Message ID | 20240711233417.1896879-12-michael@niedermayer.cc |
---|---|
State | New |
Headers | show
Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:2298:b0:482:c625:d099 with SMTP id fp24csp600844vqb; Thu, 11 Jul 2024 22:54:11 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWHit9WkBDw2ifmzxxia2ZWlRFtH4WmWApjr5uDNAKkOXzgMq1eGjOqQYIvREM+66aaPuyEiO/c+jgcGNe1bRoilowUciDqlLZSJA== X-Google-Smtp-Source: AGHT+IGllv/lzhDCCV7qnn+fpXDTmK+DxqMfQXhXgEPX3TTpGc7A5DEtfF7UAQi7SB68mN+Ad+tf X-Received: by 2002:a2e:3315:0:b0:2ec:5777:aa5c with SMTP id 38308e7fff4ca-2eeb30529b9mr87661081fa.0.1720763651253; Thu, 11 Jul 2024 22:54:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1720763651; cv=none; d=google.com; s=arc-20160816; b=BN1i4bH+VhP4MaEP96wsql/p6Lpos8rBgo9k++XbQAG0WZ3VZ3Cl5M0npIFIn6G347 KKITXNtcn6Of/REei/4nwzvycL1YIIGeXQDDeeEqz+G4bYbCrvwlWPBG+WMXanWQOait LopoNp47GJuiGcjqr1xRLapsS3G7gJfmZe1PpWCPviEYhDn/nWoRq9sTDthSTRJdzMfN IZosmQiJuegnfO3zBcAvyvPL13A5RlPGaS2QMylgB56Eoy+KrnZsvt98lsX5A2uT92R9 nMjDMj0yw/okHEjcg7nu0XPatTvr/ynjDR+gDzvXAgWSNFEPgbjRnzTM2mimfS70TxVT Q5Cg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=RWC1OLN3GIe45vyWD/94c/zZZNkmzbrZ8wJPn6bXkq8=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=HfGbGloyk0M4RIKZwIHDVrqLJfhjWFkBu5hefZvI+8jGj4Z/NOG6gtm15wO4VIICn0 j+KdpQdnWI5+rX5LWjiGo427wUEt95l7YynuRFeOgeTCe2I+KeHL9QAEA7qLsQMSxhzI Q50FAA2jSLUDiFxRMZtP6KjO+UM73en1PxRegeuU9oMwFDmXrp4e4FyBHnrh4uTRwV0h FQioUx1/8ZNxAVla9WRyni3jZty4Kyv+ViB2Ez33/BKAac6NGzluL+Izy1lROOov7NJr +zH279Y6JiyL6+eS9vnaQHNb9HUSEbrymxcg2HgrAX7TiIe08I0UAX/I32xC8Yz5hqjo Bo0Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=TVd+9Vkk; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: <ffmpeg-devel-bounces@ffmpeg.org> Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 38308e7fff4ca-2eeb348a27csi20069301fa.381.2024.07.11.22.54.10; Thu, 11 Jul 2024 22:54:11 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=TVd+9Vkk; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B35B468DBC9; Fri, 12 Jul 2024 02:34:34 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay2-d.mail.gandi.net (relay2-d.mail.gandi.net [217.70.183.194]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 90C5668DB4D for <ffmpeg-devel@ffmpeg.org>; Fri, 12 Jul 2024 02:34:28 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id CDA2540006 for <ffmpeg-devel@ffmpeg.org>; Thu, 11 Jul 2024 23:34:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1720740867; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=v2gZskAxDAlBTrRqZOboYKYO6yOn3hfYxDdwFn90vVA=; b=TVd+9VkknQb+L7GFKO6zAxIZc5A3dIFrW568/elRpMsJdUaK9IFWqqt2YM8T9vgUWfRpE7 UO/tXbZZ+0txZfdqghj2rXk1mwTwwiOaQd98XcLjOE6dy/rQIUyO5axDj+Fsby5DAS94Yd +GvhkXOhoD5iiCkyVTN6jTp1ewYkNDtGy2hESVN0c6thB8Mn5qW2vnPtKG+fi0DgtfMAaf o/fch4iKwGGBl4UUxYjDt04NSmyT2GFH3cPK1a0ByTcOG3HgSZTnyaaomTjuMHurRPXPTp PTdKjji/aOImhS1X8lJYv0liyCwRch6lrFIWVpldCTO7zws2GxdhzMlt0uxckA== From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Fri, 12 Jul 2024 01:34:06 +0200 Message-ID: <20240711233417.1896879-12-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240711233417.1896879-1-michael@niedermayer.cc> References: <20240711233417.1896879-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 12/22] avformat/sauce: Check avio_size() for failure X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org> List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>, <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe> List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel> List-Post: <mailto:ffmpeg-devel@ffmpeg.org> List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help> List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>, <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe> Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org> X-TUID: w8NU8VnYk2IL |
Series |
[FFmpeg-devel,01/22] avformat/asfdec_o: Check size of index object
|
expand
|
Context | Check | Description |
---|---|---|
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
diff --git a/libavformat/sauce.c b/libavformat/sauce.c index 150be4705b5..55d288d3aea 100644 --- a/libavformat/sauce.c +++ b/libavformat/sauce.c @@ -34,7 +34,12 @@ int ff_sauce_read(AVFormatContext *avctx, uint64_t *fsize, int *got_width, int g AVIOContext *pb = avctx->pb; char buf[36]; int datatype, filetype, t1, t2, nb_comments; - uint64_t start_pos = avio_size(pb) - 128; + int64_t start_pos = avio_size(pb); + + if (start_pos <= 0) + return AVERROR_INVALIDDATA; + + start_pos -= 128; avio_seek(pb, start_pos, SEEK_SET); if (avio_read(pb, buf, 7) != 7)
Fixes: CID1604592 Overflowed constant Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavformat/sauce.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)