From patchwork Thu Sep 26 17:58:53 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thierry Foucu X-Patchwork-Id: 15315 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 781F1447B1B for ; Thu, 26 Sep 2019 20:59:07 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 516DA689B62; Thu, 26 Sep 2019 20:59:07 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-pg1-f196.google.com (mail-pg1-f196.google.com [209.85.215.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B7910689A52 for ; Thu, 26 Sep 2019 20:59:00 +0300 (EEST) Received: by mail-pg1-f196.google.com with SMTP id t14so1977677pgs.3 for ; Thu, 26 Sep 2019 10:59:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Yw3+lZvo+GWLTz9NmsZpEvtTyb4EHEgtP0t8+mcyTzA=; b=EqOZCyV0KZwgoX/dBL/610JTXQt6AmkjX9KoF+xta5Tw4pUAjTg0uJ+4/t1iuENXnh gLesvzS2SeuIb8L038dADkW53GsQZksYuk3oYkPSITjoK4KbSbpvj0/IABoVSIVX9l2f ZlBg/ofrCzwShlbmqEci6hYlKZwknizwwYmka4WZJ3rvrhaFqvgTOzfrnE5M2KRjK6J9 VuHxpa144WYumtudWe41t9p2v6+C3pAn98t2aF031fKDjh8UzPXvUyMk6SC3KSQp9ejA rv+mvkzwzr0VudIbAXqlzHhb2by91kVVTIC8YuxvqN1AU51J6BTA1BoAG0pLnJ6Yp5HE FCrg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=Yw3+lZvo+GWLTz9NmsZpEvtTyb4EHEgtP0t8+mcyTzA=; b=lQ9JfbMuZFNCsatcZmurxEKphLdJgChm9PYN5s8SXfoj8XX/e+949RVr1B/yU2nQao QNBEwVRmksJNqpr/9Nd/zt8Y09azIa0c1uVD1wLcNe2T78WdKhBgLMqX8wfJDd+wjXIm 2d0B7EQB9ddjcdkLTeAY7dZQP7Rxzp9MOAILAl4X43dpgLbAnX1JYZjRzaa4QhGyxJVN DTAkvFW2DCwniCG9JrHcvkHFS+Y+vt89ZF3zWX08TWVC2wvuiHzaNz00q0tmwwg+uI/3 UcQrAEvAjpLe5mDTzmDkBmK3Edb4mTpuDu8o4N2ar0hJWwRff/BH4N+B90UxF+beq8V5 LRAg== X-Gm-Message-State: APjAAAVrj+57bn9RqKa39nTBydPGm5+PxnXKFe/8+iBq+8DUbcZBWzqB 7mD+hSPwVntwqNkYSNUO38yLcbVv X-Google-Smtp-Source: APXvYqxtFNd3z0jdre9coV+hKOrNpnOqnCPS2enn7+pceTcPx7BS1zClokpJrkiV+IRP2J/g8Wv3kw== X-Received: by 2002:a17:90a:9dc1:: with SMTP id x1mr4843785pjv.98.1569520737648; Thu, 26 Sep 2019 10:58:57 -0700 (PDT) Received: from tfoucu.mtv.corp.google.com ([2620:0:1000:4001:8e18:4d51:fb1:d54f]) by smtp.gmail.com with ESMTPSA id h66sm14826921pjb.0.2019.09.26.10.58.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 26 Sep 2019 10:58:57 -0700 (PDT) From: Thierry Foucu To: ffmpeg-devel@ffmpeg.org Date: Thu, 26 Sep 2019 10:58:53 -0700 Message-Id: <20190926175853.23260-1-tfoucu@gmail.com> X-Mailer: git-send-email 2.23.0.444.g18eeb5a265-goog MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/2] [monvenc] Add extra padding when allocating trk->vos_data X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Thierry Foucu Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" trk->vos_data is mostly used to store the extradata from the codec. Most encoder when storing their extradata, are allocating with padding. But the current code was ignoring the padding, which could causes heap-buffer-overflow --- libavformat/movenc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/movenc.c b/libavformat/movenc.c index e095af0972..11cf1a13a9 100644 --- a/libavformat/movenc.c +++ b/libavformat/movenc.c @@ -5378,7 +5378,7 @@ int ff_mov_write_packet(AVFormatContext *s, AVPacket *pkt) !TAG_IS_AVCI(trk->tag) && (par->codec_id != AV_CODEC_ID_DNXHD)) { trk->vos_len = par->extradata_size; - trk->vos_data = av_malloc(trk->vos_len); + trk->vos_data = av_mallocz(trk->vos_len + AV_INPUT_BUFFER_PADDING_SIZE); if (!trk->vos_data) { ret = AVERROR(ENOMEM); goto err;