From patchwork Wed Jul 17 11:27:41 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50611 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:40f5:b0:482:c625:d099 with SMTP id lb53csp856214vqb; Wed, 17 Jul 2024 04:28:00 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVYNScKNskHQqrFPwG2H4RcaTR4v38UO/NBus8RKAJtb/h5WgS4/qCULjSYQAsOiVwf55JS0CCDh3/xsBvA+A6axF7uWbLmGEmtGA== X-Google-Smtp-Source: AGHT+IGAbNtzylDYZotQsKkbrN16gV2m6IwdAhSS2pvAlVaOVNUUDVZqs9i/PcqWA8a+Ut0zgVXh X-Received: by 2002:a2e:9bd0:0:b0:2ec:558d:4e0a with SMTP id 38308e7fff4ca-2eefd0b4575mr13195941fa.19.1721215679805; Wed, 17 Jul 2024 04:27:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721215679; cv=none; d=google.com; s=arc-20160816; b=ImqJ6rTO4YyzBW9mT6CHhryxz1BD2nNPeXy+nzaS8NFkXwmFI3pAZv0UiBVfdpdATA y0EQu+ypZb9rbPDwzLI6jYtP/TsDC58ppS1Huy2mG3+mGIix/KgjH109NXS9AOPKCFkJ 7TiuqynPQi7aWHM1DyZXESiWKOycW70Wqy4qIbdss1W5SfF34BkBN/I0xwbAcSjj5QW3 1R9HHpVz/FFF3kxzSPWgaKT1gBEQgYtTe8Ow84bV6v5bC3o4IoCbWA7gWjWIoQWy5BrW sMbzFlHXiiYqcXLZpsOhrvVAA3FbDto+7WSIgQiGdK7oDoG2ezzr1iI5GZzVHztICCSQ +MEw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=pFy8vNjUkvb20SnqRdW9btHuj7tk88Sq/qU4+6ortMQ=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=rupaIq/EWxfFLc1rmy89vCLnL6lePyMBtTeBwwy0es5p1/8AJns/cFsGPozUoii84r zxoKBCs5rkiNyPiaIk3n1bSl5yM3WoURb9KcZDg13ZtPKox8ZVy12+A+8xruHn+V9G/m 8HA6CiM3tUNWJGo5VD21/UF8bnOiM5vC+P30GeNte9i0F6IAYn4pKv4v0IeOYXbTIbpM YIB4K3u5vi6pavJGL20PAgSWf+X2JbeLkQsGcWewzK47LLCdiL8cGbnHkK6qsFAHf/u5 JU1A6VsfVYwiR3+rJyPXCkBNss97W2CG13xuvsg9DKzT3WN4TeVao5dBHUN+bkVZW1qN Y1vQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=gbQcdvCT; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 38308e7fff4ca-2eee17ad563si24287351fa.147.2024.07.17.04.27.59; Wed, 17 Jul 2024 04:27:59 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=gbQcdvCT; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 48F6868D892; Wed, 17 Jul 2024 14:27:54 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D5B3D68D92E for ; Wed, 17 Jul 2024 14:27:47 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id EE7B9240005 for ; Wed, 17 Jul 2024 11:27:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1721215667; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=jZtuZzaJo14syPRnA75whQ0rRRQALmE9Gk0bngFDZGY=; b=gbQcdvCT63tWwuU8tLLdLHwQ+JbWKRiit0tx55BYxRrmgOI7Z1NPZQXdRhWa3M29myyNex 1DZrGiy5GozxIK6FGKoQSHV8s6KE6VLNsvbclw/SrF9Rs6oouMIiUBAb14khmQQmWkW1GO y1Tppfg/07Moh1shKtHmeA3fmw1eA2oS3+/z23BGGNi5CHC04Mq3eY2FLmm5mTpfyT0xei zhgeMOSCbZ8OW/T2EgK7Ie351hbiaYM6Zg6VKfujDpaJsIZoNoOFVI05Q4PXszfn5U1ID4 Jjf9OjFVlo4ARGQXvcuhISjwMmtEsThP/5UyRhkU+xaZS11PLEWDqQPUPuuxBQ== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 17 Jul 2024 13:27:41 +0200 Message-ID: <20240717112745.1624968-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 