diff mbox series

[FFmpeg-devel] fftools/ffmpeg: avoid possible invalid reads with short -tag values

Message ID 20230413135954.26658-1-anton@khirnov.net
State Accepted
Commit 89c9a3ac3542c3684e511607d88b265bfa6aa64f
Headers show
Series [FFmpeg-devel] fftools/ffmpeg: avoid possible invalid reads with short -tag values | expand

Checks

Context Check Description
yinshiyou/make_loongarch64 success Make finished
yinshiyou/make_fate_loongarch64 success Make fate finished
andriy/make_x86 success Make finished
andriy/make_fate_x86 success Make fate finished

Commit Message

Anton Khirnov April 13, 2023, 1:59 p.m. UTC 
Fixes #10319.
---
 fftools/ffmpeg_demux.c    | 8 ++++++--
 fftools/ffmpeg_mux_init.c | 7 +++++--
 2 files changed, 11 insertions(+), 4 deletions(-)

Comments

James Almer April 13, 2023, 2:14 p.m. UTC | #1 
On 4/13/2023 10:59 AM, Anton Khirnov wrote:
> Fixes #10319.
> ---
>   fftools/ffmpeg_demux.c    | 8 ++++++--
>   fftools/ffmpeg_mux_init.c | 7 +++++--
>   2 files changed, 11 insertions(+), 4 deletions(-)
> 
> diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c
> index b9849d1669..d89e28b9f6 100644
> --- a/fftools/ffmpeg_demux.c
> +++ b/fftools/ffmpeg_demux.c
> @@ -736,8 +736,12 @@ static void add_input_streams(const OptionsContext *o, Demuxer *d)
>           MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, ic, st);
>           if (codec_tag) {
>               uint32_t tag = strtol(codec_tag, &next, 0);
> -            if (*next)
> -                tag = AV_RL32(codec_tag);
> +            if (*next) {
> +                uint8_t buf[4] = { 0 };
> +                memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag)));
> +                tag = AV_RL32(buf);
> +            }
> +
>               st->codecpar->codec_tag = tag;
>           }
>   
> diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
> index 62e5643a04..aab423464c 100644
> --- a/fftools/ffmpeg_mux_init.c
> +++ b/fftools/ffmpeg_mux_init.c
> @@ -610,8 +610,11 @@ static OutputStream *new_output_stream(Muxer *mux, const OptionsContext *o,
>       MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, oc, st);
>       if (codec_tag) {
>           uint32_t tag = strtol(codec_tag, &next, 0);
> -        if (*next)
> -            tag = AV_RL32(codec_tag);
> +        if (*next) {
> +            uint8_t buf[4] = { 0 };
> +            memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag)));
> +            tag = AV_RL32(buf);
> +        }
>           ost->st->codecpar->codec_tag = tag;
>           if (ost->enc_ctx)
>               ost->enc_ctx->codec_tag = tag;

LGTM.
James Almer April 14, 2023, 6:56 p.m. UTC | #2 
On 4/13/2023 11:14 AM, James Almer wrote:
> On 4/13/2023 10:59 AM, Anton Khirnov wrote:
>> Fixes #10319.

Should also fix #10309 i think.

>> ---
>>   fftools/ffmpeg_demux.c    | 8 ++++++--
>>   fftools/ffmpeg_mux_init.c | 7 +++++--
>>   2 files changed, 11 insertions(+), 4 deletions(-)
>>
>> diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c
>> index b9849d1669..d89e28b9f6 100644
>> --- a/fftools/ffmpeg_demux.c
>> +++ b/fftools/ffmpeg_demux.c
>> @@ -736,8 +736,12 @@ static void add_input_streams(const 
>> OptionsContext *o, Demuxer *d)
>>           MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, ic, st);
>>           if (codec_tag) {
>>               uint32_t tag = strtol(codec_tag, &next, 0);
>> -            if (*next)
>> -                tag = AV_RL32(codec_tag);
>> +            if (*next) {
>> +                uint8_t buf[4] = { 0 };
>> +                memcpy(buf, codec_tag, FFMIN(sizeof(buf), 
>> strlen(codec_tag)));
>> +                tag = AV_RL32(buf);
>> +            }
>> +
>>               st->codecpar->codec_tag = tag;
>>           }
>> diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
>> index 62e5643a04..aab423464c 100644
>> --- a/fftools/ffmpeg_mux_init.c
>> +++ b/fftools/ffmpeg_mux_init.c
>> @@ -610,8 +610,11 @@ static OutputStream *new_output_stream(Muxer 
>> *mux, const OptionsContext *o,
>>       MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, oc, st);
>>       if (codec_tag) {
>>           uint32_t tag = strtol(codec_tag, &next, 0);
>> -        if (*next)
>> -            tag = AV_RL32(codec_tag);
>> +        if (*next) {
>> +            uint8_t buf[4] = { 0 };
>> +            memcpy(buf, codec_tag, FFMIN(sizeof(buf), 
>> strlen(codec_tag)));
>> +            tag = AV_RL32(buf);
>> +        }
>>           ost->st->codecpar->codec_tag = tag;
>>           if (ost->enc_ctx)
>>               ost->enc_ctx->codec_tag = tag;
> 
> LGTM.
diff mbox series

Patch

diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c
index b9849d1669..d89e28b9f6 100644
--- a/fftools/ffmpeg_demux.c
+++ b/fftools/ffmpeg_demux.c
@@ -736,8 +736,12 @@  static void add_input_streams(const OptionsContext *o, Demuxer *d)
         MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, ic, st);
         if (codec_tag) {
             uint32_t tag = strtol(codec_tag, &next, 0);
-            if (*next)
-                tag = AV_RL32(codec_tag);
+            if (*next) {
+                uint8_t buf[4] = { 0 };
+                memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag)));
+                tag = AV_RL32(buf);
+            }
+
             st->codecpar->codec_tag = tag;
         }
 
diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
index 62e5643a04..aab423464c 100644
--- a/fftools/ffmpeg_mux_init.c
+++ b/fftools/ffmpeg_mux_init.c
@@ -610,8 +610,11 @@  static OutputStream *new_output_stream(Muxer *mux, const OptionsContext *o,
     MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, oc, st);
     if (codec_tag) {
         uint32_t tag = strtol(codec_tag, &next, 0);
-        if (*next)
-            tag = AV_RL32(codec_tag);
+        if (*next) {
+            uint8_t buf[4] = { 0 };
+            memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag)));
+            tag = AV_RL32(buf);
+        }
         ost->st->codecpar->codec_tag = tag;
         if (ost->enc_ctx)
             ost->enc_ctx->codec_tag = tag;