From patchwork Mon Aug 13 22:35:46 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jacob Trimble X-Patchwork-Id: 9982 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:104:0:0:0:0:0 with SMTP id c4-v6csp3667086jad; Mon, 13 Aug 2018 15:42:47 -0700 (PDT) X-Google-Smtp-Source: AA+uWPxqz2iB2hTutG/yPZVWfqwvEQYoRix0XPQ81CS+aw748uSKY5vq/195QLSkSCSEksFWXwHT X-Received: by 2002:adf:ae5a:: with SMTP id u26-v6mr12222934wrd.246.1534200167818; Mon, 13 Aug 2018 15:42:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1534200167; cv=none; d=google.com; s=arc-20160816; b=h6VEU6SqW2+rD8/E0G9BCrkYLSyrA3KIZvaJn96VhRff28S2+3mQz6irImW1fA/0Qj quo72IxZ6aD+hYTUvkrjnG6UWBxf+zdaMo5fGgyvvSM7bN0Di44f//ssftF/fzEFWUDz aDNSttC+8tAieQKwpI9Hfz7ORbpIi4iIHI3hayXg1Z2Yf02P1BE+k1PaURTMLnQuVvH3 VHmnK6wX9f/JO/CPMANhTUsnPdBcoAHd+Ui1fBdE3J3fGpNQt4WnMGCUioePgr87Bqp6 EsXCgxxIfbA4xvxN1NCMOSYQ+SJGesdvOal3kJrnYs+A/TGZQMHxu4ehxj+5o2K0xOgy kJOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:to :message-id:date:from:in-reply-to:references:mime-version :dkim-signature:delivered-to:arc-authentication-results; bh=IJA4B54D+SPdb4XkLKOPouBIA/pMp7nlSvr0Km16xTk=; b=VGKw1WkNTh+BWLZm/sJoGU6mvmidwAPJY6SiMRtwOCW1lZbF1PYsi+9bVRcL+NIGL0 qm5o3O8zTl6gERbHHkDIiDjg2G/BYWcsu362dfgGc7WaD9IzqWfvADF9hIIrp1P9eTW1 FljrQ28R8g00N9EBIOCvNbBBp1iYeRgnO8cbnv7XYjEkE4zfHb2yUTXTR4CjZKe9B/ep vEkkCkhQCMRvNdKvx7aP5a9RQo5GDB3hcv9e3KVPZqhZOal8rlnYaw0Y3KDTK2+BpcJ6 YC5dIvGUbKTY5kk+g3lp+0sOYIh9HV+eGmQspzZVZgVA4BADc6Dix1fZSozizH/g77dq SChw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b="s/qz/h/9"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id r7-v6si7921242wma.141.2018.08.13.15.42.47; Mon, 13 Aug 2018 15:42:47 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b="s/qz/h/9"; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DA81068A4CE; Tue, 14 Aug 2018 01:42:22 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-lf1-f42.google.com (mail-lf1-f42.google.com [209.85.167.42]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 60599680353 for ; Tue, 14 Aug 2018 01:42:16 +0300 (EEST) Received: by mail-lf1-f42.google.com with SMTP id u14-v6so12437425lfu.0 for ; Mon, 13 Aug 2018 15:42:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=jZ1dFgMB/43OrSbVNVHq0+c59+eZYSfW1MU0h77+11E=; b=s/qz/h/9cmCvHSWhRmECRu+XkUCWUzln3+TZde0gjnQPHMka5IwMhKsGqV1bqK1j2b IMyZ/m48cc19d2eN4AM9kqJ/tba0Ve6Cxsa6GtUUrbbIkBGnhZtj3Q8g3tvHC+XFFfSP uZXKNAaDTWfNHQ5sF9e0cMqfmtO7a0+WQtCRBex+9w6j11saexIS/3mB95VIaKeF7Jrj mKVfK5VvWAb2YHy3dhTGtd4QMce0EEMBldna2+dU7cq98OfX1f8Lt7DnX4ZAJg7ef0Y5 VTBV1KYRWEd7E3BtSeKIQtvjp0vhSyfdYAGZhfnrT2bDZ/MIHXqhelgbve4w/ulx/U12 