From patchwork Sun Aug 8 01:42:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Soft Works X-Patchwork-Id: 29339 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6c0f:0:0:0:0:0 with SMTP id a15csp1728809ioh; Sat, 7 Aug 2021 18:42:36 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxnvRz75HqTZTMO1GbDKsc5Ft8X/vBL4x4IfCEFTzykKRu+AXr8cIcwp4+SORg+mMR9DQLk X-Received: by 2002:a17:906:38c8:: with SMTP id r8mr16308462ejd.172.1628386956519; Sat, 07 Aug 2021 18:42:36 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id h20si13113979edr.397.2021.08.07.18.42.36; Sat, 07 Aug 2021 18:42:36 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@hotmail.com header.s=selector1 header.b=AH93OInZ; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hotmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6B17668A32E; Sun, 8 Aug 2021 04:42:33 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12olkn2046.outbound.protection.outlook.com [40.92.22.46]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 42930680B71 for ; Sun, 8 Aug 2021 04:42:26 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nWYJkzgVh5Vy26P0y12v/dcg/GEbCLJjBqCTgSSzkIABhNs4LuBVD6xEZCHS2mtlXzmW2ycBbo7xDq/fVfV4kXmUFMw22R/LlrF5iQH7+Kdk/cYpdkmFfuddP1eyC7e/rWVrXzQ985HyWLqbcfftdCm/uJ+L6K+/XHaXGC0oFpCOHNLSVVv3XEOQ0+DrqTYoJFeCGxQQ10slSeZqORymaR/5XdrWkti+1a7jBq+SHowpUHqirFQj2unvoCgGRCzMNMpo9fnXnA4xj75sQTMscA67uzlNSif/7GeiiLhDHmh/6T3psPLteqa/TKMPcOx5H59WiokdLZaaQMwA1HwhQQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NxZfNgv9StFo/TWmXpNwuX38ut3m4Wxg2/yzVgYNZPE=; b=bYFdvIgwCLwdR2sUlY4YieQIAa9235LSYyGXrpbvMrLw88QRniF6F17e1+8xITwkCHoJvyyq/UAExilukBKQN0I5u68J1qeuLQqc1MMwDs3pRtN+UDIZnNT6sXtc3d4wpar9PcXFF8Z1ULYfrk4qCP9GRiKRilR1J0v+2Fu9ctbWMzucn3EN/OkILYnHo9+qMHKpEMSEdDIIb02YfE0LV08ULaj3PzU7qv5bDshALv748u3nGTB55opVixNd+UB58Oh/BarL2qmrkBYQc2b9xoC90aFycxUuAj71B5uFd3fyRdHg7IMyzP/pS6vj8iffbvEfb5ZSVY4nqGJF6Tvx1w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=NxZfNgv9StFo/TWmXpNwuX38ut3m4Wxg2/yzVgYNZPE=; b=AH93OInZqxNAx3nE1vZeEpieuS9mII7+vgtRZbddOVH/HPCWLKfIBX3AcGxAB5cRgO5lMINOb+1P9RNCaFwv//2Olejt8nqksymTAjGPQZFOzmxJUypA8DsekcY20P5JVRDE1UWib/yVsBZzFqT5i7weLyGNZWTVFvb7YoC5O8Kcw4bGIMw2zQyZH9TJUVEyabAK2Zcrws2yzE5D5MjvGJEYT6GT0qIfpRK8vBK7tp6s3qqoCwsmPs/IgFh844qjMV1F032eflLMw45HOCv7ihDwM8GRKepmsBrEpQCAH+la4vMELYnMUtURbOge5slpl9n8+2FmutGP29AmWcpjqQ== Received: from MN2PR04MB5981.namprd04.prod.outlook.com (2603:10b6:208:da::10) by MN2PR04MB6159.namprd04.prod.outlook.com (2603:10b6:208:e6::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.20; Sun, 8 Aug 2021 01:42:23 +0000 Received: from MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::5d83:1c26:c2b1:3a30]) by MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::5d83:1c26:c2b1:3a30%6]) with mapi id 15.20.4394.021; Sun, 8 Aug 2021 01:42:23 +0000 From: Soft Works To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH v3] libavformat/asfdec: Fix regression bug when reading image attachments Thread-Index: AdeL5zQwzcWflUnKRcCd88vfHEFFKw== Date: Sun, 8 Aug 2021 01:42:22 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [OZTkzkZ8OdtimN6+9MLYMj9636LinFmM] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: ca514288-eb1d-45b5-e29a-08d95a0dc4ae x-ms-traffictypediagnostic: MN2PR04MB6159: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Sx8Rli9R+tEjwNilCyQziVLZAX3XMcIZ//nBxfho6KsffChmlNUV3IzTkO3tn7tXVtz+2ErGtq0o5rbviRs0FGtQerOKFH5UVI9LP8QSFt4DnKMDnAmNa8rpqBqkZv8Ta9I/de9Ce1hThSqQMLchXYokImMDkaOmGkxtbPUt4k1bYQWm2cQBFbroGhkroOE4pUt5+qTnFp1T3v53au7rEigZO8Egzl4iN3zF2Pp4p66kGy3nqteslbFLjqc9YzRZRomNkDK+Mx0vecDnrhKLz7MfnKEt+1lGsj4K6dUOeRMiEjZlLU8cXxbWi8fftVll/TZ+ZJtHhCFdOGU16WXaRk+qhOVQhahCb7E/q76QXQABWPi9MqzZYV0YGqi5NigDcwzGZ5U7lGohXikmlAxnhVjjRXZuxQkBwVeAr6U34RjyaoR7fxLHbeVapv66CzXF x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: LtJr7mRSo7CnjlIhoMNd7V07Hsn/cEyW4rFA6zmlVHj0nlhK9JtOxL80ZOOSb6i+PONUAOFKJoiRJqcU6len5SDm4ZJ4w6s8DSLe8e9yXb9uyPZlOFuoDN81JKPUO7+6OJLWGdhc8Wop64I9sXIz9A== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: sct-15-20-3174-20-msonline-outlook-529c7.templateTenant X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB5981.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: ca514288-eb1d-45b5-e29a-08d95a0dc4ae X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Aug 2021 01:42:22.9246 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB6159 Subject: [FFmpeg-devel] [PATCH v3] libavformat/asfdec: Fix regression bug when reading image attachments X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: Dju8XIkBlaoS Commit c8140fe7324f264faacf7395b27e12531d1f13f7 had introduced a check for value_len > UINT16_MAX. As a consequence, attached images of sizes larger than UINT16_MAX could no longer be read. Signed-off-by: softworkz --- libavformat/asfdec_f.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index ff6ddfb967..1be21bdf82 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -614,7 +614,7 @@ static int asf_read_metadata(AVFormatContext *s, int64_t size) value_type = avio_rl16(pb); /* value_type */ value_len = avio_rl32(pb); - if (value_len < 0 || value_len > UINT16_MAX) + if (value_len < 0 || value_len >= (INT_MAX - LEN) / 2) return AVERROR_INVALIDDATA; name_len_utf8 = 2*name_len_utf16 + 1;