From patchwork Fri Feb  9 11:16:31 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nuo Mi <nuomi2021@gmail.com>
X-Patchwork-Id: 46131
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a21:a586:b0:19e:8a94:b663 with SMTP id gd6csp858181pzc;
        Fri, 9 Feb 2024 03:17:15 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCVGWYciAMFpQt75BTynjfonaJpAovPdBn/tXfhqf55CY27CRJPoazcFbxofsJzN+xNeBMDJ9ojvwOxkK/BEyqiMXlK7XwqVIlaYZg==
X-Google-Smtp-Source: 
 AGHT+IE/ld8GKZexpOF+UrbcfYShW7P+OfSYuIEd1/TWix7gQqBqxNGrK0Dx/a9WejYPsQ9ECyVS
X-Received: by 2002:a2e:9d8b:0:b0:2cd:fb0e:1f68 with SMTP id
 c11-20020a2e9d8b000000b002cdfb0e1f68mr879852ljj.5.1707477434787;
        Fri, 09 Feb 2024 03:17:14 -0800 (PST)
X-Forwarded-Encrypted: i=2;
 AJvYcCWN9sKWdfse6XkKcdq3Kt+M1FVwaq8BiIOBleFfWIR58zPW53Vic1+P1bUCxbNp7epD99MXfKe2nKCaMHl98XhWEreQhm69+B8kxfKQTdU18oiNunBJK/XFpkxx//CTkpSML9Y/aYfGMcJ7xkKPJVff6kATuwzu4YM7pK86RjdxGgr2ezRtnqg5Gv4j6ThVMG7OHyoqQaR6rNB56xtzt1NzdM7D28AzBtIlqg3ji8xNhBgN2xnjGBSGIIjqqLF5BK4i60y3n3xAUcGRtZciZKthP/1SseTTAzzV1+8abitnlNEtRcydT7h0w/Ewg5Fs2hFtRV2HVUU/a8V2qWgnzSucHLe/YEP/VrIiJvVZLFqI7e/bhwG4v/JTI62CzIMeBOBjN+Cum/0XwM8ICg8we86sUqIAUJ1y8E0FFK9Iy5vzCMWsAmv9163fJiZue8/+ozHxi3oJA12DurN5wQmK9Ut8umaApxqkOwW0VymTE8RAFebbdSbLDYOP/d7gXrzhg9IFvNbfsYb21aLAKYEgrrWvdeJIIX4JJMFgRl+K70skz55fw6HssPmB+D3+G1jdc8w8rMYZ0Fx9LplCsQWftc9TOUu4i3DiUld37i62negxcDOJo8bpzG1y0Hum4SM4j3vD3DEbYjOgp1pR3vZKd9cH50xGYWTvVRgn6UxL79lePNOBPjdCear03MTqxZmzEJq+C4r8peyVYPQr20sLrP4O3QiZ5FaG2DWefCHuD0mAxrZkmyTctVxi4Dkm4RGWaPhEfcjXXLkTaqZ5Tv5a+WX+IsUzenYPzkul0Fyh83RrqcgfDe4r9HtoD8YWSJ/O3J3cAHZ4rT/6Wpx1JuxV4TdPKd2OiAQ2T9W6dSAwUtPy7wwe8qozM/y3YA6aGRm4frebc5hVf07SPcI5jB48gBK4C6iggR5MfppccaLNvOVHKF3WBuK+aFtqglSu0ch9u3Q4Cl
 UVsfGNkAx3qdy03eBraU34ZLQtX63dxZChe/GGXWYFS4EvRRTkD55+N6ukvT1HEI9TJJ9Ow9y+cI90KCAwnPr1k0iDX3QmiEOQHTKJU1yQLCas6cun9Taiv3fuR9RgFGvOILZKNbl1UYpReH0PBbKNTGpa3Gi0qtnQrKzzI76gYvzi+Q1foSHfCVvd8uIWFB4ELpeCoFVMUbafl5IMqZOFy2Xp+A5oIV3BAD/0Hig/zV9B3/PNF0e8qzQuXXNsIQyGM6z3wjknAIYnFYlo4QHu5nFxostAxRgI7Xg0bD38hsyUpn+rjN6jR2d6FvLRzyiOzJcw00j2O96h3dpksGpslSr2SrOWEDcf9AcQeSbzhEqKnSN7DjmRvawgc9F7XWI5xqEZOHMSqhhcxBuCjYbq5uoK1wD+wrsACHSL4Cj5Fr/MovwOLtEb3sHZ+URfYT6k/G08H0jTgkHsBGWZYajtNgdezvWN612LqoRWKwXUX1SU9gKhEyp6gdVLevYDP32sX5xhLSRQaUrBFV30HR9bFdCp8Mz6s0meWTqNTJbs5Lt27ULkBe5aiP6eZcHK/wo162YlgQQLtP45g1bfimxAHufNNA==
