From patchwork Thu Jan 25 00:54:27 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Dai, Jianhui J" X-Patchwork-Id: 45807 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:120f:b0:199:de12:6fa6 with SMTP id v15csp1631170pzf; Wed, 24 Jan 2024 16:54:47 -0800 (PST) X-Google-Smtp-Source: AGHT+IEDYd7PYDZGmXGKiXchAy/crd0PRGyk2eHxb3Irw0Jo1HNxs1hghjeDfB0ZoPMsa4uFa7Dq X-Received: by 2002:a05:6402:715:b0:55c:4ef:f8ec with SMTP id w21-20020a056402071500b0055c04eff8ecmr139487edx.83.1706144086779; Wed, 24 Jan 2024 16:54:46 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id w4-20020aa7d284000000b0055a1e7baedbsi6997681edq.579.2024.01.24.16.54.46; Wed, 24 Jan 2024 16:54:46 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel.com header.s=Intel header.b=ckHu7qCC; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 77AA468D13B; Thu, 25 Jan 2024 02:54:41 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mgamail.intel.com (mgamail.intel.com [192.55.52.93]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 380DF68D11E for ; Thu, 25 Jan 2024 02:54:34 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1706144080; x=1737680080; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=BBlec3JO4d+fhuQpdCXQ3HbEfHv7L3iLy0eTlfgkyU4=; b=ckHu7qCCOplVh8ESleZH71IgOmXlxwWwrJ4fxVI60MSm87D90yNoQdFe qlvYno3rVfba1TsEIaWGFHCjKtXkbj4m7iUk/2Q673hgZ4BeQYL/KJUPI CS/mfHMuczTTq/HHE/d+PqWAbkMdV92tdXTp8vPJCFxA5nU2uLsVCnOwC KpCIOyedGuWU6arxoyExMvdfb+rarB0X0kot0W0BnKwjFfrD1XszGmeCp R+3svSAdS5q61tMOEEEBJetSTEaVeBbx+nLrGF5Q7TTw3YwzEA/9RXfSd OuGsRNkHvk66SgXPjw3IOaoMnnqCywEckpqpiFhV4gyo6WkaBn8ljCTAQ Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10962"; a="399174603" X-IronPort-AV: E=Sophos;i="6.05,216,1701158400"; d="scan'208";a="399174603" Received: from orviesa004.jf.intel.com ([10.64.159.144]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 24 Jan 2024 16:54:32 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.05,216,1701158400"; d="scan'208";a="2249206" Received: from orsmsx603.amr.corp.intel.com ([10.22.229.16]) by orviesa004.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 24 Jan 2024 16:54:31 -0800 Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by ORSMSX603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Wed, 24 Jan 2024 16:54:29 -0800 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Wed, 24 Jan 2024 16:54:29 -0800 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.168) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Wed, 24 Jan 2024 16:54:29 