From patchwork Sat Nov 18 00:07:42 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Dale Curtis X-Patchwork-Id: 6150 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.161.94 with SMTP id m30csp1252335jah; Fri, 17 Nov 2017 16:08:12 -0800 (PST) X-Google-Smtp-Source: AGs4zMaYEsDvJsKt+ZCguGbpmJf30YVTssS+AZGCkFoBy1lHOCi5/WsjQU64J7iRNuSar1/OSESZ X-Received: by 10.28.20.141 with SMTP id 135mr5198369wmu.74.1510963692634; Fri, 17 Nov 2017 16:08:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1510963692; cv=none; d=google.com; s=arc-20160816; b=ZSIFRX7wlw3byevlQzTG6Ag9YkeG5iJZ9MQcsn15WAhT1ucIg3EB2fJlbqhLptrhsW cM7w2MnjxMlptxbzNbX96iSAW39wuJ/QrgyhL/KpOBDsUFxdkJbBh+Jvd+VXys7h0yoL C2qERQREHPeyvZlQiP2wJVwaeWxbb05u8xv3u7PuhhfCXoDITiNkalSbEF6Osxym+WUs HemLSURfTe1JDUKeI2C3PYyFIwLQ8pO+CNqL2+EtsI3AGBUodYzHBsRu3LtCCK8dt+6c v2URW8eIsDjy1QxkeVSf4N8amRPDMf6yXhXcXNQckZBD2eGdAeYA1apWgKYYOWCRQaFj T4Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject:to :message-id:date:from:mime-version:dkim-signature:dkim-signature :delivered-to:arc-authentication-results; bh=SoVSey1ZhuiGDlfBeiaL3My1SA61EdKDiuus7l0jQKQ=; b=H8re75a3fu2URKpW4Y6w6kJ81goLxjbMRF4py4CQtAc2bCvwSGokcl2Z7bANz8USYE 4xB9t4H0LKHu85S2/0OKf17D0sWSUUQMbt7/FUTCeKg/pfkcWBdtNUpQi18aeXaxsA45 lvk//d4/8y2xo20btnXLBzS+vr3ngSrpfy50zP+9GOqcHPOX18GHVd3unTHGbPXDJ6MZ 97/VpDYDBKq4V058NHNB0F1GngTO/vU13GoO2yx4nwHBlU1IcHYbHJG3AJC2X7zpBSGw GTb/Wpf3Nn4NZhwUGlUJ2lcxm6SpYWTMRXhdwvNOyL2NFrmRI2eT8uSzZ+3RphBPXj4J daGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b=tEiT8WCp; dkim=neutral (body hash did not verify) header.i=@chromium.org header.s=google header.b=AnQH/qpd; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t15si3557228wrb.533.2017.11.17.16.08.12; Fri, 17 Nov 2017 16:08:12 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@google.com header.s=20161025 header.b=tEiT8WCp; dkim=neutral (body hash did not verify) header.i=@chromium.org header.s=google header.b=AnQH/qpd; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C6F92689A2A; Sat, 18 Nov 2017 02:07:54 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr0-f176.google.com (mail-wr0-f176.google.com [209.85.128.176]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 170C8689957 for ; Sat, 18 Nov 2017 02:07:48 +0200 (EET) Received: by mail-wr0-f176.google.com with SMTP id o14so3438237wrf.9 for ; Fri, 17 Nov 2017 16:08:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:from:date:message-id:subject:to; bh=XcTaHisN3pWaaTwW8Ql2y0ZgAkuj/3bIkIFExAbF4ks=; b=tEiT8WCpHr9ionzDcDEZgqNTjhFXB5W90HYgkfH1ywEfaj+vlDVgP6mYR/1vQCKKkW sLw7mYgvJRgRc8aN+e4c34vfKIKBkSB+1QkdirrLVVPCeIGtpVNsqBoIpKvYysJVDbPe xAFp/DRsYq0hhZmz+7OKAYrzsXgAhDaxFK5mb6WYtA6C7GDg3X+VANk/6flie0oTa4bY e4/EJMaGgGJDOwrXh/Cz2V0pqVL1TO2TxoeBdo/I0vnN41v/4tZy3TeTjl7vnhxuO/5G RRFKO8knH+SLP57pElcQM/uzlk3EvzL7i98QO8l/bkXjbaCMsYVpuZgsYo6ZlCaPohCb