From patchwork Mon Aug 30 03:56:49 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maryam Ebrahimzadeh X-Patchwork-Id: 29865 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp3598613iov; Sun, 29 Aug 2021 20:57:16 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwykbJtVbKRC6o3Jl3splZVK1eW6l1a/8XbiET1PgS517Bb6o8V069hYooKkT760WcLG48Q X-Received: by 2002:a17:907:a072:: with SMTP id ia18mr15595419ejc.362.1630295836128; Sun, 29 Aug 2021 20:57:16 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id f1si13984526edr.312.2021.08.29.20.57.15; Sun, 29 Aug 2021 20:57:16 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=iCMIzYXz; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3D5DE68998C; Mon, 30 Aug 2021 06:57:11 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn2040.outbound.protection.outlook.com [40.92.89.40]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1F5FF68054B for ; Mon, 30 Aug 2021 06:57:04 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mImIfGv14OsDwgCMnauzt/bsRMIPIVoTT0QihidVLGTwq0jmPcIy3Pq0cNtutzjhywZdK6sRrm/sgeCazEwpAq9XqcRXcC7ui9puZ5gPhqSYKduwi4mxvfGGbxRWma6gChXjqDrdnmQIFicyFLP8ayQkJHbNOYLq0+Xf5ed5y6/jw0rOPv5as0BplfCb5I3VWqFM3cJ+GfgtmH77BoOklzWz5x7k9SnDcWQ+3W0LpJkgiJwmU2u3u8BjvgKAUKRAzIOy4mXwLDjj3uIEJCEpBih7lVVze1MgVbg6oxOcLgs3mHgFjBn0qy+6eLDvfSZB4FOdJ6JG10kGWZqHAAwPZg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cED04yq9ARRR1ItTNJgGESepAufuXt6zW2nb8z6pOig=; b=H+v87psE9b9WXppVWRAqhYppUWGTDEwdnyKT5OIxTWwIEXMSk1xuZdSiBbpW+0EwsFXPVQ48C3AgOjZ9sKtyA5jcX7YatHGAc/l7N8CWp5LS0S1XNxPL+dNnUk+Jc58Np7AUhMqiEipcct23da9cKO5TJS6N/+VtVjrXwJ8dYTbVJWaZKY5GVVP7ahE/P1XQH5FJ8jDaamA4WO0TsSIgC9zcMoBg+TlnTPD3iiWcChDcAs0pLzwe3SS1ZUi8FsC3tToKBxYkVIPXTyips4XNmH/CbZ81RPBVqNLQBKeY74iFWB/OHwRP6Y07Qj+wTJt5Fm/zfWbYd8QuX08ZCOdA7A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cED04yq9ARRR1ItTNJgGESepAufuXt6zW2nb8z6pOig=; b=iCMIzYXzCrxDgoAO4AQCCWAq48e4VDKqNMPx4cI8ch+pWIPPZqtll75zccuEh6HHpOZeXAhLmC17ibfI3lCvFMWH3BFb9/rI8VSH0KQSRew8GPeJ5Ry2Sn5JSUHZ9MiRu0tJvDbBgj11wvhhC/oa8vi78E2fOxox3eQt6e4odHKdcJ7tdAnxkdQfodYrOctYC8MJnwcYgzY58k27ALKawUMydFdAP/mj203zTt31TNyLtUHTDbu+DRPd/zaryWiW1sMbd7TfDKKYXMqxZtcJ0GZA7OD/B7GhwfDzTa3y3qok9wIcY6oKiCRsvcPlvcx/BxX38/jqN9C1oR8K49/ggQ== Received: from DB8EUR05FT054.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc0f::44) by DB8EUR05HT085.eop-eur05.prod.protection.outlook.com (2a01:111:e400:fc0f::102) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17; Mon, 30 Aug 2021 03:57:01 +0000 Received: from PAXP193MB1262.EURP193.PROD.OUTLOOK.COM (2a01:111:e400:fc0f::4b) by DB8EUR05FT054.mail.protection.outlook.com (2a01:111:e400:fc0f::111) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17 via Frontend Transport; Mon, 30 Aug 2021 03:57:01 +0000 X-IncomingTopHeaderMarker: OriginalChecksum:CC3B628B9787FBAC9E8D5EE68710117590E23D350154B039C7954D331ACC919E; UpperCasedChecksum:9EDCCAC0C09D174550550FC40CF01C217EB9140D504CBF4F11E43502078CB627; SizeAsReceived:7179; Count:43 Received: from PAXP193MB1262.EURP193.PROD.OUTLOOK.COM ([fe80::6c91:6298:dcbf:4a3b]) by