From patchwork Sun Feb 18 02:41:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 46334 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:dda5:b0:19e:cdac:8cce with SMTP id kw37csp572867pzb; Sat, 17 Feb 2024 18:39:46 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXEnov698dfe7CYDxztATXOhyCs671QkPG3PVLDzK8vV3aSdC+9+G9pxa3jv0MICm0WAV3wBLllOInFjTIyB5fgq69mJo5U+bB2/g== X-Google-Smtp-Source: AGHT+IH4CTEHR5D2mmPasJ6RkmlNevdrLAo0sW58oBO5C9OmXMk4X0nTQFa/O1/08uM5ASaW5UIp X-Received: by 2002:a05:651c:548:b0:2d2:2e6b:dd5 with SMTP id q8-20020a05651c054800b002d22e6b0dd5mr1797862ljp.39.1708223986519; Sat, 17 Feb 2024 18:39:46 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id m16-20020aa7c490000000b00563a6b8c24fsi1257302edq.53.2024.02.17.18.39.46; Sat, 17 Feb 2024 18:39:46 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=BslHNl0H; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9C66768D314; Sun, 18 Feb 2024 04:39:42 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn2059.outbound.protection.outlook.com [40.92.89.59]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 39F0468D164 for ; Sun, 18 Feb 2024 04:39:35 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YDOHY5eK8V4p9i6BbOJ+/v8Or3UuVQVnDaQMFcqKeCmUrrpmMMxDXzhiY3A8XKkb2eDWShY+eqQWEltvWYvoMPjyK54hKKJDmUJGO1t9OJon9ZBgdblw1SytibEsAckDhJ+v3eY3oSeBPeVqXBgIRfaSQxc8rzg0B2J81A/vyhO11Z0q1SMI/91/2skqp3Yu5pTDT6yI/w0c9+2aIYOtnTNgASbxLtZKPL5t0ASNHF3MSrpmUOPXKr2L6oUWsCmtF5O7JSFi4iUpZ0Do6Dy9PjWlwhZ7ZR1T6lUXQBKhxr8aPrQvXKrvWBD6LBKBwcP2aqr5KLT0I8xJRLg1mHbIWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pbIzTvFTFTg1M6yIfqT6O1W776WVSIGr7fSMBay21/k=; b=Xsp23JlvxBGL7nADrvY18eCmdTPPM/8E1JFmlr4fEaGH24RFArM165WxmJE00LAzuU/NmldE6Dm8VizZ28bKy5lLMaUaqICgZIJzFuOrvYbheBV56m7SGjU89EX1wdwuNfDV564v3wAKIkfb5RGlYWyBH0kYw+UFcw87a4MtEoLPOSaDIn1DdoLxXg54c73d1pJuM5a3TYhGn2gpe6FDQdmd/Ia+LwCR3aPk55mYcj1YvTS92wZNW3KbNcyyNjsAgevC17x3IFF9pcpv+Hs4RG5eO10ISAYqpz9TCKXvq3sRGHu82FQSl9l/V75hjKhwguhZownYy8cG4AvP2QpTcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pbIzTvFTFTg1M6yIfqT6O1W776WVSIGr7fSMBay21/k=; b=BslHNl0HT4w8XE6Ry4Ii24s5LFKU6SkLnhi4T+1DrC4mB+lIh6kR6H5SQbUPWwiiSRFcAqAmt0WZBdw39OuB5CtFYTPMxV0Y7oznCLKicIw+5zf4rdP+VyZUFKD6DMndHo6uzFrEjVpgv/1ZhvO9w0NkyvtIhSWboCcKjKxGAYhqe7iC8yGp0HtasZZHG7bustP36JUyruottYeXfzS6fA0GYjqPRWVi256L009x6FYIjynITDHCx9ENja7bKTTQ/ciOoYC15oAgcRPR26SyMjWcpxG4j8i4wYteoYTpCvbgzk+DgVKIejZdeQ0DzPwpt2oHvc/kpvUXqCxqvIxAzg== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AS8P250MB0054.