From patchwork Fri May 29 16:17:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 19970 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 5C533449F89 for ; Fri, 29 May 2020 19:34:36 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3630068AD33; Fri, 29 May 2020 19:34:36 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f68.google.com (mail-wm1-f68.google.com [209.85.128.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 61A3F680AF6 for ; Fri, 29 May 2020 19:34:29 +0300 (EEST) Received: by mail-wm1-f68.google.com with SMTP id r9so4111010wmh.2 for ; Fri, 29 May 2020 09:34:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=THz/DtmM8WLRc7DQgIKHYLK/Uiqdl+38nML7Mii1iCY=; b=FyE4erZrAFGaTnoQpe93oUZ+TVEC6lXqeEXHyZp5XxODlo4F4VZpcPRg3ySG5BIOfx fB6EDplb+j8pU3FG36BKtvY82K8QrRuowhF7PRKhO/KJ8Gt1CYLUh+Wl5+s/RxtURW7R 53zpUH2yfV1M39nK7JeV0Rt2rompJTR9r2s5nx5BujOGgVOzCYdsLRKMM/t+r6Yijx1h ewERifojisw3kiLpDGUarVjSuojUShJEj4fs7VYTpjF8r9n9bGc6Q2oFxU3w80HmdC2G L5n4Oh6EUmORcGyZKEATJ5kunrRXyPhm6YQRkWSLOl6i+FGaRjB4+ozLzze7+0a95+ni PoRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=THz/DtmM8WLRc7DQgIKHYLK/Uiqdl+38nML7Mii1iCY=; b=LG5HS8lBVwJY4x3L39/5N2zR6bf/F135p4pZbfk0M2eJcWRw28tAqjipsw5Jyl36Sw wxDKays5n95NqjXIRaL9UDJTK8WGuGfA6RV53brhZP2oabyNDEfrlglFwnbrUvGz20qm oUmfEa8MV35zMnBhsN75JoBZOXRrClKumftg8ycRQwuDjRW2vAZBL4Z3HJXXhAZTdNo4 ak54j7dqi9M5hm5YdHtz3bAp5pYGbgCZag3/DvOrgdBxFHYyzoDwRyqBsE1eSp2jrHgv /xzvvtqV+beiNhIeSzicQTZcBAbYPxc5uTtta+jiP6Na8bs7HOy6QGfMWGThdVS8fxkq +GDQ== X-Gm-Message-State: AOAM532HHfU3Lx0bCI77acLvpurJ+M9WBb8LF0yba4GQUa01EWPnVv5n Inq7PxYz44BTQW0nOOke9uTznOS1 X-Google-Smtp-Source: ABdhPJyfUpOOqDaxIh1iLqa0mKlkl6+cy1u7vYzBYjH4fzDbdVB+M29pH/IKk7jGqqJk6P5mYyIqzw== X-Received: by 2002:a1c:b654:: with SMTP id g81mr9137305wmf.128.1590769587882; Fri, 29 May 2020 09:26:27 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id c16sm4612248wrx.4.2020.05.29.09.26.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 29 May 2020 09:26:27 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Fri, 29 May 2020 18:17:54 +0200 Message-Id: <20200529161755.9904-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/2] avcodec/h264_parser: Fix undefined left shift X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Use an uint32_t for the NAL unit size of an AVC H.264 NAL unit instead of an int as a left shift of a signed value is undefined behaviour if the result doesn't fit into the target type. Also make the log message never output negative lengths. Signed-off-by: Andreas Rheinhardt --- libavcodec/h264_parser.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/h264_parser.c b/libavcodec/h264_parser.c index d9249e578d..1d2ce3870c 100644 --- a/libavcodec/h264_parser.c +++ b/libavcodec/h264_parser.c @@ -84,12 +84,13 @@ static int h264_find_frame_end(H264ParseContext *p, const uint8_t *buf, for (i = 0; i < buf_size; i++) { if (i >= next_avc) { - int nalsize = 0; + uint32_t nalsize = 0; i = next_avc; for (j = 0; j < p->nal_length_size; j++) nalsize = (nalsize << 8) | buf[i++]; - if (nalsize <= 0 || nalsize > buf_size - i) { - av_log(logctx, AV_LOG_ERROR, "AVC-parser: nal size %d remaining %d\n", nalsize, buf_size - i); + if (!nalsize || nalsize > buf_size - i) { + av_log(logctx, AV_LOG_ERROR, "AVC-parser: nal size %"PRIu32" " + "remaining %d\n", nalsize, buf_size - i); return buf_size; } next_avc = i + nalsize;