PAXP193MB1262.EURP193.PROD.OUTLOOK.COM ([fe80::6c91:6298:dcbf:4a3b%5]) with mapi id 15.20.4457.024; Mon, 30 Aug 2021 03:57:01 +0000 From: maryam ebrahimzadeh To: ffmpeg-devel@ffmpeg.org Date: Sun, 29 Aug 2021 23:56:49 -0400 Message-ID: X-Mailer: git-send-email 2.17.1 X-TMN: [LoTxJuhPQm/HaCl3XatGce4N2lydOa6U] X-ClientProxiedBy: PR3P191CA0005.EURP191.PROD.OUTLOOK.COM (2603:10a6:102:54::10) To PAXP193MB1262.EURP193.PROD.OUTLOOK.COM (2603:10a6:102:dc::5) X-Microsoft-Original-Message-ID: <20210830035649.2299-1-me22bee@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 Received: from localhost.localdomain (2.191.135.98) by PR3P191CA0005.EURP191.PROD.OUTLOOK.COM (2603:10a6:102:54::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4457.17 via Frontend Transport; Mon, 30 Aug 2021 03:57:00 +0000 X-MS-PublicTrafficType: Email X-IncomingHeaderCount: 43 X-EOPAttributedMessage: 0 X-MS-Office365-Filtering-Correlation-Id: 9621b0bf-f684-41b7-da68-08d96b6a38bd X-MS-TrafficTypeDiagnostic: DB8EUR05HT085: X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lJDNfDrb/cnYrT5OTYNKBYJndb12skebLXQWVK4ESvh/BPNW/ZJS1ATUJWFlOeBMu+cOdfORdn+9QVFPKZIdKdQePtyyPnYNZXwg+VQXl3r2UMtWv7YcJX5NgUT2EgL0ZOUEteCuz4VzFqXdMGPUdfFR/8/wYhfDxdbUgFSNyfju1IK80VqT8x/fA1HWpKdmPrHAtd//epQEUiVUie1+1nPGX+vSKQMeOEfBc9j2iY6pUZLAZwwfKwZ5Af3gRN3gYVJ1HO6sHJJpT7bxWe3fsbCODxXVL3TKQ7NOt43ZNp7/yHvXS0fp7gmify2ywq9QIq4tlzWTJVe/pqfMijzf8ucJoVvdJcpGclzObW/WJbRtZj2mvflXfhWp9xrEFWYDlZzSYW+/kw5b6GLj4VECyXEa5x3ElOLvsxAIfbT6muz2uGokA+9/JZV/PwH9cW4J X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: JFIY40IHkpx42Da5gR6mzlwsPVevLhtU7vYHS11/fAQVEckQc8m239CtQpyCKxvnKn1lj8cRTCgiaXaeihy44RIKqi6fy8JO4b4zDp7flTS0cKWI4CIP32oEoJpe0tnT3SYQy+hjos0jE4EuZpb/hg== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9621b0bf-f684-41b7-da68-08d96b6a38bd X-MS-Exchange-CrossTenant-OriginalArrivalTime: 30 Aug 2021 03:57:01.6051 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-AuthSource: DB8EUR05FT054.eop-eur05.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: Internet X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB8EUR05HT085 Subject: [FFmpeg-devel] [PATCH v1 1/1] avcodec/vble: Return value check for init_get_bits X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ojrlY+g3XZxW avcodec/vble: Return value check for init_get_bits Similar to CVE-2021-38171 as the second argument for init_get_bits() can be crafted, a return value check for this function call is necessary. Also replace init_get_bits with init_get_bits8. --- libavcodec/vble.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavcodec/vble.c b/libavcodec/vble.c index f1400959e0..041a203fe9 100644 --- a/libavcodec/vble.c +++ b/libavcodec/vble.c @@ -146,7 +146,9 @@ static int vble_decode_frame(AVCodecContext *avctx, void *data, int *got_frame, if (version != 1) av_log(avctx, AV_LOG_WARNING, "Unsupported VBLE Version: %d\n", version); - init_get_bits(&gb, src + 4, (avpkt->size - 4) * 8); + ret = init_get_bits8(&gb, src + 4, avpkt->size - 4); + if (ret < 0) + return ret; /* Unpack */ if (vble_unpack(ctx, &gb) < 0) {