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:359::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.32; Sun, 18 Feb 2024 02:39:33 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d%5]) with mapi id 15.20.7292.033; Sun, 18 Feb 2024 02:39:33 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sun, 18 Feb 2024 03:41:18 +0100 Message-ID: X-Mailer: git-send-email 2.34.1 X-TMN: [Z+cqevV5242ciOYefVk5Dg+EqaNs6e0KgNYwArGtZ1M=] X-ClientProxiedBy: ZR0P278CA0094.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:23::9) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <20240218024122.3102927-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AS8P250MB0054:EE_ X-MS-Office365-Filtering-Correlation-Id: 84af8fde-b71b-4ba1-24bd-08dc302ad684 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 27Q+NWsBdWSb5bAkRKkncmQER4Gr91unGPql2pE9wBZfL0HFeChOGidP/bGbeVWhZTnbRuZEke4Unef2wpTXh4g+y2Scv5dUrgPGaqcpLKNKDOHqT0zJqYFsolQMfupAun+YYXlEtDdnABEj1ozZ/nONeKr8pKfKjHze2NQkkTw8Sjf+oomjF9xE3QT7l8Y3LVLXhmJ37AQm0iyHFjQX0nx02SCb+h/mrgiFwPNtafgbjAM9sDo3xIAIHSXmRuUlauZa1CmKfyF9ggyHoN/WXAKGxrRsVtSRdFqvfk0F9RE67+V9cA3QY+r+qd8d8USkbspgLlSWonPk2fxbI/HrdQ8Qeti/mBSVi/lklRuip9enPVYZu9uKjsZnEA2Ra7fF0WFZZGMbN5NcBTzT48ylmsBKQoPh5bOIQDBPksvs1wxj/8rWEnIf0wPX7S041yP5KOE5VKEGDDfDp3FU/cHDr9bq3QbtW4P4apwdDeDbYsiRPtggxaHeVVeC125vm5Oc8ksISS+JuBfjoimNtLpJB0ckgRo2KJ6zZYlvgmu6p5htRQUamAc7j0yD99ffzgmC2RIMzuBHEXeQAhkVrPdYcZWbn7QByDRVq4X+eRuxbO4M+TDAue0b7hvHYHL/jRBb X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: SZFmheKR2qyUoNV6+PZfkB+b7LRx3xFuXLGP7vhYuUblB3RRK4LYRMz0UlZ9r3dnmMCcQPT6+J283SZoD+Ryk/dUYVoCyXwhiyiPSPCQQh7DJrarODEquQngklaehNgck7EtPlLm3ACwp6M/DXXIVcT7mxrIHvaiRthtB2+J1fKD7r2j/w7iZTnPvX4Lfttd5wpqYmYY7t4UDiAgv4Ku01Xal+8MqpPUziZwsEsUhwo2McbSwQfYfl5863si17cXrcP+bm0sJVXyxv9rmQjGT+aedNT36aHPXbUxeS3Z3rPeFnGzs+g40zoAUQ/HgqoaxDgtiXkqPbHYaPHkvYbNs3sE7RXa3R9EPBwHF2UeZbNc5fHZVRwz4Nt+Da/YIVY05gXivK5HedUyc/dfJseFoQFyDUd3AGVPt4cgqjc6p1tMbbMV4DeNVaHbEhfoW//KXrkNXQj/tdn3U3c9x05syQOiZIkQQxsc4BuEdpyO+eDISeDAjllR+/VVQOzwj2UycAXRtLdyYYXRsYK3rkSoFQv8oDceGeXrtLx1v+HWqTDNSjL1S6r241Gm5XwGblP7qFB4/AZ7zV51QrqUdcPn2gb4YZxbbsymcwwHfKE9MQhRAh/AGxW1WGC9rIib/da/8MfYiLPMQObA79yfGWrD6khnj2AR3hwG14C2ehvYbvanJYfzLon61N+LFTIrbrdUj/S7VGuybcd0We5BHcgKeQb6zRiK/VKf3RXZHDN6waIRxaHqCbJ7mmwlAEF45KZDV/Rl8LRfrUhNwbU6emJQD1GWX5hhMN6EZEUp4Ir+ClEDAYhAsEAQSO5w5KSdx+tHoCWOQmVDVgUVVSgqsZD+YN5FNbIdd0BlI6t0QTmcKg5narLJqiGMI+WwtW25BBNfPs/n4WIMLytpkNQGUXsvqRNLBO3IF98i5I7E9fneCdOPRTPt3ts8ij4gAE7wC2odKqmmLPbYA0bY4DHR77ksn0a+H9vtJXyHSy5IoRlsX0lE2+QWMUZI8F9RPFbURL5MHvwDcC48geOyoHZ9QW7vG3QD2zkYzipBn7/FM6OyOuehS9NWiGT9cOsBjFDUGSC5WLzYtumluu/H4g3YkjrIMI56LPv1LJWQYl0Dh/T709YrrBp5SKgYcCSgKooZKcdq6DM0s83SRCUzn01Et1e5tq7DWkWyE2YMsFDWs7x0jYe0vtgt2v6FDihvaZAnncU0l0swsSpIxxnhDVZBTcDgVwKwMBQjO+UuugB+ye/Cyqot4LICXNBQKY+6yjogFmCwIu4i/KsvKJaTl/s+pAwjTQ== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 84af8fde-b71b-4ba1-24bd-08dc302ad684 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2024 02:39:33.2124 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P250MB0054 Subject: [FFmpeg-devel] [PATCH 1/5] avcodec/bsf/(hevc|vvc)_mp4toannexb: Ensure extradata_size < INT_MAX X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: kPqN7UPmo2As AVCodecParameters.extradata_size is an int. Signed-off-by: Andreas Rheinhardt --- libavcodec/bsf/hevc_mp4toannexb.c | 2 +- libavcodec/bsf/vvc_mp4toannexb.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/bsf/hevc_mp4toannexb.c b/libavcodec/bsf/hevc_mp4toannexb.c index 8eec18f31e..c0df2b79a6 100644 --- a/libavcodec/bsf/hevc_mp4toannexb.c +++ b/libavcodec/bsf/hevc_mp4toannexb.c @@ -69,7 +69,7 @@ static int hevc_extradata_to_annexb(AVBSFContext *ctx) if (!nalu_len || nalu_len > bytestream2_get_bytes_left(&gb) || - 4 + AV_INPUT_BUFFER_PADDING_SIZE + nalu_len > SIZE_MAX - new_extradata_size) { + 4 + nalu_len > FFMIN(INT_MAX, SIZE_MAX) - AV_INPUT_BUFFER_PADDING_SIZE - new_extradata_size) { ret = AVERROR_INVALIDDATA; goto fail; } diff --git a/libavcodec/bsf/vvc_mp4toannexb.c b/libavcodec/bsf/vvc_mp4toannexb.c index 36bdae8f49..1b851f3223 100644 --- a/libavcodec/bsf/vvc_mp4toannexb.c +++ b/libavcodec/bsf/vvc_mp4toannexb.c @@ -159,7 +159,7 @@ static int vvc_extradata_to_annexb(AVBSFContext *ctx) if (!nalu_len || nalu_len > bytestream2_get_bytes_left(&gb) || - 4 + AV_INPUT_BUFFER_PADDING_SIZE + nalu_len > SIZE_MAX - new_extradata_size) { + 4 + nalu_len > FFMIN(INT_MAX, SIZE_MAX) - AV_INPUT_BUFFER_PADDING_SIZE - new_extradata_size) { ret = AVERROR_INVALIDDATA; goto fail; }