From patchwork Tue Sep 12 12:34:16 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
X-Patchwork-Id: 43713
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:4e27:b0:149:dfde:5c0a with SMTP id
 gk39csp2750894pzb;
        Tue, 12 Sep 2023 05:33:22 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IHmZCG+h4Y6pWUp7/VubBYHVUtJ6K6EhCSciwK61G0LZJOV/4BBh1TOw+ewQfD4aIlwNzDe
X-Received: by 2002:a17:906:8a51:b0:9a5:d74a:8b0a with SMTP id
 gx17-20020a1709068a5100b009a5d74a8b0amr10448906ejc.12.1694522001828;
        Tue, 12 Sep 2023 05:33:21 -0700 (PDT)
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 n3-20020a170906840300b009a1a248ae6fsi9035969ejx.876.2023.09.12.05.33.20;
        Tue, 12 Sep 2023 05:33:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@outlook.com
 header.s=selector1 header.b=FCWmizr6;
       arc=fail (body hash mismatch);
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CE2C368C9A4;
	Tue, 12 Sep 2023 15:33:17 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from EUR01-HE1-obe.outbound.protection.outlook.com
 (mail-he1eur01olkn2020.outbound.protection.outlook.com [40.92.65.20])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B21C968C99E
 for <ffmpeg-devel@ffmpeg.org>; Tue, 12 Sep 2023 15:33:10 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=gBb1jQCGnv3tt5ZE9OCOCJIL6+4qEyrbaetPGV1lT+Og0nCLp8qQa7OE/1FHFSy54jXhWD4ltWmMvrgplfg4QO3Fe/BrvgvpCTDLut5WlosR0zxyLIPCLRT4lHhM5GHQ3AEwJ6yWaRKW2VEdkvvN1G27vhJmScxc/HFbO/2KmprcwQqZK1O0o5MPBJ6Gnc9rBeJEFp5QqsFTAV41tSCa1dKCOyMtF8jiUU+oGl9ek9n1r3X0mwPuy7qTkuglUn7k80P2taqtfiFAT0RoNKgZ9LqyOokScejJkRwI/y5RhWBNnEJxrje0QQZwmX/Tqvshio1pyg1q4f9xl1zI/2Hpaw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=W+KQTk7geSqaN4PDAJbXYAAC3FXOSnyRec/B4fDw3YA=;
 b=huJNDPBRewZXLqWyM0jjFEhth03XY++IjYlcBCfEJOx/FO8PCsdV3E5IDTeuwhf8w/ktwd4KhozRAo7FxIjmB2F3qkp2r2rnannogHEdDDiAvGIUCK+8NdmkhV5rzVtsA6Ysjw2i3NveKM+t16sp+plcGx19tpSae562aPbL13xOQ0Gt7gIHS3PjLSiKaScvYULaCXpa79WrNed9fjshpIL2j8V0tL/OPJaGzUYT2UtURsAiu27FAhCcw4uKuNYFHS5zr68b+vcCsiXfZ8EyYd6vwN/kZCozRp+g7jRYaViF6GJgANPomhT5MO/Kym6SlryZVKPZn9NEEIxdSxQPqw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=W+KQTk7geSqaN4PDAJbXYAAC3FXOSnyRec/B4fDw3YA=;
 b=FCWmizr6+LKAKoG5j/fLSdC6jnXpjneNb9Q4SuW19m5/J6VFWf45Y5Dub5StaNLuEzNMGEO3+dTKZJ0xLe9BnoF7yy3mRGSqju+2MdTKo6TtxJG6oMskhLL16BBxgBo8DpD0Sn3HHKatg4JAVjon7GvBma9YE+ZZOU+3lf4Jxw6Op+rFgp5zGIH9ZXm3OV3+2xfDDTXcwnbONZU02nd5LBaKUIIXRXtUpcQFdtEPc/i+yE+NW6i1P8l7BqXBYPP2JBWN8Y+oFBqcx3lpYh9f8v1UIXbIwj0TRnlowvDDp9kgOhbwYeoL/04nMgSHN98GUhuKhvCLmZt7RVlV/93N0g==
Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14)
 by AS8P250MB0252.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:37f::15)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6768.34; Tue, 12 Sep
 2023 12:33:09 +0000
Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM
 ([fe80::5e01:aea5:d3a8:cafa]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM
 ([fe80::5e01:aea5:d3a8:cafa%3]) with mapi id 15.20.6768.029; Tue, 12 Sep 2023
 12:33:09 +0000
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 12 Sep 2023 14:34:16 +0200
Message-ID: 
 <AS8P250MB07447D52F00B508D3D930EB38FF1A@AS8P250MB0744.EURP250.PROD.OUTLOOK.COM>
X-Mailer: git-send-email 2.34.1
In-Reply-To: 
 <AS8P250MB0744C21B870FEA301D5BCE5B8FF1A@AS8P250MB0744.EURP250.PROD.OUTLOOK.COM>
References: 
 <AS8P250MB0744C21B870FEA301D5BCE5B8FF1A@AS8P250MB0744.EURP250.PROD.OUTLOOK.COM>
X-TMN: [4EE9AU2lV+KksSmiF9MhmmoaSUqxocKQ]
X-ClientProxiedBy: ZR2P278CA0051.CHEP278.PROD.OUTLOOK.COM
 (2603:10a6:910:53::6) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM