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=URtvOxjHln0sg9szdQmazohCLpQRam2NMsbppj2r3O+kUFVYLrRAC4Y7v0Oghh/TfTyPV4k+WeR3pl4mLHNS6g75fGryK2VkisRWFHfGxElOXB4NC+LliM1gRUQO4i54LNQZmMjcgTASXzEATMFii5uvyRgkRkaxzxPJnSKo224EdLHDhj4QjDHxHhtNiyH+tcStT6Nxxj92ZsT/tk3OmobQcKybAEn+pyah8MVE/5X1O0GwdIAOgGhqTbdkCikW8ZnHXVvG5ajeta+eZvqY/naKictDc9jXnVfJa6txX7yQVU4ipG12al9O/1IIE8wImy7zNIMejg9OmA2YJsEJIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Wwf17PHJnyP9nEZbvZTS1pWPj21lbxPhPlUeJVcVAGg=; b=GSkNKSK8i0aCPFPeKE719cYDSUSzlUyeU+VnURjiBhbX0q7smQTgjC5aZqwLAPWFbULBl8uAfd2k1zGG2JBAe7QaO5fhY2sLUce5mFyxSnnBl66fZcrSawoU6/DEMtr65HKcgzpwfOTt4AhvQ5ICazaxyzIQOe6BRxreyl+HKi5UrWSqqihSwB/fnk9K2Z9IBE7ouTfnr97nQj+cT1wFxxKcPHhR6RliKhd02aUKDZz8DVWgvHJ78oEax1NZyjdnLGmBBnqAEXKtRhVSvfO/W+Yx2aJfR9LxeCmliYNhjhS2DPdHZUW6rkE8qGQ9hAiHl9OGCvkJ3T80oHd+nNGk5Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from DS7PR11MB7949.namprd11.prod.outlook.com (2603:10b6:8:eb::11) by CH3PR11MB8751.namprd11.prod.outlook.com (2603:10b6:610:1c1::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7202.37; Thu, 25 Jan 2024 00:54:27 +0000 Received: from DS7PR11MB7949.namprd11.prod.outlook.com ([fe80::a594:6f8a:5156:39cf]) by DS7PR11MB7949.namprd11.prod.outlook.com ([fe80::a594:6f8a:5156:39cf%2]) with mapi id 15.20.7228.023; Thu, 25 Jan 2024 00:54:27 +0000 From: "Dai, Jianhui J" To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH v1] avcodec/cbs_vp8: Improve the bitstream position check Thread-Index: AdpPI2nmVPdD6Fl2TZKSQ05lzo+fBA== Date: Thu, 25 Jan 2024 00:54:27 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-exchange-messagesentrepresentingtype: 1 x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DS7PR11MB7949:EE_|CH3PR11MB8751:EE_ x-ms-office365-filtering-correlation-id: 36f1b5ed-175d-42a1-859b-08dc1d402eba x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: y/5Z80rLomnJqQG+enYdmgMs2072gSxqF7/1tZ11CjNV+8rqnUxEtHZ3QUvNSHrQLlbPhT9vtK5Z5xS7Le5eZBAVpju2HOdLwWPkFFrCsSm9AxAJCaPsH7ZVFdMoZkKuX27ZINWDjSn7OE31PtfDso0dPMh0v/vFfCng+hKBgnaodFGDMLvRMSnXMLw1w2aZfNZ+hEslVZjKi357nK0YAKxqmSbcJc5CsVN4JBfygaCFPWrytTiy49Jb7/2oMii0wjXs3YtwEsDKdofioF263BF1hbPAP8QatkLSNNj7+ILV+0YKY3CUca913nCD1MmlDv+xyWNLe7MKgFOic0kFW2At+3U9bED3lwSjzTZGutIOuuW1gWvZLUScTvhN0vXQisbXysMORsvWiHThEraTe7BVAmC7tohbzsTsvBLriVT6ur/87qjMsR37OR0KV8uEhV+1WNFU3kJjdKEbMQek9fca6nJG4qpU+THniAUqF8lI3I2opXSPlGr/k3FIcBlXZcexNpdFsGcbKNs166pxddA1fBHImZOLsqKJhng0sPC4aVUOGLlk7hnXpqKbsOvWBrMlW06ZpDw93gGfFkIdAWzQRb+0yHUJ98bNDEL8nJG2y3ToC/XEXa2Z43x2iWPU x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DS7PR11MB7949.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(366004)(376002)(39860400002)(136003)(346002)(396003)(230922051799003)(64100799003)(1800799012)(186009)(451199024)(52536014)(83380400001)(55016003)(9686003)(7696005)(6506007)(478600001)(122000001)(26005)(6916009)(66446008)(66476007)(316002)(86362001)(76116006)(66556008)(66946007)(82960400001)(71200400001)(64756008)(38100700002)(8676002)(8936002)(33656002)(4744005)(41300700001)(2906002)(5660300002)(38070700009); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: KY9q3qDw4pxTYkIimnM4sPIU5ww5a3sD5MGHvkQjw8ng015vT9y7DOOJktYqMkp8TMIdZIfGffqzcwPSBrjT87gQkylxv15NZO9oN18FTZmidUaWt1jDS9a3P60x8o0xjHD+7XUE8tfltJYxWytv25xI6QHZlaTKdn1muZlnIQew8lk0ixBtVThZ4H8+ynqkRJfr7Ty6TSYAa28rWqJZ4DfMhFijsLS+D4yZmQAYmT3R2qpPzLO2Cl0n6R84NGhTeNh/j+WoNWbYfp/9kWpdE1adGM4Te+gPcqNPg7NRZOmmWh6dka7XZqZzpCq22aY1rXr68lS9TLiqsCB1GL5yLCD/52MSqmbAumRHryFXcsaaM4sTccgxFGUXOKUgcRx3so17SyBETBId3Hr6Z3GyWwc2e5N4HsZOz9pfEjJ1RWJcUHsi2GOBD3Atw3cl6Xx3vtxxD3yBKKHFVUTwoaevJNFmZyJnJvlHT/xIUC8EFZT087KToDI9L3gPHzQa+BvSuurD1DWBgw/m319ON9Ov62VsdniYxcKjAbiQaDPm08zKukvUEnx59xiFjgjZFcaICbBxkZon8T/FvJX9KcypsShlTgH2QNAtD1soOZ02CmjVZIPlx5dR3qGzYHGBLY9TxNzOepj9g4155/EYJ+J/BcV9egz16BQqlEaoApq5y5V/RrFGgswB/ARM7E08LwK3Gmz9Ga+aeM7N9xSgt7Cv84Ej4JsPYBtdxd7sH3PmlWapQMr8txMauzoQCMKC2X+ZwHKxkebOsqe3HvMemdyOUp8r+OiVZn4wWFMjLuj16BQcgoS4EcxfuaiAHVo8e0oEX59cbpVcGcmT4jpW+v7Nzbh22dLKgaCyZIIWvguVQbyLIEHPuACPS2itU4rmbiXmNIaQ81u/wNOxnBCNtjrq8bQuW/LUNM+n92B/2UMh+Xmmz5DMsRrkVjh6TtSgTpxVcTQrdlP7kJr01BJDkIYoG3R2VUDLIXazHTQ8nTxQWBTSFoi+nLgUDqYixz1ZhKAAKl8AztCnzh+wpMXShbsJNvxuSWR8lE5Z28tkSJ+2W31VpsMvQWcZKs0+VLTfcwAKXAw5EWIIjl0M9MJiC370SDRY30sIJ3fFnhJM/h0y36B+hKR2G/zunVANUructgy+AoPVjrmHIMwwsMhr2fFA71vIkY0NEANyOwni/L1yHw9D3zomwK/rNi+qhecjVAQY5Q9/PM/L9mHrX+fwBxGaJzt4MsEXx0aFgQ4ouMmk3IXeM/0xJbDgfCR6LzXmucdSz3Yfskt0xmao6ApN9aw0FVBg+3Uwso+b5Pin13giUy2H9It9wBNnn7G7OPwhxclDbkzScGd9w69o25cK69Bss/rw4g9rip6KNcXl0NbWIqYdDqHX7M1n01i//B3FjdZ8s/TrABZbD5dkoyRtLvVZYP/S4yIl86wc8QGpQE2prESKOCpIIGvkLCvUFFRroqSZ46kNC9huEFMxLxUFakLLA0WJz5vhWVFXuoj4cKkVpGHVBOxe9M4ySQMUn+oYHFCFsHz88hvv67xLOLi1BnTSRPhvo2myAyLFBo4xngfiWF0YIwrDZ3kBFIVciHg90xaS MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DS7PR11MB7949.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 36f1b5ed-175d-42a1-859b-08dc1d402eba X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Jan 2024 00:54:27.8219 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: Grtl4j/+5ZA4w+7SyLlk5M3zsBPxwL4tQz2f5jLeAt7sQ4P7UNh7Uq/3A4NecIk0VF/TVnGYdb5hp0LVq3gbxA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH3PR11MB8751 X-OriginatorOrg: intel.com Subject: [FFmpeg-devel] [PATCH v1] avcodec/cbs_vp8: Improve the bitstream position check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: GADe+H1dYAaz The VP8 compressed header may not be byte-aligned due to boolean coding. Use bitwise comparison to prevent the potential overread. Signed-off-by: Jianhui Dai --- libavcodec/cbs_vp8.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/cbs_vp8.c b/libavcodec/cbs_vp8.c index 065156c248..13acad3724 100644 --- a/libavcodec/cbs_vp8.c +++ b/libavcodec/cbs_vp8.c @@ -327,9 +327,10 @@ static int cbs_vp8_read_unit(CodedBitstreamContext *ctx, if (err < 0) return err; + // Position may not be byte-aligned after compressed header; using bits + // count comparison for accuracy. pos = get_bits_count(&gbc); - pos /= 8; - av_assert0(pos <= unit->data_size); + av_assert0(pos <= unit->data_size * 8); frame->data_ref = av_buffer_ref(unit->data_ref); if (!frame->data_ref)