| Message ID | 20240711233417.1896879-12-michael@niedermayer.cc |
|---|---|
| State | New |
| Headers | show
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:612c:2298:b0:482:c625:d099 with SMTP id
fp24csp600844vqb;
Thu, 11 Jul 2024 22:54:11 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
AJvYcCWHit9WkBDw2ifmzxxia2ZWlRFtH4WmWApjr5uDNAKkOXzgMq1eGjOqQYIvREM+66aaPuyEiO/c+jgcGNe1bRoilowUciDqlLZSJA==
X-Google-Smtp-Source:
AGHT+IGllv/lzhDCCV7qnn+fpXDTmK+DxqMfQXhXgEPX3TTpGc7A5DEtfF7UAQi7SB68mN+Ad+tf
X-Received: by 2002:a2e:3315:0:b0:2ec:5777:aa5c with SMTP id
38308e7fff4ca-2eeb30529b9mr87661081fa.0.1720763651253;
Thu, 11 Jul 2024 22:54:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720763651; cv=none;
d=google.com; s=arc-20160816;
b=BN1i4bH+VhP4MaEP96wsql/p6Lpos8rBgo9k++XbQAG0WZ3VZ3Cl5M0npIFIn6G347
KKITXNtcn6Of/REei/4nwzvycL1YIIGeXQDDeeEqz+G4bYbCrvwlWPBG+WMXanWQOait
LopoNp47GJuiGcjqr1xRLapsS3G7gJfmZe1PpWCPviEYhDn/nWoRq9sTDthSTRJdzMfN
IZosmQiJuegnfO3zBcAvyvPL13A5RlPGaS2QMylgB56Eoy+KrnZsvt98lsX5A2uT92R9
nMjDMj0yw/okHEjcg7nu0XPatTvr/ynjDR+gDzvXAgWSNFEPgbjRnzTM2mimfS70TxVT
Q5Cg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
:list-help:list-post:list-archive:list-unsubscribe:list-id
:precedence:subject:mime-version:references:in-reply-to:message-id
:date:to:from:dkim-signature:delivered-to;
bh=RWC1OLN3GIe45vyWD/94c/zZZNkmzbrZ8wJPn6bXkq8=;
fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
b=HfGbGloyk0M4RIKZwIHDVrqLJfhjWFkBu5hefZvI+8jGj4Z/NOG6gtm15wO4VIICn0
j+KdpQdnWI5+rX5LWjiGo427wUEt95l7YynuRFeOgeTCe2I+KeHL9QAEA7qLsQMSxhzI
Q50FAA2jSLUDiFxRMZtP6KjO+UM73en1PxRegeuU9oMwFDmXrp4e4FyBHnrh4uTRwV0h
FQioUx1/8ZNxAVla9WRyni3jZty4Kyv+ViB2Ez33/BKAac6NGzluL+Izy1lROOov7NJr
+zH279Y6JiyL6+eS9vnaQHNb9HUSEbrymxcg2HgrAX7TiIe08I0UAX/I32xC8Yz5hqjo
Bo0Q==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
header.s=gm1 header.b=TVd+9Vkk;
spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
designates 79.124.17.100 as permitted sender)
smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
by mx.google.com with ESMTP id
38308e7fff4ca-2eeb348a27csi20069301fa.381.2024.07.11.22.54.10;
Thu, 11 Jul 2024 22:54:11 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
header.s=gm1 header.b=TVd+9Vkk;
spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
designates 79.124.17.100 as permitted sender)
smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B35B468DBC9;
Fri, 12 Jul 2024 02:34:34 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net
[217.70.183.194])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 90C5668DB4D
for <ffmpeg-devel@ffmpeg.org>; Fri, 12 Jul 2024 02:34:28 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id CDA2540006
for <ffmpeg-devel@ffmpeg.org>; Thu, 11 Jul 2024 23:34:27 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
s=gm1; t=1720740867;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=v2gZskAxDAlBTrRqZOboYKYO6yOn3hfYxDdwFn90vVA=;
b=TVd+9VkknQb+L7GFKO6zAxIZc5A3dIFrW568/elRpMsJdUaK9IFWqqt2YM8T9vgUWfRpE7
UO/tXbZZ+0txZfdqghj2rXk1mwTwwiOaQd98XcLjOE6dy/rQIUyO5axDj+Fsby5DAS94Yd
+GvhkXOhoD5iiCkyVTN6jTp1ewYkNDtGy2hESVN0c6thB8Mn5qW2vnPtKG+fi0DgtfMAaf
o/fch4iKwGGBl4UUxYjDt04NSmyT2GFH3cPK1a0ByTcOG3HgSZTnyaaomTjuMHurRPXPTp
PTdKjji/aOImhS1X8lJYv0liyCwRch6lrFIWVpldCTO7zws2GxdhzMlt0uxckA==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Fri, 12 Jul 2024 01:34:06 +0200
Message-ID: <20240711233417.1896879-12-michael@niedermayer.cc>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240711233417.1896879-1-michael@niedermayer.cc>
References: <20240711233417.1896879-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 12/22] avformat/sauce: Check avio_size() for
failure
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: w8NU8VnYk2IL
|
| Series |
[FFmpeg-devel,01/22] avformat/asfdec_o: Check size of index object
|
expand
|
| Context | Check | Description |
|---|---|---|
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavformat/sauce.c b/libavformat/sauce.c index 150be4705b5..55d288d3aea 100644 --- a/libavformat/sauce.c +++ b/libavformat/sauce.c @@ -34,7 +34,12 @@ int ff_sauce_read(AVFormatContext *avctx, uint64_t *fsize, int *got_width, int g AVIOContext *pb = avctx->pb; char buf[36]; int datatype, filetype, t1, t2, nb_comments; - uint64_t start_pos = avio_size(pb) - 128; + int64_t start_pos = avio_size(pb); + + if (start_pos <= 0) + return AVERROR_INVALIDDATA; + + start_pos -= 128; avio_seek(pb, start_pos, SEEK_SET); if (avio_read(pb, buf, 7) != 7)
Fixes: CID1604592 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/sauce.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)