From patchwork Tue Mar 22 23:09:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 34914 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:ab0:5fda:0:0:0:0:0 with SMTP id g26csp764216uaj; Tue, 22 Mar 2022 16:09:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyYoySH4cT9tW2QyWx7VqJnT2nuaOkh5yS5qrumfC1mCmYBo8DWycpdDq1PwRbxw1hAiGGh X-Received: by 2002:a17:906:1e0c:b0:6cf:d014:e454 with SMTP id g12-20020a1709061e0c00b006cfd014e454mr28925300ejj.583.1647990588508; Tue, 22 Mar 2022 16:09:48 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 27-20020a17090600db00b006df76385b67si10521051eji.7.2022.03.22.16.09.48; Tue, 22 Mar 2022 16:09:48 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=ieOIQ9Cd; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6399C68B1C7; Wed, 23 Mar 2022 01:09:38 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-oln040092066052.outbound.protection.outlook.com [40.92.66.52]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1D9E668B1A3 for ; Wed, 23 Mar 2022 01:09:32 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L/n4CHLd/RIyoM15xu9cdXK8CJOe2rSyU2MNacSOrKQJL7/a/gMvNXQmz3WfTxUchnpjBX+v9rP2/C6PKcx9UUhkQXNu42Pn1XoRYRfPnlYSwOyTwN9oAxdlN/vvefDW/H69jVkfpI2PYJZppQICtAWhUCzL+qdpXUgiPtWyNMXcooRjnh3XojxO7GHMgUl8F3oL/MqQDoiMKrtH6KLKA2AE8DZT0z1GZM1wY58aoRQbdtuw1p/uOYJtDfjFDMNtyFCqLFHn5s0kO4/NFgDIPO22ktYnP4z+aLTAOClq96q2fOTIUhMc/autQDL39DddH5RwtYC/QtmTHZYpVwQvYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FWIaDPwYyArAI4SFX3ii90v/X0dreyTv2Kuhx3SFX5g=; b=CpAv8nGjZFLh1Sxv8CNL5EH011INQoEsvM0OR1wcS2lvwrvk0qHIK1y5U9SnBQYL+ddkQgf+Sd29muV08uVM8r3P5aYEy8IldfjCcKsu8+vQIvMmNnaE2V6BXbE7LLZOks75xfnWIwoz4NZzgtg2iZWl58SQeR17LPrnCoaGnwSyaF3SdSTBOSe3kO71S7Da9mMLZU5ZnzCQrh4SKyH+ikqbF3FdRDgcJ53LQqXE/O6lcchNihdadzUmRS9q4IQLlshzFCXPlB5ECwe4yD7e5F+ZaPqH2Iy5NMf+/kfIPqNLl67gRv7z5vQXy0Uv2IIUmmD5pU0VcTtz8qOaRqzEPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FWIaDPwYyArAI4SFX3ii90v/X0dreyTv2Kuhx3SFX5g=; b=ieOIQ9Cd55lTlEVaSg8W7k7pV5FMgn/NhKbGWEe0dGBUHWTPK8pwpYEMCDRFMPIc+tyr5zPmWgqeNQd5sFZdhDMIOtgewu8mxHfFbdLQA9Qb4i1jhJ7HlZDMXPSdGEjvo3OCim+IETZu9Z5Fr+adk1d86vnrhrLeQ9sH+IodUPIZj4aTQ4n65U3XCdvNkW65c52qMl8FvP3TNupOaxKttmk8ktK1+0QKDEaeVfe4H3jnUnWnp/pruOrWDyeJUXv7KyZsWN3LcVcG6KO2LHkJx8yYuU6gkAduDoITjjsW9+hHD/33s9P6IjMi/bb5RfoHcrM81g2GhAPMPsxsMBepSA== Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) by AM0PR01MB4468.eurprd01.prod.exchangelabs.com (2603:10a6:208:f4::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Tue, 