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 f21-20020a170906561500b00a3bdb676eb0si680452ejq.981.2024.02.09.03.17.14;
        Fri, 09 Feb 2024 03:17:14 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@outlook.com
 header.s=selector1 header.b=FuWwpmhX;
       arc=fail (body hash mismatch);
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2F00168D13F;
	Fri,  9 Feb 2024 13:17:08 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from APC01-PSA-obe.outbound.protection.outlook.com
 (mail-psaapc01olkn2022.outbound.protection.outlook.com [40.92.52.22])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C8A7B68D0F5
 for <ffmpeg-devel@ffmpeg.org>; Fri,  9 Feb 2024 13:17:00 +0200 (EET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=gGhW4aLJQ33bOtpEKg/xorm87U3q3t+Ue90i+8JV8zVACSK+qeEpz9b34N99TKydymJXGUI/JRRUXKZEHGvbHhFJIanSSIAdrBn6LBiVFX6uyaa5vY03j8x06IZG1JnmVXfsjPg/J3dglfnJKEPDv1nafPcuRuCIt0rQPxFW3sSOT8cK8mAM7Wchhbct9zUH9ceN4I61mlIx93q+3DkmycH+X11VXK5MKh63MmRC64SRFgclqUR+FLuvDsckMouldJn2qiYY6U2c4PGjqfrJPJulza8bxq85uIfWucfbfhfVf37jr+PdwUk5c4cEFxLtINS4unV1TuCxKKVRW6+gYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=/ly0u1OxvihW/vplxiYgZjCy96xynEGrXlJxU7DuNeE=;
 b=P9x5xL8v7YQ9XHjTZIzqCr5fTc1GgUVWztGjk4Sjw6YB6gNSJzRudui/2IB4/J4tu3jzJGDiMXJP6X7dfavqPpYAKAu2VXPZoEJ3uXto2VbrlrprNwsQllwz+rehCSTzGFKmiJ2bMA2z+eRadjQ2L/hsZK5z8ytkFHy3KnbXIv2L6HgobCXj7/Q7L6u7DfIyeUtl2gESXZRXDy2EgH9KGLTyLWyuM7MlAbzfxM9jkPtQw3AAkyXOC+qrTpsfUPNlb9IWcxN9x7GmhUKlQbDAgzVMI+Xa/w99cxopaEWHlPLVEfoqFAJIKMbWxdDrq3ow/kw7FPIqPj4u2E9j6VodKg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=/ly0u1OxvihW/vplxiYgZjCy96xynEGrXlJxU7DuNeE=;
 b=FuWwpmhX6206dTdc6oxnv7LwjYErcDHnL2yymTLv47ulyZxdsKjDyi94tJM/5XzTe2SfU/xeHc0zvqk/w0F6B6fWJ+BaXRIccspYs2HPEmZVK0GNSPsMMaCTE74vI1cNDOyV4kdNTGBnPS+HsCNTCi+q12dASKOuXz52QQQ+7y9aj8LvncByyVvygEVpmsafYyG6lQOJYT8CeLd4AVCB6RrurHCtPs6p5wVlZqsc7UfayzVEdyFLEtFJ4F79jT9VROw4+1123JUmjSSF67X81Bsz9Q7z6Bdh/nYY4RCF42w6IIyUVfRhxOGpJjLgB2NTrE9zMsPVXAVg4INfUQohZQ==
Received: from KL1PR06MB6426.apcprd06.prod.outlook.com (2603:1096:820:f7::5)
 by KL1PR06MB6944.apcprd06.prod.outlook.com (2603:1096:820:125::7) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.26; Fri, 9 Feb
 2024 11:16:51 +0000
