ6f6ZYQ1yKsuJ/H6ZJpmkFXfP5ibDhfHAV/y58TNqM=; b=U5ObLoDf+SPMmschHTzrQFmL3hmoadxVpkfKG3fhATrctgsBp1IH45o7pmjmjJQ51i MAs/UGlLfIiyCk6c19Ll1AhtSEJOKgJ+lzoCrA9zTOtwpH18nxYjal8kdPa+4Zbk8PbG yPe4xb+E9hbPtM790awKkDtMoo0tLofNp2YVJJI5FZxWzVDGhRpp1tOe6iEGiH/9WWOc P4SlWHYQZ02frkvbIIQO6WOeLVSDNMd6OjP3EqMEDfwrEI5Tp0JzKIYtHNLr52WK5GUb 8wMURqheNpOZdrdg6Ib0AuQKRDxhkxWcyOBP7jt0gQidWVNqSs0dnuXqsxCf+9zaZTdi I2Xw== X-Gm-Message-State: APjAAAXdz/8KKck0LFJqYB9OEY4OCCQnGlc9YjvHVC9iy7Y1gti6MeLS piidISY8LAB8i/YIJkhkf30ASHG4 X-Google-Smtp-Source: APXvYqwavcORVKcCXSJ/LPlDZ0jsxLL+CGR6L7QnTF9Kj743vS+z81PEV4roPcKZIp4u9zJMVhNWEQ== X-Received: by 2002:a5d:6783:: with SMTP id v3mr88753599wru.318.1563989084893; Wed, 24 Jul 2019 10:24:44 -0700 (PDT) Received: from localhost.localdomain (ipbcc08b8f.dynamic.kabel-deutschland.de. [188.192.139.143]) by smtp.gmail.com with ESMTPSA id l8sm82829930wrg.40.2019.07.24.10.24.44 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Wed, 24 Jul 2019 10:24:44 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 24 Jul 2019 19:15:54 +0200 Message-Id: <20190724171557.10037-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190724171557.10037-1-andreas.rheinhardt@gmail.com> References: <20190724074358.GU3219@michaelspb> <20190724171557.10037-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/6] h264_mp4toannexb_bsf: Add a comment about possible overread X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Before reading a 16bit size field during parsing of extradata, no check is performed to make sure that said length field is actually contained in the extradata. Given that this overread is not dangerous (the extradata is supposed to be padded), only a comment for it has been added; the error itself will be detected as part of the normal check for overreads. Signed-off-by: Andreas Rheinhardt --- libavcodec/h264_mp4toannexb_bsf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/h264_mp4toannexb_bsf.c b/libavcodec/h264_mp4toannexb_bsf.c index 374c2d59fb..aa5ca8d102 100644 --- a/libavcodec/h264_mp4toannexb_bsf.c +++ b/libavcodec/h264_mp4toannexb_bsf.c @@ -91,7 +91,7 @@ static int h264_extradata_to_annexb(AVBSFContext *ctx, const int padding) while (unit_nb--) { int err; - unit_size = AV_RB16(extradata); + unit_size = AV_RB16(extradata); /* possible overread ok due to padding */ extradata += 2; total_size += unit_size + 4; av_assert1(total_size <= INT_MAX - padding);