From patchwork Mon Oct 23 15:20:28 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 44334 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:1b28:b0:15d:8365:d4b8 with SMTP id ch40csp1479559pzb; Mon, 23 Oct 2023 08:19:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH+vHg07WKW/I1d+IoOrtgoKcVrIBPY84tHle3i6LbG4R2fUeQs2isMSvLCWmabOzcLDx9E X-Received: by 2002:a50:85c3:0:b0:533:26cd:37c4 with SMTP id q3-20020a5085c3000000b0053326cd37c4mr11162617edh.11.1698074369154; Mon, 23 Oct 2023 08:19:29 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id c20-20020a50d654000000b0053e167a87d5si3425599edj.347.2023.10.23.08.19.28; Mon, 23 Oct 2023 08:19:29 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=YGk5J6YX; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 341D968CA28; Mon, 23 Oct 2023 18:19:25 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03olkn2053.outbound.protection.outlook.com [40.92.59.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CFF5568B991 for ; Mon, 23 Oct 2023 18:19:18 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kaYxLoGIqWN719THI5I9r4fudQz8CXUrsSCyDJeUJM8aRn8zBtMgtiXxlr8yGHQQOzWkLkcviOS64xCOpxWwV0V1LRlpDcN2OAyGrtn+bXfdyIFaMaAAMuIeltXDj2yzUjoq+YZcbGJzMaDCZAxsoayiDIMlPffPwAodr0uh4yBSsBxvqmSGMPsn0Ydrd6+YFICTkm0qI/t4LHoJx6oBfkYd4Y4CJ6cOYFjLn88X1dJD65WxYFXDMJm/NQwtNzO8e4zcK52QBr6Y0MPXgrBHjiXsqmcOcujD6R37O/V810sfuZv3OI5/2xC03XqUJanL1MIJOLAHnKEY5lRmndFsjg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OCijyX3d76qtYEFzpTV2WOBcICyVC78lpqYntxFiQOI=; b=mw5ljWsapOOkQRnuaibbUjjefJUe5/nQfNd1/ZecR3kLZtDk58BXhb0xlGuT1zFS9trfcONUt1X71lc/Li/ifzdscQxb03q1A3/RUb1LWWfgsO5V8RYeitLOvDASjNsiY2R9p1yE2oAkq7v25QnO/AbCQ/TfIdW9DJZY/eNQVThc1N66asKSMhQ7rxaSy9mT/aMbhepwqH2lAktWkIwjwGs90FLK+3ITCLN6hFSQ2Kqjhp+Eqaq8MByZZNfB7W5IvqcWAqdHKyaxH/SKfT1s3kDkdmiC1Qx9IB4BhTOhWjaBaa4pGsSE1yhfuEd+a+hxBQkBkmGIMT212K7JJ7W/Ag== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OCijyX3d76qtYEFzpTV2WOBcICyVC78lpqYntxFiQOI=; b=YGk5J6YXE3njwDb5qY1R0j/H4mBoe6Uql11m+SREB13tyEvhDFRM7zxu2h7Ic/PluaXgfP8N07KFbHV3CRKtji+gRyV5diH2rdUIhmY693mF4U0W8UlwuN25IQhyGraeSSoVp1LGhIn8+WbxZ9m8uAVhqzPx+TfwAcGl1htxt8lh/vISTnA/5dBKNZztSFlqyv2c24rPdFldMO3Dk4h8S2vhKvzoayvI76XuZUWYq5LrJHRFEJ9JVCdinaS0SHt4E0okcTS37qjRtXD1t6/5AMtqSHmdWvSscJNfElWr8mcXo4aRr/Q/sHXDe91EcNcF3AmkQiPsxTXcpz+qonDHaw== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AS8P250MB0007.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:35a::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.33; Mon, 23 Oct 2023 15:19:17 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::f59c:9cff:a42d:bde]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::f59c:9cff:a42d:bde%3]) with mapi id 15.20.6907.030; Mon, 23 Oct 2023 15:19:17 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 23 Oct 2023 17:20:28 +0200 Message-ID: X-Mailer: git-send-email 2.34.1 X-TMN: [gD3j+TEenvXoN4RjBCtUsCRQAw6zReHnJAPALGOR36Y=] X-ClientProxiedBy: ZR0P278CA0139.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:40::18) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <20231023152028.1039170-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AS8P250MB0007:EE_ X-MS-Office365-Filtering-Correlation-Id: 28dfb316-d395-49be-6f68-08dbd3db6c20 