22 Mar 2022 23:09:28 +0000 Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8]) by AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8%3]) with mapi id 15.20.5081.022; Tue, 22 Mar 2022 23:09:28 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 23 Mar 2022 00:09:12 +0100 Message-ID: X-Mailer: git-send-email 2.32.0 In-Reply-To: References: X-TMN: [ERP/NGB8kb+ecqszl76YH5webLxTTWmr] X-ClientProxiedBy: AM6P195CA0066.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:87::43) To AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) X-Microsoft-Original-Message-ID: <20220322230912.466724-3-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7e4db7c3-59e9-4254-9b85-08da0c59040c X-MS-Exchange-SLBlob-MailProps: +LiGfBxqLEuR8JRu/bs3HX1KZ0ZBmgn5e+GEA6zPFf9Qgs90IyXEdQcU3KgY2OBbuEVlueUxZ0gUKM82SzmlVRpP7fbpNzKy0NcvEIvuGgPNdaXBKzIv6qoJxrSm6Y0li2w2WHyKUc03JXiDLXDgulK7lvTRTRnCR9Vfi50Wwh4PwGwZoBWUuVkKlE4wzpg91tL1iu6zvw6JaTpKYfDEzoan7aoGdN/Od9ITpVhra75M6H/Q2AuFtAzeidP6Or+vRRtZy0K2uKbFLbFo+x4WKkKpirKdl3tl7SmZl4v9YSS0W4uYPUPsXkMp/QxyK6/A4yt3W64j+nkq3xabKEvys8x7BvqXY2Y8RcyK4qFuAI+IdFm5zaNPsnk2HCpmdQB/D8GAdO5uR/gavCrBYUZPOwgIWD2srSkQfQXE7rc1WjksA4Ar2XHyyMvtTTiNrKzSopHCZ9p2qu2Nh6vgdZn7QSOH28LPk68WVWNSJfNSNPUsO72eKpzimeyGQO5OCrxhWtm+aL1txi9OctfuxqWgOXwdZtLD5vdzFkgkI9uG9+/4NDKo3dV6XGtSHckDiF5jEMA+SDfZa6airINaj2AE+tResk3C1UPESH6lJ3aLXHOsW0Nz6moUNgTwrK9SGyrdS6l7nAS6lC4wY8ENjZHmoDvUBs6EzkxFS0FB+C/dTMuFDfQ/2ZzeBA9+Pf8A4T2++n76F80Zjq50/BSWIFmFyfGNTFKE2RvYqXSa/SdF9ghK17atc/FV5mCHd/f9vL+hMJZIzD5tSvxria9MMUU14cpbbZUP+z/k X-MS-TrafficTypeDiagnostic: AM0PR01MB4468:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WfN+67DAZc/3gLHmpOieI1L0xDY5VhL5/GCKBSIvbBiaUaR9qGtrHvRv3UqXa3rCU4hr7YN5bDFOY2ixlEGutLUX2scmhC0WZ1Ow0L9jFp01AobMqLi/tWrfiKKK5N12OWwRsiS++QLxjlBfY5ucuRWp2usowP4YF30J5fboaOh7ffsN6PwEh2itrzr7gE3hi5tO7486ae7Kl722kNvVV2KVtCbms0APPh28Iuw3dDrSgBAIhvOVtXtyJVHN+JabhC4sIYhiFmsqlbgVWHMSZf9/UMFlsym02vHX34sYn75Mdh5sgGJvBPs7o1l++IvscSemyngpTr88mquCBSJPSLgWLPeqdC2KmXsxDWEIIWkqoH7XJrYfwcXy4cEzvXy42pVO5u4H3/c3pZ6RMcVfHFepkD8PlkICBNWNc5GU3l5K6QAu9SeMcfK+m3aagBpsrdxAqcXjKqmquOMoJvX21h8K6gQNz/JIkrjopkMK92ygOVPs7D9hHFoVunnyBBtlbKSVgaD27kxXq+rFZlqDAhfNhhY4UhEooMhlQf/RWah8TiGrVR6cwS5haE92FmxeFDUQuFhwGyWPMdZwKjQdcFFiXhuCP51zDa/zBWXDYCBamloveh850OQxYhwm1YcG X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 