 (2603:10a6:20b:541::14)
X-Microsoft-Original-Message-ID: 
 <20230912123419.2065863-1-andreas.rheinhardt@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AS8P250MB0252:EE_
X-MS-Office365-Filtering-Correlation-Id: e1303dd4-0feb-452e-2bd3-08dbb38c6adc
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 PHjE8kRf5Poj3jlcddJqHKeIc+0MU+o0CZ9TUZdN03shbN3yrHBNf2/Q3AIU+bDl9hgRhj9cSFUiLDWXlmTVzwcFyBaIuZkLy1AjMg4w2/IRDiyAKY3LQiBt/y5qkgAICqOZJGAD2p/MtEsbtzAmLnRi/QlNFbvu1xz2IoAuY1J9K/2Q2iU6UAVgGW8VcCxihcY2KbTALqLAmkYPThOSxUzgOrUKGb751eBy4QJEinGn+k8vZlKLx9zotIbkpAdlYNgJtqfsmU1tG8UUZEMHt1Op/G2Nk1lAtFI9ZnfVBf02DuCyfSdMYfwKCSQslRAfWZ2qS7GXAT3HOqxRSDATGDWpiwUig0L6aryM0uaFmYRrQCvTWJ3pZSQtIsPNVvfrAsyHgsMqcP/mXjzCxx7aVVYBed0zt1+RgXwzV9b0OreKST1KIA9YSrfqUBi698mkLLXG23aIeDuuJ95dLI9LwCKmU9ELr2wfdnPHSVKvsbqr0fgEq3tPkz/S+LIP7I0zFx7oom+sgsVNj4CXUv2OV1lYHricS+eoyVryvajQ9yhtQvzSsKyDuQZARb0ncGM90ymWzVYUTiIjISlcvDkJjU7EGvd5MeqvVVXfQvDi4p1RtNZycNZNXSf6zWPlBxuu
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 uecOC80/CvEAQcqvD/I9McTQ3T27zlkz9DrjOfn4eGi06B97jMDlAlY3JgD6j7XnuQqIDGhXCvLQlIuKkYrk3TEOvhQFUD3uyoC2bj/P/ie5Mk/gbo9OZUsjwECcgXkfifVFci4ozwsHkfcq03Cg3qPVguyC8hK6wGvL7r0pCNU354R2S1UYjLZa3e2+F1YSvoSCBLO0CcQwaO8WlBCBL6ovygZ0hix9IwBxdSoYxhMibihOEL4ksYIJ3qvoVussW/9qEMx3rNgYLlim8BuFjZCgC+Ak5kCAJ5yuBrx30SM7k1CHwWWefZaafXoZX6Hk9/+TTp6+myZmNWGm3dS3+3DnSjSuVMt2ZDKb0t3fcEUSXaWb6Imtn7LexB64BDc+hSQ267kXjb2VJI4ELB5axOlPZM3ELGieUqadKs+90sMP+ZoKWSGqZNP4a60T8Ndx+1GpRBbh85VWbQSEELslxtOopymbHt+CoGFI5H3ofNmZpqWZMDXeZqhJ+7krVW7O/hIp9gBu9+HmA6zc6+Rq6qDoQpC22xeMR64u4ubGMnb91ww/GZtUwPdsEhJjbo7WQhAs/w4g6GKSjr8zp6GEOeNqsv5XhZxbFGf1TurOrT102w0ejt3eQc+UZUDsRhlwlXe57K3k5DWynYYsGdO4JsjeWvhJm6eMJkvoXbzQ/KvMs0zT6ymMomVYvTuyp4A/YPc/ywhAXWkfNji0YhNBoym8SNHsjoeRhcpR8esZTzavNjp5uVTYeOvNnMbjRcDahV18PMTcmeenRhPkBKWyN1+nhZXQBZEG0Z+cU8D9UgOE8FaNA7pMV3/cMQsAmGtySVVoVc20cic2wzKTeAB8svFKnh3RZ+XE1hPbIVOn7nSXONoty70ncIsyxyhgWo3Zg9JJGlhuQkICObl14VjTZpFL3GCC/078e80u0FzZFN8MDxwJPKzgACf6hbl3GbiDUBaLKWl+5V7DoUnPV2E1HgwY7vp0cIy0Lk81uKxICxToK/rdZhtcXl+DaXqfvYCxKdlkAg6blxz/jnMh8/GsO1272TKwPERaN7isX+0sDhCwjNMBCCLKF995jAZq1tsEb5WXZmG6LakhI3OQ7k05Ml8Vnx93qw+XTFdHiDlAswK2J2mEFiRVQ65cUgtrd3xOp525GSn16s4QssTGbuXPZ0en1WG76ArMKhhjL9t79vazbsOKHp4hRgWJ0HZdjUvIT75sjM+48Q6qJNWlMXrNd5tjyE/GywMuiAtajDIVELQERKgv24L7UqK8My3eHxlA
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e1303dd4-0feb-452e-2bd3-08dbb38c6adc
X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Sep 2023 12:33:09.5895 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P250MB0252
Subject: [FFmpeg-devel] [PATCH 2/5] avformat/wtvdec: Skip too big tags
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: tCFgd3ZrzTc1

get_tag() is not designed with negative length in mind;
in this case, it will allocate a very small buffer
(LEN_PRETTY_GUID + 1) and might call avio_get_str16le()
with a negative maxlen (which relies on these parameters
to be signed).

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavformat/wtvdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c
index 1103f5ba03..2de6dc2103 100644
--- a/libavformat/wtvdec.c
+++ b/libavformat/wtvdec.c
@@ -539,7 +539,7 @@ static void parse_legacy_attrib(AVFormatContext *s, AVIOContext *pb)
         ff_get_guid(pb, &guid);
         type   = avio_rl32(pb);
         length = avio_rl32(pb);
-        if (!length)
+        if (length <= 0)
             break;
         if (ff_guidcmp(&guid, ff_metadata_guid)) {
             av_log(s, AV_LOG_WARNING, "unknown guid "FF_PRI_GUID", expected metadata_guid; "