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7OY3DFE/oQn20EbWBNJvrkofeutvKgE6iCviCnV5yVmjkDiLdXn6cIUxeRfFUZfBUTBSlwobrbBQ/dcJzM69WScDJYDNaKZm0KTuA1JfN+wH5ji+6jvEZuxEH/GRLCj/F0YHfWTR3kTZ3HjRfbPiaLFWKVlXzxPJA3OL0N5yfWSK3A0MkaCZ4IkfPekETzLh+pbRgH3NEtjlvpAW/LibtwvPrFhOOgGGvIRr9tbpr1wWVic1ToJCYu12VcGcNlpDT2XJjR6AWL4ZSQc6w/ECJkgBNTVgeJ/1K/F4Kr6V7bSB89XmVEMZhCQvSgoz2EeIsffRt27Yr7wgp7djXSwpCyWAGgnKOBz+lO/MFgiLf2kS5sm/LYFzsDGlEXsOW1Dn234ug7XshujVX/2ZNVTMRdlmMR/Rf0ewSqbKABzcCUKLyG6MXdS/GSjy+omvHMiaqz29ig52T7yynL/78p81sf7R9YDVgsIs0kjUjtTps5ctwJp60i0/7e31dECa2BNp+99M5VmkcQ4kxM6G3RI1P1CXjZ6MXDOfgdNzZD29MF3kIGIoZdJmCx25fjF6S34Jp9kah2ZR1AeXdLO55JkjQpFa2L6Y9lTpvEMxi4lxVfJKf2aNQXnzDaSmWOx3trDU X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: bt+yH6LVlQRcYHPkK0dsBB4DVuOyz2N1j6OY7GOY67xnippU1mKwpe9BHU4n5IPHf+vHd/AY3a2fJLKsCc/0Q8nmCuWFUjFTmBbOFWco+NV7aoIL2ecezUpQ6esx6lHg8JPOzmYU0OjFgw3F54Xvu7QeslnJMpOWcg0ol3jrLwU78Hqp8ONmKeDoDvyw+AgGK6tIaORj1WmMkXjWmyR87P2MRIhA3EqhxQvfgvBMnHOqG1IFpoIz/DQgsUJgFV1WZCOi23k9lPzU2l6F9Q2E8NBxz3neE/wq2AG+bq3QPcZ/ZAEhLhYiwAiRnGvurMDjjnLQYLa2LE3RImeJRfJ0D7sZHsiKmmCZDNYXmcXe+jugNZW5wDC5lZDzytTHCbMzwHcXSwid+nWJ9B1caDQRfYy/oE21DlAD6QvHVEUNegCntrbfgyh53z5ogetDfLnXNA4RFhNJFUs1jxEnIEYt3DBSJFRFgn/m1RLfvYXdEQ3bhP9Rx87ni0BGq08iZDsSjKHpvwWi1F+FVyV1t0WEpDgpOWXhmizsoqfCVB44pZ3BTHAQZyImVG0r0mTZR/5TvbDH1svZ7AVlGMI5OMP/N5RUNUl4DlzpgjMODbezcvQBkjWK7zgdCdXfyk/E79h8WegdYznul8flS4VylSSn/fKMpw3FojQZV0o4UnaJoknAzWxyIRlGSvlQQ3azjwBvSlSIh0UNtZW1/kwi85uDVaRUwV9XuovtyG4yIKsjTChx85xCxx47n53eXZlRTgYMbppHj45pBg64WjQ8UT8mBKt92kLP+w1KCTfxoz5j2jMvohfeFdb+ThtDlF2R0GPd14+hvbsW4dMUH2xxsDpzFTt7OMoJmfOX8ij0zOXUeWOjoEIepuwpJ67PTUaiyy01z0Sm/xBRRoiTV0We5Q4iC2MFfNt9iRY18u+hIX7+hwTAMuGzkUD6tT/IvkwCWnlYygihfle+j2J13M6dwEgIrGIP/rxVhWEgxK80Jaqn74CoGNQMxtXZTpKYQyZvvAkkzli1E2Ii1oEjuil1PsBP0GKT/KRtlbU1JVBvdmJuPBoPkzi0U6ZMXKioZe++VeIQAb7VcbsLQM2N1BJHkcm0xtraH0GzjcEj637wMANiKb7Yiuq2q6EjfIWVMqYAD2lFz3TzfKF5uzV1IyBs9NlMKZgYmWsRI89U5tlch5sZhaiJu6cMORTYdQemwGxp5UMCppzDTiC+mwfzRXB16cNcLtaysFKnG4aC9xMUgPD0FT0K2uo3i8bHa/ek1GF2pK/z X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 28dfb316-d395-49be-6f68-08dbd3db6c20 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 23 Oct 2023 15:19:17.1451 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P250MB0007 Subject: [FFmpeg-devel] [PATCH] avcodec/cbs_h2645: Fix leak of SPS VUI extension data X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: qbn4mjfzEIzy Fixes: VUI extension leak Fixes: 63004/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4928832253329408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Andreas Rheinhardt --- libavcodec/cbs_h2645.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c index 470f60b95f..c48a06b241 100644 --- a/libavcodec/cbs_h2645.c +++ b/libavcodec/cbs_h2645.c @@ -1989,7 +1989,17 @@ static const CodedBitstreamUnitTypeDescriptor cbs_h266_unit_types[] = { CBS_UNIT_TYPE_INTERNAL_REF(VVC_DCI_NUT, H266RawDCI, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_OPI_NUT, H266RawOPI, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_VPS_NUT, H266RawVPS, extension_data.data), - CBS_UNIT_TYPE_INTERNAL_REF(VVC_SPS_NUT, H266RawSPS, extension_data.data), + { + .nb_unit_types = 1, + .unit_type.list[0] = VVC_SPS_NUT, + .content_type = CBS_CONTENT_TYPE_INTERNAL_REFS, + .content_size = sizeof(H266RawSPS), + .type.ref = { + .nb_offsets = 2, + .offsets = { offsetof(H266RawSPS, extension_data.data), + offsetof(H266RawSPS, vui.extension_data.data) } + }, + }, CBS_UNIT_TYPE_INTERNAL_REF(VVC_PPS_NUT, H266RawPPS, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_PREFIX_APS_NUT, H266RawAPS, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_SUFFIX_APS_NUT, H266RawAPS, extension_data.data),