7RikKUOUCMi/P2SoYQj/8B74LRzYU/u6gXMgmidUIPxVZIgtjAkvDYAdmoFO0XUlJbi44vLqKB2mUqEzv2M8TU648Ew1BDOCwZPkKXo8w52sT/iR59wckhbx1B255dzHpB+muJxcroM7ZDT1EqUqbrZ3b6gvMr/b5Z3QOlKyDINaR64gkPRDIMj72AKE33Vi5Jz4l4WJiBpv1Gg68Pb5wJ/1zQJgGqJogzH5ni6SG7PDQ/e41GtBopUieNy+9TRuMEzxuP/T0Jmsi6PMZtYebeR9ILkWNVZsHZp/it5Rq/x6ZfTGhMGhm0AoKdmEys/Sk53v9a7+8J9xz1qhVU+VsvJjNbqr7hOokmTwWJiAOgBoV0ZaQpB9mwECd2alRm7bEp0B2d/LXq46bUDrYyi3WTfnOliVbbasfUYT4MyL2kUQdh5raaTi3vWSrWKidrJRLqSvcwwGhlwuh92xdTBtDxvIEdQYZ+CV2U/5wSucQkhgXV+rJYlsGgeM2lFx1xdIVznfyMZ6PDIY9nqXMFBAn0ZSH6pnpp1ej5yNvCBi3qYi/EjjnYG8HO19Rt3OpcsOJK6exL955iYidwmhxB4HBo8VSpfDaTxTh0YzQSE/bsQHBIoYh7zK9XutCaqhDTP42NiL+ii4k7HZ9kKSWakn9nVwvxFrnxjfogM7Clq7VRAkj8lz36ynMJs746sLME6Kd2khKrl1WqQYnddaPt5hgBN0JkgJzONVM1130txsevsC+eNsZgXHuwvdGm4Ce061aIlqQrALRP+C3SfdO9JeoBgWndNQ9+Doz9tDjDWGpblQuKAzbgb5+nxZqgSDsz/X9oUM46cStv5jD2351BJL69t7unEkkyge1evNYYFMscAI5/BnFU0Rr/Ul5rtdsOzObr+JORB9j6D6LAz6cGFqclUOCYZxlZ4oygn4UTKt5DJCjuGRQMj1XW95ybB4Tzd9VddChJqs9vkColcFXn0KT+4qOyDtS9HwQ+B23chX91dGWteyQqQzbH3KW462Y9EHcehJf7W7oyY7UZ0cLraraJhhWQ1zanu0nM9F5lMhJklUiN509Y1s6+XeGkrqyWpfpr/gAgeOjXXprLZTyu0xqQNnC8KuV0YWb+gGmpmPq9INUnp9dcilUoLb2ycyFIdsva5Mqj1E1S8R1/26vHBuGBQndw7fxZWXHnq7OZ/aunQ= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7e4db7c3-59e9-4254-9b85-08da0c59040c X-MS-Exchange-CrossTenant-AuthSource: AS1PR01MB9564.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2022 23:09:28.8573 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR01MB4468 Subject: [FFmpeg-devel] [PATCH 4/4] avcodec/vp9_superframe_split_bsf: Don't read inexistent data X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 0NfEAoaz0uFv Fixes: Out of array read Fixes: 45137/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_SUPERFRAME_SPLIT_fuzzer-4984270639202304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Andreas Rheinhardt --- libavcodec/vp9_superframe_split_bsf.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vp9_superframe_split_bsf.c b/libavcodec/vp9_superframe_split_bsf.c index 7f0cad1ea0..c9cf21b541 100644 --- a/libavcodec/vp9_superframe_split_bsf.c +++ b/libavcodec/vp9_superframe_split_bsf.c @@ -51,6 +51,9 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out) return ret; in = s->buffer_pkt; + if (!in->size) + goto passthrough; + marker = in->data[in->size - 1]; if ((marker & 0xe0) == 0xc0) { int length_size = 1 + ((marker >> 3) & 0x3); @@ -121,6 +124,7 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out) out->pts = AV_NOPTS_VALUE; } else { +passthrough: av_packet_move_ref(out, s->buffer_pkt); }