Yweg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:from:date:message-id:subject:to; bh=XcTaHisN3pWaaTwW8Ql2y0ZgAkuj/3bIkIFExAbF4ks=; b=AnQH/qpdJ3CC9KOKXWYpiy88jwMHuqf2HQavi/AFp06oiklO/PVO9ZhOl5+bNDOkbJ hOqVgv3iPKDpovNklCDAi2xTBUUwg4p2a9rWn3lI+cfFJQSYJz+ALdGEBWw+Nwembo2O 3rxIfBXqnbtREucm741FBTuddRMpEG+xL/zmg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:from:date:message-id:subject :to; bh=XcTaHisN3pWaaTwW8Ql2y0ZgAkuj/3bIkIFExAbF4ks=; b=G/hlDoWxedbQgFkMmr3bVcMwcOoyQ6C4AQGepAnKteKMOQsGd4/ff69UUjEx+rXjld XbadlFl6erWE/xl100G4VKazoeJRnhNIIND8+fuuv2DjfaCBs3qnEpGC2Zu81Xz4azBZ H8Y0OYPN47TWzDEevAQiinLTXFqgiLDOKroV24UG1bHCRkejbO8Fc0PGwsI5p1y1H5HK 5d7P8sFuSncMjEfw/2ncIAyje+vtM4VuuYWcSLv7MSELZXWMGwlPphlINTXtvot97s9Z ngqCEe0YNhbLpe+u0qud3grI7h+wEbMHmi3pyO9NwjQUaqmFOL497mnyS8kW/aqPZCrN 6ahA== X-Gm-Message-State: AJaThX4VF7Ho8xbqbVYMm61AWQgEi6xpLVmUy1snw97z2iNuF0JRmS9y hpKMrFEXzdhaDrQ4IXKXKgGIMY7lMKibd/ZPc7XksCUlfgg= X-Received: by 10.223.166.235 with SMTP id t98mr5612633wrc.251.1510963683344; Fri, 17 Nov 2017 16:08:03 -0800 (PST) MIME-Version: 1.0 Received: by 10.28.161.4 with HTTP; Fri, 17 Nov 2017 16:07:42 -0800 (PST) From: Dale Curtis Date: Fri, 17 Nov 2017 16:07:42 -0800 X-Google-Sender-Auth: d8jEGnqCPQ89QzL728vmUC6N1n4 Message-ID: To: FFmpeg development discussions and patches X-Content-Filtered-By: Mailman/MimeDel 2.1.20 Subject: [FFmpeg-devel] [mpeg4video] Fix undefined shift on assumed 8-bit input. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" decode_user_data() attempts to create an integer |build| value with 8 bits of spacing for 3 components. However each component is an int32_t, so shifting each component is undefined for values outside of the 8 bit range. This patch simply clamps input to 8-bits per component. Signed-off-by: Dale Curtis From 0373fed23fb495161267607230e99c8ed36e444a Mon Sep 17 00:00:00 2001 From: Dale Curtis Date: Fri, 17 Nov 2017 16:05:30 -0800 Subject: [PATCH] [mpeg4video] Fix undefined shift on assumed 8-bit input. decode_user_data() attempts to create an integer |build| value with 8 bits of spacing for 3 components. However each component is an int32_t, so shifting each component is undefined for values outside of the 8 bit range. This patch simply clamps input to 8-bits per component. Signed-off-by: Dale Curtis --- libavcodec/mpeg4videodec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 76247c3b8c..93fa1d9973 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -2154,7 +2154,7 @@ static int decode_user_data(Mpeg4DecContext *ctx, GetBitContext *gb) if (e != 4) { e = sscanf(buf, "Lavc%d.%d.%d", &ver, &ver2, &ver3) + 1; if (e > 1) - build = (ver << 16) + (ver2 << 8) + ver3; + build = ((ver & 0xFF) << 16) + ((ver2 & 0xFF) << 8) + (ver3 & 0xFF); } if (e != 4) { if (strcmp(buf, "ffmpeg") == 0) -- 2.15.0.448.gf294e3d99a-goog