From patchwork Thu Feb 8 15:27:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nuo Mi X-Patchwork-Id: 46114 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:a586:b0:19e:8a94:b663 with SMTP id gd6csp339849pzc; Thu, 8 Feb 2024 07:27:55 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCX9/u+w1wDK4KLLBNtIC/J/7xanb+D16++MM99xBnio5kKvtU/lM1s9kMA+GVYwQzBMMak6Jwj6z0sCdliSKDqRF7ExxfT4lu6Ajg== X-Google-Smtp-Source: AGHT+IEiGdn/QVawPHr7kf+ed1zau+P8X+n8rsv+BQXjp8qfsUkimC9Ivjb7Tm3z2EOuUCyrMBWT X-Received: by 2002:a17:906:f117:b0:a38:20ed:e07a with SMTP id gv23-20020a170906f11700b00a3820ede07amr5761473ejb.3.1707406075552; Thu, 08 Feb 2024 07:27:55 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCXr7LLOgvD2XB5y1JjUhOHhMwmwD12TSGpftuTin/YkImFgkgeWKSWp1Lc+OI+HF/PcIlHEWZd8p1KWiat0/6bFl7gq8a1iG6TMJQB/8cmUQsCDe6rAp7Detr0JL8ov+HLz3Z+8f8Y13mSpGcW44g9B9tJt0S5+zZDvWbhiYNII/GTL/P+57sQPPqGcmHGj0RndcbAoSYbFJzx2e9uFDbPhmEb+3G+gxfSeUNtOEGMQxDphlOzRTLIbYVgn/SeYyfwvt2AtynxoxfkQS2WNJW0460mWD69IUot7zpv9pg9XOZsRVRG+TgMk4rSSms0nKeigQmCfmJ6yIAq426mDbDSxsADJmBS8tURFyMo/pUQBOnDLUHONoaCZZ51dF+l2QnJn/ESuzRZjrWyhpTP0xWZtUu83jheB8DPb7ATxH90B81HpoFvWvYlp2HdtrRmrOgsyZBpEudbXbL3HNoTqwiURUL+ZSGPvuwD+c9PX+FgRzEtWl+yNqtX4niZyrVpb9fprgG0uOJwE9dH3MLrS/iIqUOdBxqt8wSMO3tQBza+/ejXRUSPoZwHPI/0h9XTiQcmEnP3TN+egjSp5KgPgwTj0LA3dKv0dfGuQ5LjQVrFTC6flyPrq2CktUq4S6R65tq/ZqPDmckYVC6umFdEk61ch0GdhK/PiCGSU9rR+Nh1t2c7H4Tfly3neQ1PavLZO62aOAS0uwLadHY8ziT6WzJ1gfWx7x7URfOOYBi06QpmOz4cTT5ioOiYqIKOQZuIHJUHFILqBKQSvXHce4ZU2QAnh2KWKT0dtLjnTzG4MAsT51InN59xQLmpM4XVe9DSn/v3uIhyPDIpEIS0MUPPFHIMRwPivPCAihov674AFJQn6iasY+ioD8VReerAHriK4KHZQggVjOXCstx5p/RL5pmbf5dw2qC2xfLr+d76H+cJrVU0cglD31oRKLEPBjFvYs39LK2 MMd4d+o+1uD6Jo+rGGCRK4knXrJMxplcYQmM/OB7k80gYhs4ZMYyf70heOHLi9JUWC0XlKeyZvnehkUbjDYa+bmVuuXSkR7+iMKffh86ltmavyyrzaAgob5gZGmVCNdQUBLPlcLEcRqS9DTN6EVp8CA8p+ykVTQF625gZmahSAUJs9bNPAj3UftttjvAqz31xISjlB/Sogu3jt8/v53Nkd5jpEqC5640/5398Ftj4P3V48yk/wwwL6XrUsVm+zDAS27yW7NbMW8qWQ+uJ7VsbwUHSszbMyh4HbJwIyJYCmvJ+51H1THQiB6MDEb5t8qI19DC1edRXdgt0488qBdpoXOgmbKwd9SDixCcGC2OihB9Gq8IlF7ZM+0liozJ0X2t+lx0/h8LrLTer1Xf7rzgspfSPPk5z3h9biJfq/wh0XlrY+bSxzu5nHvunAagjNpB8KC8SDOAXc1bRj01lwa3bG2ObGXx35+QIMILl2UrxN3AsBaeYXNbh3HIa5+6gRo7N5JyZ74D4oxxM2/uQoFhC6zO1rPIBBs+ivMehAcvzJpX6zk7WRiwYC9aXdu4TqjJuIZ9263G07EnAaCm3ZTxSqlDAGQg== Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id