1/5] avutil/timecode: Use a 64bit framenum internally X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: gzIccgtcr/rf Fixes: negation of -2147483648 cannot be represented in type 'int'; cast to an unsigned type to negate this value to itself Fixes: 68550/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6424065930756096 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavutil/timecode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavutil/timecode.c b/libavutil/timecode.c index bd879bd3cc0..f40a10eb385 100644 --- a/libavutil/timecode.c +++ b/libavutil/timecode.c @@ -100,11 +100,12 @@ uint32_t av_timecode_get_smpte(AVRational rate, int drop, int hh, int mm, int ss return tc; } -char *av_timecode_make_string(const AVTimecode *tc, char *buf, int framenum) +char *av_timecode_make_string(const AVTimecode *tc, char *buf, int framenum_arg) { int fps = tc->fps; int drop = tc->flags & AV_TIMECODE_FLAG_DROPFRAME; int hh, mm, ss, ff, ff_len, neg = 0; + int64_t framenum = framenum_arg; framenum += tc->start; if (drop) From patchwork Wed Jul 17 11:27:42 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50612 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:40f5:b0:482:c625:d099 with SMTP id lb53csp856308vqb; Wed, 17 Jul 2024 04:28:11 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXsWZIhnOocZuIx9HEbS5HpBTsRwYjpr/R54z62MvA7Xkx0G61WYo8EXtDN6UYwr+u/AGnVxyLJlXcVqKmgMITMqL3/A5h2UvtiTA== X-Google-Smtp-Source: AGHT+IE+YTt1rofEB5efqy8c3dm6qoeju4GvzjGM1S/mx4X2fT8pImI2rNzLkag6y5zb2D4r8nSA X-Received: by 2002:a2e:b557:0:b0:2ee:4cb9:8057 with SMTP id 38308e7fff4ca-2eef56edcd4mr13216171fa.23.1721215691192; Wed, 17 Jul 2024 04:28:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721215691; cv=none; d=google.com; s=arc-20160816; b=ztFa7hzKIarwmeEFPbprCTwtR3z0+Vbv4T8Zo3AGr9B5ZGyryYHmEEshQNqTc1fYX+ myRE/ijFZ5RclaItYRo/ABFarUI5m5fLxnCLdiZMvCZViE+LH1z8244vgtmbulNfpcrj f1M4OXEBQW/b3DpTXOwrWkgd6+uweE03wq85Z/mtceu6ITBZmfxmzRai2OhYb1SoYeG6 H378h50AR1GVpkMsFwWxtwaBRE6T4LhNZydoyYayADhcfA9N16Hq5ApA1obSTWc4RFx8 PvVamzNIN/y0axCXt6c3ZoihLAY3sBgO2d9DZfTW8NqwYa+jylAqSy4RXY7DhLRFAFHs h3Sw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=eWM3BZuVWLdSUeaPa5dZFnwPsqUdXvn5FmTKTzEeJJI=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=woJLN1fZ9R+LFL/HShE1KWM02RtwmZiN9PFv2wDyYvwQtxLT+ut8nEZdnnFHspz8VS j9eJ72vzNRP49ZrQxeO5d3bPgZs2cyXshAI3nPsUu+m48m1Dg27lw1yVE2mw0vbFK/R8 8gHKfpEvDO0Z3JSgpM/4p8FGdM8v1KIubaNMTJ9gmhGhslsQODz8+ZCRhcfQwi1a41HE +rR6IyyxiJxLa6xPCYziBRwpYbLrDTZnmQ82l/AOnb5eifRMA0WetgYGTkITI+cT5BJl d/+8lTtzqvMMBCj+ngm6dPKIvqsJ9e5iPQqeyJlJcHt9y+sI08NtcnWA1ocxmLDkLCNb qWOw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=S6qnGcAD; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 38308e7fff4ca-2eee195bb41si24573291fa.555.2024.07.17.04.28.10; Wed, 17 Jul 2024 