From patchwork Sat Aug 7 23:53:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Soft Works X-Patchwork-Id: 29338 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6c0f:0:0:0:0:0 with SMTP id a15csp1679523ioh; Sat, 7 Aug 2021 16:53:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxwchKW0raZRguU7WaoniH0xdcU9i0r1x0ST/gJJNvbupIrZ/UVVnAoab2shPKHhJ6xHtIu X-Received: by 2002:a05:6402:1514:: with SMTP id f20mr21301170edw.336.1628380400747; Sat, 07 Aug 2021 16:53:20 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gr8si12517273ejb.484.2021.08.07.16.53.20; Sat, 07 Aug 2021 16:53:20 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@hotmail.com header.s=selector1 header.b=uGVosSnj; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hotmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 82C4B680831; Sun, 8 Aug 2021 02:53:17 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11olkn2096.outbound.protection.outlook.com [40.92.20.96]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E3B49680831 for ; Sun, 8 Aug 2021 02:53:10 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VA/pQJlSBBpOzuiId1RuqDZ5ZSZ4wjNFESbhg5kEGAMNHt0Vvy6Pcn3eUEsFCQjD+dWvKtPFn7j/Up9wz1vIcYNQ4f3/SQlScC1CoRQU7QMEtfsqiR9Hvo7p1VGMuVkczxs/y5pW0BE6g1qvDmlTqlnfmI0AsVJYxqMnRqTeyW2dggxvhyR+z6n1UDSEkEKSVUb7WEUUrvAL3DanjcZLSADxf5TI2Mmm1ycqazWDClnazjswRP9z0aasDvGZCJbiUwpmWuDHPJs2h9QotvC7RTlab8GNIHBCti70kZ6B3+DvbS4FUd2cHAGz2Ti9GawqTRaGoneHm4rVqGl3k4WWpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mwBOVe8sKAxbVfCHmoQBsah6RKMvbHa9Q/7WISCJQNI=; b=XgjyvISGbA5R/EaJNcwO9gPX4vdbMzSvbMjtR8MBUbv/mcQyMRFoLU6uEk7sYf6PKURDwhYboXTAY51XBhRWyQ8AIA0MTc+lofi4KABMEXtQKFtepZBxUCoAbAydGUiViIjcjqk0IPmTuO73w62TNyewCvenbHdHGLW3rdUxvAokWNdnAvAzbUbE5kq3x/hJeYByqr4fXaln3iQm5TmgJLznUvNqYQ+T1ffnpXjFj3y6/DclYTVPX5woAKFTz5qB0/Pc138AJHZxrwXwPwe7TgBlGQDlGrdFTF/RPaGNsAzdDFrwNtvEC5u2OfOqTtoDraxAW8Ak/d43/z8rfg5IXg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mwBOVe8sKAxbVfCHmoQBsah6RKMvbHa9Q/7WISCJQNI=; b=uGVosSnjnbDPFCc8DNI4CBUQDH9Umgq6QKy4gsBqIn/Sfgi/Ntk2subEmJL41aOOBJq1Bfun2wG3ikOPyhv9B3YZk3ynvwdPiVWM7hfbYv2etwYCnfpwucyWCP6AnwQaCYQjN0kX3hQqQuEZzDzhPPfnqW67r8MSNTpoGyShcRfKevTPvm1huwyok7xluI5yiTSmQMKQ6y6knhjK/oKBVDF/l3WI0pv6R1beUszvoIw8OVw5aDwiZDvRO77RObsxJsZ4j1sRPb9jsEMsnCrJ/IzAmo11TEkX5WNplozMsWHxrlUh0zMaMFxvxVZYWtJuDhx4+C6G7SoC77akrIjPzA== Received: from MN2PR04MB5981.namprd04.prod.outlook.com (2603:10b6:208:da::10) by MN2PR04MB6238.namprd04.prod.outlook.com (2603:10b6:208:e4::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.16; Sat, 7 Aug 2021 23:53:09 +0000 Received: from MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::5d83:1c26:c2b1:3a30]) by MN2PR04MB5981.namprd04.prod.outlook.com ([fe80::5d83:1c26:c2b1:3a30%6]) with mapi id 15.20.4394.021; Sat, 7 Aug 2021 23:53:09 +0000 From: Soft Works To: "ffmpeg-devel@ffmpeg.org" Thread-Topic: [PATCH v2] libavformat/asfdec: Fix regression bug when reading image attachments Thread-Index: AdeL5zQwSYFaDjRlTIe/bJ6VP1koCg== Date: Sat, 7 Aug 2021 23:53:08 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-messagesentrepresentingtype: 1 x-tmn: [C3LQMaoVY8IHKxqA2gK0PitNTz4TWDAt] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 461f0a46-f661-41f1-1948-08d959fe822e x-ms-traffictypediagnostic: MN2PR04MB6238: x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: RLMyAxJRzUCoN1cRLqXs8+2v9gAXJcajvxOM7v2LhtSbatLC8QIbgFoTvABqaoIeNZw4L5tS2HHkqurrmO9wdos6UbjslpdlcD14eVTpL/YjngLmgRv3JuAA2eLl1YxtgWOmKOfRi3mGXhW72JrPs7zlwylKNyVxikhJR8doyAhdwR7THZeUjvYx+lgCAPLJ6qU41mOrRsakG4VCRt04X6tLTu5hEnJ6hB9xgM8hnk9dNTu2qVFUpvmvedAirOypFyHOh4kjeVi5yPvciMvUBFMsVDJCFhhXXEPE2GMc/A/o1wrvVVuhrSkqHEUG4Y1imw5CaSUPke/Dv2mfVbsbAFWqa2E09TuFoVWqu4t3ciJn/gzvg+nZ+7t2P98zWFbNR5xQHZLAjAE8rsMkyItkIVydk7YmKIsC+HvK8IP/OM1zQHlwKCBXJnHA/C27Ehuy x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: muy6xa+O8bhxtCVumzSs5oGyiZ4ITe5u+FJzzmbwkw0qkfAAkuPnrTBoFq1lVXMKOeksESXPU0kZ2xPVwEz1JHJRuCJ9Moz87ft5Hu/5f5K8qzbdisITgzDA3uop29PgAl10dvl94NQ1qOpBFob+kw== x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: sct-15-20-3174-20-msonline-outlook-529c7.templateTenant X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR04MB5981.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-CrossTenant-Network-Message-Id: 461f0a46-f661-41f1-1948-08d959fe822e X-MS-Exchange-CrossTenant-originalarrivaltime: 07 Aug 2021 23:53:08.9360 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR04MB6238 Subject: [FFmpeg-devel] [PATCH v2] libavformat/asfdec: Fix regression bug when reading image attachments X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: XFOKL+9m3lM+ Commit c8140fe7324f264faacf7395b27e12531d1f13f7 had introduced a check for value_len > UINT16_MAX. As a consequence, attached images of sizes larger than UINT16_MAX could no longer be read. Signed-off-by: softworkz --- v2: Fix without changing variable type libavformat/asfdec_f.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c index ff6ddfb967..b9f3918495 100644 --- a/libavformat/asfdec_f.c +++ b/libavformat/asfdec_f.c @@ -614,7 +614,7 @@ static int asf_read_metadata(AVFormatContext *s, int64_t size) value_type = avio_rl16(pb); /* value_type */ value_len = avio_rl32(pb); - if (value_len < 0 || value_len > UINT16_MAX) + if (value_len < 0) return AVERROR_INVALIDDATA; name_len_utf8 = 2*name_len_utf16 + 1;