lu16-20020a170906fad000b00a3bb0338464si135419ejb.1038.2024.02.08.07.27.55; Thu, 08 Feb 2024 07:27:55 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=So8mvlvg; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3997D68D147; Thu, 8 Feb 2024 17:27:52 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from APC01-TYZ-obe.outbound.protection.outlook.com (mail-tyzapc01olkn2104.outbound.protection.outlook.com [40.92.107.104]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 152E468C338 for ; Thu, 8 Feb 2024 17:27:45 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QW1lnTeWYzCR08/8qFYkxCyiqF6zrb/fnq25nU2Z+0WbEXLFjw4eaty9nmdSwCp6xwE5JIAHB3JuBdwUxG2i6GfZP0/FCPN3VV5CsEla5ROa1MQq/z1Llo3/6Sh32aBJ33qsAMlHhg7xq7ayDWiVBoRuXab7evNupoHhMUWK5iXdkTy0ltN9Ikwd4jfoJXW+bcLwTB0trDcSP0trlZonwP9Ux1rBu4xxPeCIx07TpgXp5x2gyDgI//1Nf5hvksm044AU/xib0+1iO4+g2w2+M/v3G174M2fZX6OIUM+/Iy89pFNes1pE35uPw8qTGW3eaaa5EtBG3pqRjoHBo3PiAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OMfFHDxttik/ZJFPp14NXIahB3Wj4RwuPb9r9o1hkP4=; b=JjpgEQMOldEiVkKabwd9DplLjjmOgOHrBl56oo+fIM/D7cP7Yujn91KPXeJYGr5g9n4RtSn+iE01drillE8/rdCw9724Fl13/PNNy0qjkD+i7qvlubctY/WOQlpALvd2GaXiMUMO9cXkbAz+ckEp+uJxOxgpSb8pNwVf4GhUi62gwrfxD/aJSkRGIzK7g/nBRwy4SHA4ftRyKFuYgmOwigELiJZJff+dlAA53mv0TOTPz2ic/GSJTOgq1T1Vgo/+MeI37fp+d54L/N741Z6eQC7k9k1pLj1QMjsQ2j5UbwrGU4TWva2VPawKOS9iE+SbuZn91Hx9x/wSW4wZ+f59Jw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=OMfFHDxttik/ZJFPp14NXIahB3Wj4RwuPb9r9o1hkP4=; b=So8mvlvg185cPB/XjQX1qPu3oCPDl5hl+3lIx26bo0TWa2lxLhtgUjPivee9uZJ4+yYHNhgA7Cp0TvmEpOl8rEjsuFctlkCvcUhx8NLbCbEaL3ZxsbabCz2vTDbgl9YlHbfGgSR2pKlKIPl3Z5FTYR1pl9NvUQVbi8rJm40IkUwpObekEKocU44CXUVCnZnq5EmFszjNOJEiqYpMSEx7i+IVU/RSWsa0gp2KeK9hGJfqkYn0Y8DAyHjiX5krImV2tGts8JUD6xd45NyZ4tdgAsbk9QO6QXFBZbI5Rsjgo300NBlbx4xlX6Iiu3BmO95AcjoOV26mLem/o27EsfYSJA== Received: from TYSPR06MB6433.apcprd06.prod.outlook.com (2603:1096:400:47a::6) by SI2PR06MB4154.apcprd06.prod.outlook.com (2603:1096:4:e9::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.39; Thu, 8 Feb 2024 15:27:40 +0000 Received: from TYSPR06MB6433.apcprd06.prod.outlook.com ([fe80::e139:fd7a:1b66:a3f7]) by TYSPR06MB6433.apcprd06.prod.outlook.com ([fe80::e139:fd7a:1b66:a3f7%7]) with mapi id 15.20.7270.024; Thu, 8 Feb 2024 15:27:39 +0000 From: Nuo Mi To: ffmpeg-devel@ffmpeg.org Date: Thu, 8 Feb 2024 23:27:09 +0800 Message-ID: X-Mailer: git-send-email 2.25.1 X-TMN: [BFQXIi9bPPO14MbYbKb1dDkGWPv9hCwF] X-ClientProxiedBy: TYCP301CA0038.JPNP301.PROD.OUTLOOK.COM (2603:1096:400:380::13) To TYSPR06MB6433.apcprd06.prod.outlook.com (2603:1096:400:47a::6) X-Microsoft-Original-Message-ID: <20240208152709.5109-1-nuomi2021@gmail.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 2 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TYSPR06MB6433:EE_|SI2PR06MB4154:EE_ X-MS-Office365-Filtering-Correlation-Id: c71ae034-3ed0-4909-ff52-08dc28ba7b41 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: svMbKLy66xozcpFblTSP5S2RFL5jrTCWwhGUrkT9QCqdYhf/alF3Xflk7FOVsTp8LgewB2kTfS5aCl8GDx4dN4L9ph7/exicgYzPd5NOXaTnPKafHE07d9GSMPqDjbkat9FWsfN59BcJj6IdLbZkuxKT+A+Q4/04ScOYiTsDtLC4xgA7ymtEnaTw7z8TTK7F7kLJZP2ddBxPoQxAGHm8vG7qs/AEY5J7qz8GfjLmRwf6R556GhsrFO6e/u6/cWja9mqYlyxHMqdi9jxV9zi/wpYThDkG/znP8yiI0CCZ9GVITAgaHSF0RKVGm8+y/3cbHBca6l9P8QI5kPtQAP3V+SGhu/aJiyOT8UgbXTFfCp9CuhvN9W8NOPBoI2TmDeGvxdajF8akIAzQHU1Pk2R2RpoJA1M5twrSH6tFCNfktbNPU4B3XYHQ/UaM9QzMvrY5Tyh0WbAj3zu9fGYQ89s5I40Vqf6JiOHJJPLxdple+VCud5t0ss6l+qGm9LoBu1Jp1HWD9iB8dACswXSFnKGtCv9UWCorpNPDr4wrPtlYA/4DIOh79Onl7xz5ldBJ1sf3+hBRTUMSKRbQuwR9vjcRcgiMYUV9TJkV5ZxfvbRmjrmMkdmrKdzgvZ8xjR5YjNWv X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: wjQvJx2tEoSsqU9BQIoB85FLmO7yom7Xg9tZvcuX33KuslIVYh18E9XpjomxynV2gA1KIT9G/JwigWBkAbU2Xc9FQ+1qCFWphyYUHbcK5fF4ecC0e0gxriE0kmzTHvjkKWx1zyYsaeeo3WvbwnjYSVRF15serAgs/1Oqm8cEFSVx5uVqX9v2OE30MUy0lhnG/ItzwFdbWm9SY5W3r3mrIW/zY4QrjIwLXtrPyJuwFmnR8jnANtqJ4WBhTq1B8Y4Tivox3bVL2nl2BNdkEPVq11keIeuAjtH34iBACOUi2eh5vuDKB4e87WIIg3MLewdofAKdBW5ktQIHBz45VG7ycl85s0yzdNhxoEmi2KufYIvH8jJFfMkplRDfsPRSV9SunJeOcPAy76aQ0QUgPdJfuNbD/LWRtVwdvGeFelhGcLV0Gb+OZNsOJ8n4ttfpJ49pSMAwLTBrgDc75WMvcV+euhXwFt1JzE3z4ijHybNv5bT/4F5KBpMxZfcDvl0EmI8wWkYljzpxGUDgaO2ptVjVEYZXUsrrfp76wgQcyVAO4fgJzTXzHFQtlaOh7rkg6YNIfOKUsVSkbyczTUoMeQfXmuib/sSwr+pUQ1leV8EL1cSqXFEffsg8Wl7o2uz0O7gni0c1qib5ET5lpLeFFCYz4DqDi3ihGsaHTe7yUsHn0pZQCuv9iwF6RYBXv606AkSX/av/s0L+in9knzmxV9cIG4ehm+EOQpveKVVDKf+W3L2NUvTPf51Ko+zmzX8Zf/cGV+6rjwv4k3Hp+BhvboaaCMAz3B3T6j+mdykP+TQV479gMMCkJQL/EGm8nRovs6t6bmsAg48uTd9nKKzDdiakz4ufzG6n0WYE+mYTQW0MshsjZrc386DYQ82XmWPzOKbLkwHMrpqg2cD1/JEfpWN7KK+jTw0wmvvPA7pwhjn51ukMajuSxhDVVCCRMoTVr30VFeTxl8Umu6czvf+QWVbepQ0208cJsPit6pcvhaP0cQ319+Ga+LbjsS0BmOoUDgf3lv9me6G6c4XCcyeYtgFhGEnPFNGZ9Or5gPtSt1P/XRJMXzhM7LMShSf8dd8YcVp8QFkbJP2yA2KYPe169MEeoZ3PHdASVlTdkIin8CQbcMhbCLpEDwRfuR377VCO4lUdjAlJO0D7W2nVfS4uChbGdEVUNGxvaY2rnjfAr84sEFb9fhJecLCp28B1C6OTtYMhlHw2ytQdjcufKEiAXZYHwTEae0mzEKmfOn2VAzS/EFJI4jGrYNara+6NTX6JPciK