From patchwork Thu Jun 22 19:29:14 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 42278 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:be15:b0:121:b37c:e101 with SMTP id ge21csp3102340pzb; Thu, 22 Jun 2023 12:29:51 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7fbrvfVQ5jyC8CbrxPPAZH8856fxGzqsrAKaWyjmMAHLqx0axMBrOupse4GgHaMxXmNdO9 X-Received: by 2002:a17:907:6d8f:b0:988:aa45:826 with SMTP id sb15-20020a1709076d8f00b00988aa450826mr11893721ejc.7.1687462191023; Thu, 22 Jun 2023 12:29:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1687462191; cv=none; d=google.com; s=arc-20160816; b=0vqUTRcllT/YY+82hy1biRXlP52KZ2Fs+TWpUL84vrqFQJLkHYZJ4N4pfEQ9M+WgSu K7u4rKBPMOe/eA6KgZJMtIQlN5vMaFhcDxW+JiLcaOPMHT2coiqYf0I23czrwTq9VpRk 9hyCsdQvtMDpSpqHlqhHKy+yQhYeTBXO9ARvh8pT49PaWa1zKYEtX9Ek+HiIM6Lls/O7 rnVTiRRKK8eRgKUlnG4JTYqEq/v4Kwcf+jtfGxFuUHZ4q9BBaVUsWIEXwRY+yJBpZYf/ EeHzZ2TAsMvdlRRgb0tkyZ0Eu3YfO/rQPg8oR8/tbAIB+iVdiYs6c/ce9hlkzAGLp5Ez ATFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=2W5o6bNiPKPdCc784N04O2hcWNfvDBu9Rhih/tOoqNc=; b=yr8mg+14nHcHUuf3UbcU3ywBTn6ojRIw5cP0Lfvw8XRi8QvqAYs9dtjq5sfCw8LypB tVRIEudey67SZoKPrvgWbSIRwBGo1s37f52gcF50lTqTFfP99LtUeKehtWUdYlN75jt4 HPajDayykGfbUGv0EX+EEZsWlofAM6ky5nGjHAVmkiKegEYobWXJ1Khr+9/PKoFPAhEe ziGUC00JKw+W9gtomcZZyvJMcijH5HagqPW02MMCzmlY8rXa1u5ZIGuGOLGMTusLUZLE gsC5bYrjOJpuu6sGKJTohCXM+D+aqfVboeGum/EGVhPBUNgLKhQC7cMKyqSCdjt91M75 Hqhw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20221208 header.b=r4ydjbyf; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id h19-20020a170906829300b009877bb42154si437636ejx.465.2023.06.22.12.29.45; Thu, 22 Jun 2023 12:29:51 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20221208 header.b=r4ydjbyf; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4526368C196; Thu, 22 Jun 2023 22:29:42 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-oa1-f46.google.com (mail-oa1-f46.google.com [209.85.160.46]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3878F6801DB for ; Thu, 22 Jun 2023 22:29:35 +0300 (EEST) Received: by mail-oa1-f46.google.com with SMTP id 586e51a60fabf-1a9ae7cc01dso5383546fac.3 for ; Thu, 22 Jun 2023 12:29:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687462173; x=1690054173; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=3eQtO1yE5FEvfkVOqvwI52OOxA/OcmzccUEjQD151So=; b=r4ydjbyf1XJcJmXDk+q/0TQM70r4Gj0ts5yQpkm08kEImumOXGhh4NGMF+ILuvrfXO /MsMrkx8lni8G2neANvFdQcbAaKEZgrin+R+tg62COv5TLnuho7p18Cr+PuMRV6vcNrS Hky5Ue15Yf2XmVmJnamYdPlhxUoHd3UhGvrImjlnLfOLYjwsHmIytt3/Tww66KDBv1LS OBfoxJtTl1SeSpMcIE5LJNNER8H/vFVkx0ER5w3L0RTi0jNBoof988UNPaSbJY2CdwEo zS409AU5H2khCdzqYE/yRyId7qCAdkF0c0v1SSkWiPV0SzfXzVmhhpB7jv94bcFC0NjB 5GbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687462173; x=1690054173; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=3eQtO1yE5FEvfkVOqvwI52OOxA/OcmzccUEjQD151So=; b=SZs6c0zNzlFOx5RA8TaQ5LyzHXzR+bcNqqQgiWuIuja3upD+frFfcGdY4GIo73OGA1 XSauWXdDE2kyqrT4C2Qjmdl+70wmul2+3hlLq/EhNjYCsTrF50IYup/sIRUqZNz8RjnG QTZcSG7FgEvwXTrfIQqiy9Hg/ApmqBTOgdr5NUN8xyvCU+7hy75Mr3AToSjPT8+cOJaZ rO8ZEcyQDM8pRdCu/obBPNGmN+jw4a6txBCSz6vBAHtMu/C8VUddRt035KA23tBEosU9 beV7URfFVcQtTmkX58sR0onkHG3oVysm2tBaBw29AJBL7nUAt25Xqdj0xvKlFZvN+CMG l2TQ== X-Gm-Message-State: AC+VfDxM81EUAAfQZksS++GewMH1DkNkBOnoTVmCxVYKk06ntSwwTtdu hpcqFVw6CiSD5dmN76NmD/prgq7COJM= X-Received: by 2002:a05:6870:56a8:b0:180:857:d47d with SMTP id p40-20020a05687056a800b001800857d47dmr18173283oao.57.1687462173081; Thu, 22 Jun 2023 12:29:33 -0700 (PDT) Received: from localhost.localdomain (host197.190-225-105.telecom.net.ar. [190.225.105.197]) by smtp.gmail.com with ESMTPSA id w17-20020a9d6391000000b006ac75cff491sm3124631otk.3.2023.06.22.12.29.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Jun 2023 12:29:32 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Thu, 22 Jun 2023 16:29:14 -0300 Message-ID: <20230622192918.3638-1-jamrial@gmail.com> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/5] avcodec/evc_frame_merge: ensure the assembled buffer fits in an AVPacket X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: A7/mnGlMLlbQ Signed-off-by: James Almer --- libavcodec/evc_frame_merge_bsf.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libavcodec/evc_frame_merge_bsf.c b/libavcodec/evc_frame_merge_bsf.c index 121f93c0b0..3e1258c6c9 100644 --- a/libavcodec/evc_frame_merge_bsf.c +++ b/libavcodec/evc_frame_merge_bsf.c @@ -199,8 +199,16 @@ static int evc_frame_merge_filter(AVBSFContext *bsf, AVPacket *out) au_end_found = err; nalu_size += EVC_NALU_LENGTH_PREFIX_SIZE; + + data_size = ctx->au_buffer.data_size + nalu_size; + if (data_size > INT_MAX - AV_INPUT_BUFFER_PADDING_SIZE) { + av_log(bsf, AV_LOG_ERROR, "Assembled packet is too big\n"); + err = AVERROR(ERANGE); + goto end; + } + buffer = av_fast_realloc(ctx->au_buffer.data, &ctx->au_buffer.capacity, - ctx->au_buffer.data_size + nalu_size); + data_size); if (!buffer) { av_freep(&ctx->au_buffer.data); err = AVERROR_INVALIDDATA; @@ -210,7 +218,7 @@ static int evc_frame_merge_filter(AVBSFContext *bsf, AVPacket *out) ctx->au_buffer.data = buffer; memcpy(ctx->au_buffer.data + ctx->au_buffer.data_size, in->data, nalu_size); - ctx->au_buffer.data_size += nalu_size; + ctx->au_buffer.data_size = data_size; in->data += nalu_size; in->size -= nalu_size;