04:28:11 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=S6qnGcAD; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 60E4268DA89; Wed, 17 Jul 2024 14:27:55 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A748068D98F for ; Wed, 17 Jul 2024 14:27:48 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id E972D20005 for ; Wed, 17 Jul 2024 11:27:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1721215668; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7IokNtUOjiNjbregTN1M6XcfhuQ/ofBWEAz0deNeIYs=; b=S6qnGcAD2SWyg7BgeFlBBpHSbWs81Fh3znB3oJ+4H4/zsj3+5YVuZnQu/ap9r+r0VmnpCT +rDIn9DfORaGqEGzL3gmTf+0elMyk3R9WoSxdJnlgGqcOXyAtwAr3FGNQq7jw0RGb0tPOw wSRWqhOp6wgx08jzHqrlHdb0tU6yEE/PLiEVg4O1coikHKdveD4DDCTDsREAGF77WuBEHt 7HZ+1KLn6FJmr7Q9Q/Gy4ihY3fIY8uhH5Q296zCgERbCnKQPPL7OfMn4zX/ow5iKi0Lan5 uoHxajhqALyla5Um7cj6VIJKZXAx/FnIifoUHIwRCv6UytkRpMqFjpWgbkZdmA== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 17 Jul 2024 13:27:42 +0200 Message-ID: <20240717112745.1624968-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240717112745.1624968-1-michael@niedermayer.cc> References: <20240717112745.1624968-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 2/5] avformat/mxfdec: Reorder elements of expression in bisect loop X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: wFEcSuQtBpZh Fixes: signed integer overflow: 9223372036854775807 - -1 cannot be represented in type 'long' Fixes: 68578/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6032171648221184 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index a5863445ab5..af0c8a31007 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -3821,8 +3821,7 @@ static int mxf_get_next_track_edit_unit(MXFContext *mxf, MXFTrack *track, int64_ a = -1; b = track->original_duration; - - while (b - a > 1) { + while (b - 1 > a) { m = (a + b) >> 1; if (mxf_edit_unit_absolute_offset(mxf, t, m, track->edit_rate, NULL, &offset, NULL, 0) < 0) return -1; From patchwork Wed Jul 17 11:27:43 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50613 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:40f5:b0:482:c625:d099 with SMTP id lb53csp856354vqb; Wed, 17 Jul 2024 04:28:19 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVCjH+HfR/yT4SamMmZGrnG3cwfuoBVA6/GPIfDtFDVKsYBXEo7jk6dSAjDMGd6ByNcJmi9Kh1gNljucJdFKWcXXpXfrStVwRNjvw== X-Google-Smtp-Source: AGHT+IEIkwpCyCZZ8Inb3amlek2UoJUwKkiEgeyhBAELq3VtkzoB0poocQsN+iSlcZx2Ec3zUc/n X-Received: by 2002:a17:907:7701:b0:a6f:a2aa:a4c7 with SMTP id a640c23a62f3a-a79eda04102mr472703166b.3.1721215698862; Wed, 17 Jul 2024 04:28:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721215698; cv=none; d=google.com; s=arc-20160816; b=NOIuJFQ0wHUq8RVZ3SCnhZvvHBrQgqkndLwQk6pZT57/6v32wzzX5AArnS+uJhGcB0 6U+bvpL2wo9IJ+Z6cPeZG3TOa1NtjW9wQLwHy0mAI0LH3LAAkZFG+beNjBQFmeKkJ6L3 