X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c71ae034-3ed0-4909-ff52-08dc28ba7b41 X-MS-Exchange-CrossTenant-AuthSource: TYSPR06MB6433.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2024 15:27:39.1013 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: SI2PR06MB4154 Subject: [FFmpeg-devel] [PATCH] avcodec/vvc_mp4toannexb: check the return of bytestream2_get_buffer X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Michael Niedermayer , Nuo Mi Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: RKsKiVZiTcDm Fixes: fuzzer timeout Fixes: 65253/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_MP4TOANNEXB_fuzzer-4972412487467008 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavcodec/bsf/vvc_mp4toannexb.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/libavcodec/bsf/vvc_mp4toannexb.c b/libavcodec/bsf/vvc_mp4toannexb.c index 25c3726918..a15c1eef5b 100644 --- a/libavcodec/bsf/vvc_mp4toannexb.c +++ b/libavcodec/bsf/vvc_mp4toannexb.c @@ -168,8 +168,10 @@ static int vvc_extradata_to_annexb(AVBSFContext *ctx) goto fail; AV_WB32(new_extradata + new_extradata_size, 1); // add the startcode - bytestream2_get_buffer(&gb, new_extradata + new_extradata_size + 4, - nalu_len); + if (bytestream2_get_buffer(&gb, new_extradata + new_extradata_size + 4, nalu_len) != nalu_len) { + ret = AVERROR_INVALIDDATA; + goto fail; + } new_extradata_size += 4 + nalu_len; memset(new_extradata + new_extradata_size, 0, AV_INPUT_BUFFER_PADDING_SIZE); @@ -298,8 +300,10 @@ static int vvc_mp4toannexb_filter(AVBSFContext *ctx, AVPacket *out) if (extra_size) memcpy(out->data + prev_size, ctx->par_out->extradata, extra_size); AV_WB32(out->data + prev_size + extra_size, 1); - bytestream2_get_buffer(&gb, out->data + prev_size + 4 + extra_size, - nalu_size); + if (bytestream2_get_buffer(&gb, out->data + prev_size + 4 + extra_size, nalu_size) != nalu_size) { + ret = AVERROR_INVALIDDATA; + goto fail; + } } ret = av_packet_copy_props(out, in);