From patchwork Fri Dec 18 23:22:07 2020
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 24582
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id 3AD32449FC7
	for <patchwork@ffaux-bg.ffmpeg.org>; Sat, 19 Dec 2020 01:35:20 +0200 (EET)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1336E68A903;
	Sat, 19 Dec 2020 01:35:20 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from vie01a-dmta-pe03-1.mx.upcmail.net
 (vie01a-dmta-pe03-1.mx.upcmail.net [62.179.121.160])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3442568A32E
 for <ffmpeg-devel@ffmpeg.org>; Sat, 19 Dec 2020 01:35:13 +0200 (EET)
Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net)
 by vie01a-dmta-pe03.mx.upcmail.net with esmtp (Exim 4.92)
 (envelope-from <michael@niedermayer.cc>) id 1kqP5Z-0000pu-0M
 for ffmpeg-devel@ffmpeg.org; Sat, 19 Dec 2020 00:23:09 +0100
Received: from localhost ([213.47.68.29])
 by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP
 id qP4bku6cbO4rAqP4bkse3v; Sat, 19 Dec 2020 00:22:09 +0100
X-Env-Mailfrom: michael@niedermayer.cc
X-Env-Rcptto: ffmpeg-devel@ffmpeg.org
X-SourceIP: 213.47.68.29
X-CNFS-Analysis: v=2.3 cv=RNDN4Lq+ c=1 sm=1 tr=0
 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17
 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=ZZnuYtJkoWoA:10
 a=rWaRxOLpgLh6nDTbhf8A:9 a=pHzHmUro8NiASowvMSCR:22 a=Ew2E2A-JSTLzCXPT_086:22
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sat, 19 Dec 2020 00:22:07 +0100
Message-Id: <20201218232208.14207-7-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20201218232208.14207-1-michael@niedermayer.cc>
References: <20201218232208.14207-1-michael@niedermayer.cc>
X-CMAE-Envelope: 
 MS4wfM2MSGnFWELsbMnYiB7wK9pQEqJInineRJN5+r/rT2VQ4k8QNyAMTrVbn/ORkgL7q6JyoCQsSxDjjXFBW1XRIV1h1KoiHrG1VQ8324NhVclBwNW5lfRl
 U4HMoNAQ+baEmVaVYgaYE1QY2fKpjgMlaq3MLa+gpnK6PDfReFXPFT8z
Subject: [FFmpeg-devel] [PATCH 7/8] avformat/aviobuf: Check for overflow in
	ffio_read_varlen()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

No testcase

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/aviobuf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavformat/aviobuf.c b/libavformat/aviobuf.c
index 78cc60b2ae..7730547106 100644
--- a/libavformat/aviobuf.c
+++ b/libavformat/aviobuf.c
@@ -917,6 +917,8 @@ uint64_t ffio_read_varlen(AVIOContext *bc){
 
     do{
         tmp = avio_r8(bc);
+        if (val > UINT64_MAX>>7)
+            return AVERROR_INVALIDDATA;
         val= (val<<7) + (tmp&127);
     }while(tmp&128);
     return val;