Received: from KL1PR06MB6426.apcprd06.prod.outlook.com
 ([fe80::3e72:c290:f9b2:7be4]) by KL1PR06MB6426.apcprd06.prod.outlook.com
 ([fe80::3e72:c290:f9b2:7be4%4]) with mapi id 15.20.7249.039; Fri, 9 Feb 2024
 11:16:51 +0000
From: Nuo Mi <nuomi2021@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Fri,  9 Feb 2024 19:16:31 +0800
Message-ID: 
 <KL1PR06MB642639BF0652FE74BD52A759AA4B2@KL1PR06MB6426.apcprd06.prod.outlook.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240209111631.6026-1-nuomi2021@gmail.com>
References: <20240209111631.6026-1-nuomi2021@gmail.com>
X-TMN: [6Gb6tdDcOsIIGJfoq/u7h/PHjN1VP+ir]
X-ClientProxiedBy: TY2PR06CA0017.apcprd06.prod.outlook.com
 (2603:1096:404:42::29) To KL1PR06MB6426.apcprd06.prod.outlook.com
 (2603:1096:820:f7::5)
X-Microsoft-Original-Message-ID: <20240209111631.6026-2-nuomi2021@gmail.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 2
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: KL1PR06MB6426:EE_|KL1PR06MB6944:EE_
X-MS-Office365-Filtering-Correlation-Id: 3c0e23fe-cba5-40e3-4a95-08dc29609d0a
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 hVVJAF4YufDU2mtqRti5KTOa7F9CSIgQcH5JP7SwXVm3ZPRGTLn06FaGgTr6yC8tW4oXRizrLBL6uqJ4zGHZ/V5v7PfZqXNYDqPXxzI1FinmKPXrEZmxK8bhSJgR2lM6EO4btrGpGT8wGWNbJXTz7MEBR03KJberQidD9cgxMLkRfI2MwvUdGZqwZ1bXSCa9iQ1+0G634ms4uDFyD6geIWmpKgC+EiNb+9DLo/wuCbGav8oXEjW5xmTER6xfzzTPxrmxyeLFuICHcf28iT2ASHdNYiN38M50eC2WQSJt8uRdIpqm7pb/TYJzzmBu8ji/ezuyv3LFCvd+PX6+tINAx+HxBnfhtARyVJO/UMkbHqzB0CHQg8sb1DoovqWFRQl2ag2m4+SUZM2K0wPf3JgJ5fhldsbrPbuorlNH/Lz1aeG2EvdrvlkFBwlW11OOQZbXJ+YtVX9UB1z522/SQ8apxCdEAp8XaepE+V9lMIXyBtNu8CgHK85f+Xa9MjXhvW/NetebNFmHulaQ2TQvfbeSq/XuOLjKDh2KmvVaHMii2oaLwg/KNHX8M1L7yx5WEUwn33yDYtDMpYlAMDR/yus+jf2Aom+frUzkBGjQLr2+b0xb//TTA4Tek4GeTvvjVRBs
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 ciI6VewNRZLbngel7sUPuRtj1dL4ha6Rgscjnv4TjZC0z+8ECUPGqjaBRF9gyPM8B6dXIcd1YfV9XHjO/JZ96LfTIjJc83wGqqqGvHPMQiqeTAxjtR/sYgpUomZxVU1SD8EgcVumCn/ujwUqXY1qU3R+lBvGAAFg4LBAJsR3yx7VlBqDvLGZxXu2xY0u5P5KMMWkwjsuASExmfrUtPXfmMaDQFUIM/5KhTwFN+UMTLcar7CJJ95236jMtRhGi+WMEiKTRkXEVHo/r+OxqzL9D1z99uACMMfqVIqoGCQWGO6HU6lJnYQ4NXffCQR+cKyos29t2fdNtkPfeLm48h+K0k2CtqOy9zPPsBhKZVVMVRZnpADUiMNXq3TAqveazJLU99JiWKPZ6X/7taB4uyJ6QPkzCN/SeLkHyt3wiYa/dJB1fU/jd8tJGdYxJVPF9WlntDS59xUb/29jvqj9gAhjuZSFSvbvpNwZ07dvTnSHMhDvckIyINhYpukBBBISeCZi+zhl6pwIFizjVDLUcenbTv0hzQsOd66GeSXAj51UHCUUw0cIPY7KEfaRs5DVtUWoUnkCoRtWchB4LOqsuLcA0YOecm6CW6kfGZbVMwphgBuZ9vjDhfib9T/MJ1608Fm+y7kRETt78R3sivcz/ej57mbrGjKrQgxHigbjb9WA62sWt+oF+/T5x5t6kUe0JZ3TeB4AZQcE5Xplq5pAz5MzD4iO2HlpNkiToGWirbdyinFZeMvCHBeN8mCfiw4ToAS8dCTJk4sPQWYWQouprUzZmHkUXVMDD1NgatditJVlWnU0DiJlNv1+0WimahZOKi4r0WLMvcxLDFaEEKgcptoFiu2I6FlWf5JYRyI8ZsdL/n8ubedtv5gLFE21CYk1Lkf8j2J9kSSzYbG+4hP8sZyWJWKPQWuzBpfJ1E4va30rUs0tCkFt2ZuwSgGBYYsQrhbltpouiOalk316nmVlYsP823RHFfY1BAZUZDsZcgszWxdaha4vTSQ55DvxE1PbE4NTfc63po2JRO3r6yN0ooZgF0OjUqSy9KIUmFOMcvLPgdZsGG4ChDRJ2wrxWj3fLI8X+D1dcRnF04iQHoCp57V/jizv4VElMTi5zJqFa9KOyizyhnTmF3wDea3OG5uSaXa6orVvvZ48Oua1rSQZ1rGep0W6AFGjhyNbIkS34xxTChu0YUQwwubv6OFtHJ0P3up024rzh8IuGuZCxxLsyo2HI4uPqjzaNydAs6gFd2tVCQd+c9ABiqzqD/EOLjFMvPPuSeWYc5yb0Pn3JQCtnZaRnw==
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 3c0e23fe-cba5-40e3-4a95-08dc29609d0a
X-MS-Exchange-CrossTenant-AuthSource: KL1PR06MB6426.apcprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2024 11:16:51.0786 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR06MB6944
Subject: [FFmpeg-devel] [PATCH v2 2/2] avcodec/hevc_mp4toannexb: check bytes
 left for nalu_len
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Nuo Mi <nuomi2021@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: eFh9s3sZ2zxU

similar issue as in the previous commit
---
 libavcodec/bsf/hevc_mp4toannexb.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/libavcodec/bsf/hevc_mp4toannexb.c b/libavcodec/bsf/hevc_mp4toannexb.c
index d91229a895..8eec18f31e 100644
--- a/libavcodec/bsf/hevc_mp4toannexb.c
+++ b/libavcodec/bsf/hevc_mp4toannexb.c
@@ -65,9 +65,11 @@ static int hevc_extradata_to_annexb(AVBSFContext *ctx)
         }
 
         for (j = 0; j < cnt; j++) {
-            int nalu_len = bytestream2_get_be16(&gb);
+            const int nalu_len = bytestream2_get_be16(&gb);
 
-            if (4 + AV_INPUT_BUFFER_PADDING_SIZE + nalu_len > SIZE_MAX - new_extradata_size) {
+            if (!nalu_len ||
+                nalu_len > bytestream2_get_bytes_left(&gb) ||
+                4 + AV_INPUT_BUFFER_PADDING_SIZE + nalu_len > SIZE_MAX - new_extradata_size) {
                 ret = AVERROR_INVALIDDATA;
                 goto fail;
             }