SlVb2gGsVYHQ4je4lwHhFY7Twse7ooie97UKNOsosKMG9pTBpIK2wkxbULI+JorxytQl 5v1UJ0wYAJiJaK24vM6VuOi9MjfJP5dLJL/MwEKG3cawkXhc7l0Y0ePUe1hLBbMww5sz OQqPKw6Xj9USglC9tiJJZg5ONAJCLozxNB2b8fi3sxXzhI0Igc8jiT+/1RrqRCxC/WWV lOCQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=Jv20XnBFfyUcOsCyCSXV15K0mjz9P3m7XOoUbewF4vU=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=I7Y1eAuEEmKl+6YOPfVoxIA5F5nIaOL5EIAryVGs1D1CFJHAWzuWEsKuXCOv+NwvKv y1XeHTwA++le+b5RRoNB80Vl/9cYpyBTYWK36K3TtseidHnu3iHxH4ZgQCYakd6y+LQv CMYh8zeBATDnhtLneTvSuGxwOJsOqsOu4AXJrQ1hg/OXNvFFbmlFJNJJDj/CYer8ai2A qIo4A5EjpLQxj/7/0yDRb1DlKzojMyJ3FTXzRuuz1tHIYSlyh4ZSqOCDFih2iEoAPmdp 4hmF+qFNjzO65xdyT3rRnsivFBtsjkGHBkMmxSGb5CqnRQjkzmSOu+j6cNnGm0iC2aPy zoNQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=duy4SpaT; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a79bc804782si482501466b.758.2024.07.17.04.28.18; Wed, 17 Jul 2024 04:28:18 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=duy4SpaT; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BA02668DA66; Wed, 17 Jul 2024 14:27:57 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D1C7868DA54 for ; Wed, 17 Jul 2024 14:27:49 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 140B1E0007 for ; Wed, 17 Jul 2024 11:27:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1721215669; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=7coEptrMhAZGjexW01mnxYDonv7CAWPPbzlAphvvPIY=; b=duy4SpaTN4AgPyQwxPJ0Gemo4SnnK4ID/gqHjqc3mYkzKw2V4aASqr2juBK6a4g8DXJkJb iBcm8ouljU46DvT9DZyuOMFTntf5Hj/mkNzH0MqngFdfKmvncDAnOoKwbb9MxNZPgT1LS7 eX1VreG7qkMi2STSQO7MomN9rztjJ8jepboXSKswV/rJiH3eEWnebXCP4A3N9IN9BmHwXI b9LZYoJM47kn51L6Qd1LmsgGY5e4SvYo1QDi8/StM00RrrWrWo6jElfzzkSfv/hDdVzS5K g4pZgZx8V8M2yaKTqYKdknTGf5Dl5ShfJwsFeIswbCnYPTx2xEkyBb5idPyznw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 17 Jul 2024 13:27:43 +0200 Message-ID: <20240717112745.1624968-3-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240717112745.1624968-1-michael@niedermayer.cc> References: <20240717112745.1624968-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 3/5] avformat/iamfdec: Check nb_layers before dereferencing layer X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: dI5WHSnlq+ku Fixes: dereferencing pointers near NULL Fixes: 70432/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5255672845893632 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/iamfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c index ce6d4aa0647..2e6608b8685 100644 --- a/libavformat/iamfdec.c +++ b/libavformat/iamfdec.c @@ -107,7 +107,7 @@ static int iamf_read_header(AVFormatContext *s) if (ret < 0) return ret; - if (!i && !j && audio_element->layers[0].substream_count == 1) + if (!i && !j && audio_element->nb_layers && audio_element->layers[0].substream_count == 1) st->disposition |= AV_DISPOSITION_DEFAULT; else