From patchwork Mon Aug  7 00:49:49 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 43155
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:9329:b0:130:ccc6:6c4b with SMTP id
 r41csp1303327pzh;
        Sun, 6 Aug 2023 17:50:38 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IGnN//A7WeiSpuqy4C+Rc9Eao32HT+CbT2e7PeEVCzv1Fo7vcY+RXyiT2R3zpereL7m91An
X-Received: by 2002:a17:906:2c7:b0:99c:b0c9:4ebb with SMTP id
 7-20020a17090602c700b0099cb0c94ebbmr5996735ejk.48.1691369437831;
        Sun, 06 Aug 2023 17:50:37 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1691369437; cv=none;
        d=google.com; s=arc-20160816;
        b=lNXS5C5bR1keX4+7IAjWp0dPHSUbJIFH4EwbBVmhpeCDf4MURNcDJfT9YXqZHJvP1W
         ld4j1n1iZ0YKCfOw5GE4k65OQlBuMMA9lOxYe4P0CK3qtWmXlXlNMcx/lvzSHI6utEWE
         3HbNoUoDn4w66Y1Xvia39X4HJB35yeihi1GmftSQbPZLl0dH2WvClOXejOXAlyyD5+6l
         mGqz7m6CURXoqCeLL8LiL80Odj0/E7yOxPwBpR7xDJAuvEYgMptX4azO7zpgV5ZD2Qj0
         1LV2Vkd7iXCpMGqTQmlwpS0EAOQOFjcnYwxqeujIPziKwjS1d0SOvW5mjTk3fngngBwp
         ffwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:mime-version:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:references:in-reply-to:message-id:date
         :to:from:delivered-to;
        bh=fFxOSEbVl8WsRag0Rgz8j4aPQ4Bqmy/KCuOPLKWL1gI=;
        fh=YYwLYmpaV0Fpw/rxmSKNRLS2XzDkAlGbHATiKOPtZrY=;
        b=hG63fjutPqXMzwH7j9GuXyJMQ/oYMnEg2jdio6P6urOHnVgHr5s8v4RS2Vz+cjd6ag
         RnHwBTzJjjTrdxOS8b1ov5Kdtsx1nFLzuvaYJB2a0aYLadMf0jCAW02/74RgHl8eCarZ
         n9uA1u57bOOCWXvAfTW28t9VVj6vA5rlrjITDLaMD0v58c64liE0C8tcJJ2gTa2MYstS
         5EzySTRPoDAAmIUi4TOJL/CEKZTYrvulath5fYEDCdp0CA3qvuoMUfcpkc1yfZLFiL5Z
         oUz99dudBB1Z3SsLPlGAgmtRkno1B9OnLUN2f1qLGlRWUC1o6I7AFrAYwCXkkEctrwyU
         te2Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 f25-20020a170906139900b00987ae307f0dsi4329176ejc.587.2023.08.06.17.50.37;
        Sun, 06 Aug 2023 17:50:37 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9E23A68C773;
	Mon,  7 Aug 2023 03:50:02 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BEBF868C4FC
 for <ffmpeg-devel@ffmpeg.org>; Mon,  7 Aug 2023 03:49:54 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 3387A240003
 for <ffmpeg-devel@ffmpeg.org>; Mon,  7 Aug 2023 00:49:54 +0000 (UTC)
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Mon,  7 Aug 2023 02:49:49 +0200
Message-Id: <20230807004949.31634-5-michael@niedermayer.cc>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20230807004949.31634-1-michael@niedermayer.cc>
References: <20230807004949.31634-1-michael@niedermayer.cc>
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 5/5] avcodec/wavarc: Check that nb_samples is
 not negative
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: cbHY4zPr/4U/

It is currently probably not possible for it to be negative as
the needed 2Mb input buf size is not achievable. But it is more
robust to check for it too.
If it would become negative than code like
s->samples[0][n] = s->samples[0][s->nb_samples + n];
would crash

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/wavarc.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/wavarc.c b/libavcodec/wavarc.c
index 0dc5849679..4bdd548d5f 100644
--- a/libavcodec/wavarc.c
+++ b/libavcodec/wavarc.c
@@ -311,7 +311,7 @@ static int decode_2slp(AVCodecContext *avctx,
             return AVERROR_EOF;
         case 8:
             s->nb_samples = get_urice(gb, 8);
-            if (s->nb_samples > 570) {
+            if (s->nb_samples > 570U) {
                 s->nb_samples = 570;
                 return AVERROR_INVALIDDATA;
             }
@@ -587,7 +587,7 @@ static int decode_5elp(AVCodecContext *avctx,
             return AVERROR_EOF;
         case 11:
             s->nb_samples = get_urice(gb, 8);
-            if (s->nb_samples > 570) {
+            if (s->nb_samples > 570U) {
                 s->nb_samples = 570;
                 return AVERROR_INVALIDDATA;
             }