H87w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=jZ1dFgMB/43OrSbVNVHq0+c59+eZYSfW1MU0h77+11E=; b=um5How3QYjDRdb6Z0OQvHx60wRFvk8FP3KEfs26be5gM032RGLExmlUFYjnqh0+0C/ 7ZcOFSq0jFMf2w8v4u9Qfh4OmDvifuhu0+wn05153XmId7g+VhR044taC+CaO06+uKvw OquwxEuv1PwDg8y+T0isVVJHNX/cYsh0Qm8GY+4wKBvL+/SJ8CFdhFCJM8l7tBD1TSbT n1cLXiT5jVc/YKtXosDevijSXSX64aOm/yAfFm7mi3HoKbIyxYe/Ekli1iCpfZ/7/hjC 5YHfn3OsKe6WhOPJFfon8S6aBDyVvl17l4AzrSwBPdLnYB4N0DuRLjdZKqp4ezd9L32X F2wQ== X-Gm-Message-State: AOUpUlE8iTyQ7fYHPnZizaTkxrF+50UALEF8VsQxzPi3YC6Tid8DYY6U +aVuMT9VNmwzxNe1b4ecMe5G+uYaGiGRpJ+o612OLXm7 X-Received: by 2002:a19:1003:: with SMTP id f3-v6mr11916562lfi.116.1534199758144; Mon, 13 Aug 2018 15:35:58 -0700 (PDT) MIME-Version: 1.0 References: <20180813222228.34818-1-modmaker@google.com> In-Reply-To: From: Jacob Trimble Date: Mon, 13 Aug 2018 15:35:46 -0700 Message-ID: To: FFmpeg development discussions and patches Subject: Re: [FFmpeg-devel] [PATCH] avutil/encryption_info: Fix size calculation. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" On Mon, Aug 13, 2018 at 3:31 PM Carl Eugen Hoyos wrote: > > 2018-08-14 0:22 GMT+02:00, Jacob Trimble : > > Fixes: 873693 > > This does not look helpful. Changed. > > Carl Eugen > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel From a822b6a1f0bba9f36314d9c8af1b9eca7c0bc406 Mon Sep 17 00:00:00 2001 From: Jacob Trimble Date: Mon, 13 Aug 2018 15:17:11 -0700 Subject: [PATCH] avutil/encryption_info: Fix size calculation. Found by Chrome's ClusterFuzz: https://crbug.com/873693 Signed-off-by: Jacob Trimble --- libavutil/encryption_info.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavutil/encryption_info.c b/libavutil/encryption_info.c index 3b7e16cd0c..812c704776 100644 --- a/libavutil/encryption_info.c +++ b/libavutil/encryption_info.c @@ -297,14 +297,14 @@ uint8_t *av_encryption_init_info_add_side_data(const AVEncryptionInitInfo *info, temp_side_data_size = 4; init_info_count = 0; for (cur_info = info; cur_info; cur_info = cur_info->next) { - temp_side_data_size += (uint64_t)FF_ENCRYPTION_INIT_INFO_EXTRA + info->system_id_size + info->data_size; + temp_side_data_size += (uint64_t)FF_ENCRYPTION_INIT_INFO_EXTRA + cur_info->system_id_size + cur_info->data_size; if (init_info_count == UINT32_MAX || temp_side_data_size > UINT32_MAX) { return NULL; } init_info_count++; - if (info->num_key_ids) { - temp_side_data_size += (uint64_t)info->num_key_ids * info->key_id_size; + if (cur_info->num_key_ids) { + temp_side_data_size += (uint64_t)cur_info->num_key_ids * cur_info->key_id_size; if (temp_side_data_size > UINT32_MAX) { return NULL; } -- 2.18.0.597.ga71716f1ad-goog