st->disposition |= AV_DISPOSITION_DEPENDENT; From patchwork Wed Jul 17 11:27:44 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50614 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:40f5:b0:482:c625:d099 with SMTP id lb53csp856421vqb; Wed, 17 Jul 2024 04:28:28 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCV5S0GwDO3/KNfcwq66HqM+nHMQndYL49c6JYwSb3ew1PuZQ9s0nVCLv48yCi2/nntdxZSl9IDAQDOhL5woH7JHS7v44UfLsiUFyA== X-Google-Smtp-Source: AGHT+IGC3oZ77hOXxolFFUuraBaHtV/oh93hvmzroJyULBuFU0sr5kPmrJrhJXgT36xLiR6Vrj6E X-Received: by 2002:a05:6512:2216:b0:52e:943c:c61a with SMTP id 2adb3069b0e04-52ee544b53amr946090e87.57.1721215708003; Wed, 17 Jul 2024 04:28:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721215707; cv=none; d=google.com; s=arc-20160816; b=SHBhn1jvLz5PSWBf9bOSKl0s237Jo6AQggIq5qbYnymok7ziqZo3/uEFhooSELNLhF KvcFIUJeCvvBI6WHriSs9SiizyBUEV8cHMginFv2jAHFb14zS5lszhE4ocApQUy4lBmW 6nLAmHbDSuEtOWopdYF560sOecmZ/gbUuak1OiIHw+oztG6bnyndlha/TQ2pcBKiVF6f vRTqKtWnjN2zA01MKh4CTzPrzkV6RjkGBclukG8WkzkDEMocvIWoWYitGtf5XttYbvrh prBDPGg7CKMlYuJAKPqJuCDTBPHGm75OrIkhCJ+YqvU6fWHaHvXbDVLvIcAnkK+5PfP5 hVPw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=OwpCvCzMKq37vASkCeh8/Muvjp8rt/2yP92bZ74dCgs=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=ou3yge7/Jov20yXImJLNBfElyu0+gefp6Sll+y9uhzcswSQrRx1yJ7Ikoo+LDx2QiC MMV+LXQBWzkNZVXdXTTDbGMFtd/CY7ZUjVQyW98Z2IS3hJW4u96Pf3kCX4eHKxJb3LX4 DmK8+rC7j7DuoQ12DNXWiKzg5whSuEh2MzJt7hEKI0DxZKushzTdFZ7U1TMvWyuPK/iv AQr06VrKV10fR1b9A0xoR7FjJI675NG7+ciYtfYnHIjI0C4ShN8NGJNEr63c3rZYmUyB dc6aYmC4tzD+QO8gDVJu7m+NQhabLK7tJQerAPknydC1rg1oHAMBuqJCalGb/6csMzrB 3C7w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=LHhXcSL7; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a79bc7ff9e5si494625166b.643.2024.07.17.04.28.27; Wed, 17 Jul 2024 04:28:27 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=LHhXcSL7; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2F29768DABE; Wed, 17 Jul 2024 14:27:59 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net [217.70.183.198]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EE14368DA56 for ; Wed, 17 Jul 2024 14:27:50 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 2E6B0C0005 for ; Wed, 17 Jul 2024 11:27:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1721215670; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=otmC4IXwY7c908aGo6+tcLMyR3gbZifHuVYs70PkyzA=; b=LHhXcSL7WewuFcXRf1n+kb9Feksth20PMPJBIlhv+w9VkOA6StDzqkD3JN3Vt/NCqpyL47 Hnc941bkr+TEvg4DPq46dKe/dKvprJQEU9Jl27m6Rm5kjzu7/ah1RimqeW0uR5D98+Cmx3 07AhJSD2cs1+L43zA4GB4dGfy6CFRVvA5HwGortKYEGGeAt7sKjlAybBs05VXE+k4QKRcS JHPsVvMLw34Ka6DL5G+PhHlaVcIBhlnYsEnzLyFLPZVd/iKU7e4ug6zS8T6/sZ9MvppNhj exBLTH+s+O8aHeWGjxsP6y0fzdM3HaY5pvGMT28OVjjqN8+Cr4pvoazitJe5cA== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 17 Jul 2024 