From patchwork Tue Aug 3 05:05:47 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maryam Ebrahimzadeh X-Patchwork-Id: 29213 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6c0f:0:0:0:0:0 with SMTP id a15csp2161771ioh; Mon, 2 Aug 2021 22:06:14 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzJ/E6KhNFz/QQz579fihBjqx4yTnqB/GmH4h6rg8n+YUYJioyX9nLfp1L1f43M/VHUMugb X-Received: by 2002:aa7:cd77:: with SMTP id ca23mr12784227edb.92.1627967174491; Mon, 02 Aug 2021 22:06:14 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id g18si12298001ejp.458.2021.08.02.22.06.13; Mon, 02 Aug 2021 22:06:14 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=G9GltTTV; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id EAA416803E3; Tue, 3 Aug 2021 08:06:09 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR06-VI1-obe.outbound.protection.outlook.com (mail-vi1eur06olkn2107.outbound.protection.outlook.com [40.92.17.107]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 847576803E3 for ; Tue, 3 Aug 2021 08:06:03 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CQoGeFoGOLDwCLe1pYYFxAIoGB0oLH3CeHx8z3eYNa2bHBLLCtwfYYQvfRbklAX96/0qBu3b4b2lT617AZ1z8Uxe5BxpBQWGfiLpI3Acvrl1vuwHp28K4h+Fj4iFfl9VdRT+mSTpAm5GrrRv5J2X30YFoEwH9XLmefEj84GPVFzhflepnmLvstRLziPNu3FJIHVHFqg3UutcyhIzH9wxgGiyApVt+b67nNK24feYTMTUvNGdYZ+7nEI2W0k0z8hN8FZjWGiBd+xrY7FR+Mte9etYxKJkk85C0gwjcuLVq7mIaQ2M5ds0iSFJkTcoI19Qm9jF8BIxC0fApQDGRhm+ew== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lztd6udFlCg2WYVMM0A/0pCNNPNu0s1KPU9uott41M4=; b=DCzJebIJo6PuqF+uBlCMPFsx02tkPpYK/CjkFy2Uz2tBxj1efTVsA987C9SqSMI8cXnY5om1oFks6ZQFD23CPSbdt6BnT1/CsokMuSOi/KEX3oW3IXd8otjII6HAqGV1J+QlHsmAE+dv7MkBi8+oLHQl7g3ZL5sbcLOu2UDNVj0sf9zLr9ut504ViaQgTIptZuOiM6LQZkOpsEvN//cPC5kyKV6cNUJ4rxE9yiduQFCei6vJOijAEk7oE/94gDhO+tPWQdm6FnY8REtsfWJSaGOeCwJKyqE8o4Zk74M5RYpWu/5ODczx/TMzMyhB79MKHjgh2B8RvldgtFvaj3Gozg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lztd6udFlCg2WYVMM0A/0pCNNPNu0s1KPU9uott41M4=; b=G9GltTTV870m+8CQYX7GUgvtFLbJlxyAfj8zF8LiOgXcOzT/5CpFraarVHZaGGydPqnQVBi4kYXWGLlirb3+ZOJTFe4+40/b7Yd4Rsp5wM09TSCcL4tQK8fseipmEZRdz5paSZT/+pw0cue5q9oeUVENwmgY57QFvoaZ+BBxBWVFFiCoplXNmEK6xz9ZS6xugAA0nwMo1PGoSHPVLq8WsPVu6EpuezDxxyKmokaN4NoMeJ+henlhEwPGJLqbBcC3EV9mvvC2nKz50Q3/Nv71sV+TmAsr7Mau+hOeOV/4bCFqNRcXS5TG55fpvQVy6znz36HS+pz/DQYrTa85e8E1TQ== Received: from DB8EUR06FT058.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc35::42) by DB8EUR06HT229.eop-eur06.prod.protection.outlook.com (2a01:111:e400:fc35::508) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18; Tue, 3 Aug 2021 05:06:01 +0000 Received: from PAXP193MB1262.EURP193.PROD.OUTLOOK.COM (2a01:111:e400:fc35::50) by DB8EUR06FT058.mail.protection.outlook.com (2a01:111:e400:fc35::431) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.18 via Frontend Transport; Tue, 3 Aug 2021 05:06:01 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:34684875F213C04256A0F898F76EE6F954F339D8824B29C37582227A0E387B71; UpperCasedChecksum:75B77C91058F3BF2FDCC899C45AE86B8E17DA62F89D6356392C7A2A68D6FBD1B; SizeAsReceived:7164; Count:43 Received: from PAXP193MB1262.EURP193.PROD.OUTLOOK.COM ([fe80::f028:bc73:e6d5:29f7]) by PAXP193MB1262.EURP193.PROD.OUTLOOK.COM ([fe80::f028:bc73:e6d5:29f7%5]) with mapi id 15.20.4373.026; Tue, 3 Aug 2021 05:06:01 +0000 From: maryam ebrahimzadeh To: ffmpeg-devel@ffmpeg.org Date: Tue, 3 Aug 2021 01:05:47 -0400 Message-ID: X-Mailer: git-send-email 2.17.1 X-TMN: [1EyK+htTxlFsCJNwbnrW0pbI3WLVBr35] X-ClientProxiedBy: PR3P250CA0003.