From patchwork Sat May 30 16:05:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 20002 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 9C3F844A6AD for ; Sat, 30 May 2020 19:06:40 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 81E1468B070; Sat, 30 May 2020 19:06:40 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3F54168AFA6 for ; Sat, 30 May 2020 19:06:30 +0300 (EEST) Received: by mail-wm1-f67.google.com with SMTP id f185so7145864wmf.3 for ; Sat, 30 May 2020 09:06:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ez0QBypIUGAwLevQX5Mpfp4o7EjqjfAfofvN9beRUI4=; b=DGWLLZu7eZ+pCcuH1HnJGzmhnxQXcSnIzGobsBvtMsPAR09lmPk12SlSYfoLaBeoII gcaMxZTzB9PDSpSLS7B1hHLNbJUXr5tcxXB4Apdto7yWqh0c1MX4TpnewgP5Q2GZrjmc oVfxG3YrxFrCnnPCKB5JltSqeGnG6KHizPDCg4bgN+rLIkVCjKDVNxCvWVhkMwvmZb6h lwr0hGlEryP3Zxkk6u7InhIduKTDlo82JC0uq2MQhWPS3Oakv7vIp8hiAKyAID2rNki4 7OUTGPFHRb4QuEWZkN5SZm3Q31b0Di8/PBGyD32s7j0gnkd1YWABmlG69Tk3bhPXzIw2 zILw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ez0QBypIUGAwLevQX5Mpfp4o7EjqjfAfofvN9beRUI4=; b=M9QzwGnr7Jf6r4PDdSazD0WTc6CuWjHnmPrTdALi7T+nSTqxo3j1rhf7aYrwmeJwZ1 KzXm5KBIJKtMZVA3lSqeYfSjIfAXr3YqVEh+PpTboYxIccwEFlEy8minh/oLpTo3Bdk1 h5xwFHCpem0nXd+so5dxkMU1rmIJSnN7KUxIHil8TcVUd3lYeDPUp6S32H5vv6I6D5xu TTMTFtpvsnJKETlVVgmAJq+qvTCCWow5XuqY7zJU0SlNMvVTI0Rft4e2qdBwWyU11yRv gQ0u4FVgtw25a6wywDFkAHLiqVnFxvqhymbWCR+tZizaHn9EI2AaBChvDot2cKHTx3S/ p/2w== X-Gm-Message-State: AOAM530dyIHht8UDlP/BCWUusW5bT9coxc3LW4NcP69HmAsrnovj5qdq nWcMjWXKH0zvdN3hlB5a5U0mmqrp X-Google-Smtp-Source: ABdhPJz1if2S9ru9Imn3kfaY5NiFDri25x73WuXEryBoSkN2LjsABnFRS0hYRR4u9K8FweAT07foGg== X-Received: by 2002:a7b:cae2:: with SMTP id t2mr13852999wml.150.1590854789303; Sat, 30 May 2020 09:06:29 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id v27sm15186517wrv.81.2020.05.30.09.06.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 May 2020 09:06:28 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 30 May 2020 18:05:20 +0200 Message-Id: <20200530160541.29517-15-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200530160541.29517-1-andreas.rheinhardt@gmail.com> References: <20200530160541.29517-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 15/36] avcodec/mjpega_dump_header_bsf: Don't overread X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" When encountering an SOS marker, the two bytes after this marker are read, too. So one needs to make sure that these two bytes are still part of the packet's data. And when one checks whether the input already is of the desired format, one has to make sure that the place where one searches the "mjpg" tag is actually contained in the given data. Signed-off-by: Andreas Rheinhardt --- libavcodec/mjpega_dump_header_bsf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/mjpega_dump_header_bsf.c b/libavcodec/mjpega_dump_header_bsf.c index 40c4c690ab..1cd2b48719 100644 --- a/libavcodec/mjpega_dump_header_bsf.c +++ b/libavcodec/mjpega_dump_header_bsf.c @@ -62,7 +62,7 @@ static int mjpega_dump_header(AVBSFContext *ctx, AVPacket *out) bytestream_put_be32(&out_buf, in->size + 44U); /* pad field size */ bytestream_put_be32(&out_buf, 0); /* next ptr */ - for (i = 0; i < in->size - 1; i++) { + for (i = 0; i < in->size - 3; i++) { if (in->data[i] == 0xff) { switch (in->data[i + 1]) { case DQT: dqt = i + 46U; break; @@ -80,7 +80,7 @@ static int mjpega_dump_header(AVBSFContext *ctx, AVPacket *out) av_packet_free(&in); return 0; case APP1: - if (i + 8U < in->size && AV_RL32(in->data + i + 8) == AV_RL32("mjpg")) { + if (i + 12U <= in->size && AV_RL32(in->data + i + 8) == AV_RL32("mjpg")) { av_log(ctx, AV_LOG_ERROR, "bitstream already formatted\n"); av_packet_unref(out); av_packet_move_ref(out, in); @@ -90,7 +90,7 @@ static int mjpega_dump_header(AVBSFContext *ctx, AVPacket *out) } } } - av_log(ctx, AV_LOG_ERROR, "could not find SOS marker in bitstream\n"); + av_log(ctx, AV_LOG_ERROR, "No valid SOS marker in bitstream\n"); fail: av_packet_unref(out); av_packet_free(&in);