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:57::8) To PAXP193MB1262.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:dc::5) X-Microsoft-Original-Message-ID: <20210803050547.3749-1-me22bee@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (5.239.27.72) by PR3P250CA0003.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:57::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4394.15 via Frontend Transport; Tue, 3 Aug 2021 05:05:59 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 43 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 9aef4f9b-6ba1-4901-3197-08d9563c6297 X-MS-TrafficTypeDiagnostic: DB8EUR06HT229: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 4NgyOhHOZYZHz/CVbaZduj0DKnjaZBEcaOZQtkLMBuWVHxsfUB94GZx/ypkw2fY/Gnvr28JmEoLSYhQ7ZUHvXDZbjTpywHZSlmfYXg+9F8qb1rqa4LBKeH6DvXxAkPB5NOZZd9RkwkuK7z1DjVL59QCcaa5szUhTKbMVub4gLq0fW0diRh3Uka9jRCVzDM/pXmS3Al8MW0g3MkAmvE0wlOt+JGK57Zrg/gZQFfbx1PnhWYlrm4svgBpu0QlxaUz2znCCTI11kLqlAklXuw0sf9LBZ47W4IcarrLs7BMn0Qum/O5lXCxLsTZcnW9o1X9lH+FX+b+EDtMPi3q0Lnn1oGWQp1lFDjXYnNQb87yRNSsqE0onnsTWvp5Fp5n1U1S0VHOnfChAlkiLORLhE2PY7urSsP/uuE9HLR4moRjXEkZsgXeDuqmmgjY0ZRHGtMR5 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: h0t5ocvQY4qKR6+ciwy2IPPlNlg37GUpvIl429NdDa3JqZ8TPEP3f9oFHMpe++wWVQvNgU88q6M4pGb9k8bMGs6jemU/76Dz1Nnv1yIommxMQKNjcasDPnJFlWzQU7RLGRaLZb3CaApGDA+K4qSYdg== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9aef4f9b-6ba1-4901-3197-08d9563c6297 X-MS-Exchange-CrossTenant-OriginalArrivalTime: 03 Aug 2021 05:06:01.6562 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DB8EUR06FT058.eop-eur06.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8EUR06HT229 Subject: [FFmpeg-devel] [PATCH v1 1/1] check and propagate function return value X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: mMQcPmVh1mU3 From: maryam ebr Hello, similar to CVE-2013-0868, here return value check for 'init_vlc' is needed. crafted DNxHD data can cause unspecified impact. --- libavcodec/dnxhddec.c | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/libavcodec/dnxhddec.c b/libavcodec/dnxhddec.c index c3eca7becf..cdd9eed62a 100644 --- a/libavcodec/dnxhddec.c +++ b/libavcodec/dnxhddec.c @@ -112,6 +112,7 @@ static av_cold int dnxhd_decode_init(AVCodecContext *avctx) static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) { + int ret; if (cid != ctx->cid) { const CIDEntry *cid_table = ff_dnxhd_get_cid_table(cid); @@ -132,19 +133,25 @@ static int dnxhd_init_vlc(DNXHDContext *ctx, uint32_t cid, int bitdepth) ff_free_vlc(&ctx->dc_vlc); ff_free_vlc(&ctx->run_vlc); - init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, + if ((ret = init_vlc(&ctx->ac_vlc, DNXHD_VLC_BITS, 257, ctx->cid_table->ac_bits, 1, 1, - ctx->cid_table->ac_codes, 2, 2, 0); - init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, + ctx->cid_table->ac_codes, 2, 2, 0)) < 0) + goto out; + if ((ret = init_vlc(&ctx->dc_vlc, DNXHD_DC_VLC_BITS, bitdepth > 8 ? 14 : 12, ctx->cid_table->dc_bits, 1, 1, - ctx->cid_table->dc_codes, 1, 1, 0); - init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62, + ctx->cid_table->dc_codes, 1, 1, 0)) < 0) + goto out; + if ((ret = init_vlc(&ctx->run_vlc, DNXHD_VLC_BITS, 62, ctx->cid_table->run_bits, 1, 1, - ctx->cid_table->run_codes, 2, 2, 0); + ctx->cid_table->run_codes, 2, 2, 0)) < 0) + goto out; ctx->cid = cid; } - return 0; + ret = 0; +out: + av_log(ctx->avctx, AV_LOG_ERROR, "Corrupted, Problem in init_vlc"); + return ret; } static int dnxhd_get_profile(int cid)