13:27:44 +0200 Message-ID: <20240717112745.1624968-4-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240717112745.1624968-1-michael@niedermayer.cc> References: <20240717112745.1624968-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 4/5] swscale/output: Fix integer overflows in yuv2rgba64_X_c_template X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: EOOGJA9nzkwL Fixes: signed integer overflow: -1082982400 + -1068681048 cannot be represented in type 'int' Fixes: 69995/clusterfuzz-testcase-minimized-ffmpeg_SWS_fuzzer-6285740271534080 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libswscale/output.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/libswscale/output.c b/libswscale/output.c index 0e6181b3e01..e8dd2145ce6 100644 --- a/libswscale/output.c +++ b/libswscale/output.c @@ -1059,8 +1059,8 @@ yuv2rgba64_X_c_template(SwsContext *c, const int16_t *lumFilter, for (i = 0; i < ((dstW + 1) >> 1); i++) { int j; - int Y1 = -0x40000000; - int Y2 = -0x40000000; + unsigned Y1 = -0x40000000; + unsigned Y2 = -0x40000000; int U = -(128 << 23); // 19 int V = -(128 << 23); int R, G, B; @@ -1088,9 +1088,9 @@ yuv2rgba64_X_c_template(SwsContext *c, const int16_t *lumFilter, } // 8 bits: 12+15=27; 16 bits: 12+19=31 - Y1 >>= 14; // 10 + Y1 = (int)Y1 >> 14; // 10 Y1 += 0x10000; - Y2 >>= 14; + Y2 = (int)Y2 >> 14; Y2 += 0x10000; U >>= 14; V >>= 14; @@ -1109,20 +1109,20 @@ yuv2rgba64_X_c_template(SwsContext *c, const int16_t *lumFilter, B = U * c->yuv2rgb_u2b_coeff; // 8 bits: 30 - 22 = 8 bits, 16 bits: 30 bits - 14 = 16 bits - output_pixel(&dest[0], av_clip_uintp2(((R_B + Y1) >> 14) + (1<<15), 16)); - output_pixel(&dest[1], av_clip_uintp2((( G + Y1) >> 14) + (1<<15), 16)); - output_pixel(&dest[2], av_clip_uintp2(((B_R + Y1) >> 14) + (1<<15), 16)); + output_pixel(&dest[0], av_clip_uintp2(((int)(R_B + Y1) >> 14) + (1<<15), 16)); + output_pixel(&dest[1], av_clip_uintp2(((int)( G + Y1) >> 14) + (1<<15), 16)); + output_pixel(&dest[2], av_clip_uintp2(((int)(B_R + Y1) >> 14) + (1<<15), 16)); if (eightbytes) { output_pixel(&dest[3], av_clip_uintp2(A1 , 30) >> 14); - output_pixel(&dest[4], av_clip_uintp2(((R_B + Y2) >> 14) + (1<<15), 16)); - output_pixel(&dest[5], av_clip_uintp2((( G + Y2) >> 14) + (1<<15), 16)); - output_pixel(&dest[6], av_clip_uintp2(((B_R + Y2) >> 14) + (1<<15), 16)); + output_pixel(&dest[4], av_clip_uintp2(((int)(R_B + Y2) >> 14) + (1<<15), 16)); + output_pixel(&dest[5], av_clip_uintp2(((int)( G + Y2) >> 14) + (1<<15), 16)); + output_pixel(&dest[6], av_clip_uintp2(((int)(B_R + Y2) >> 14) + (1<<15), 16)); output_pixel(&dest[7], av_clip_uintp2(A2 , 30) >> 14); dest += 8; } else { - output_pixel(&dest[3], av_clip_uintp2(((R_B + Y2) >> 14) + (1<<15), 16)); - output_pixel(&dest[4], av_clip_uintp2((( G + Y2) >> 14) + (1<<15), 16)); - output_pixel(&dest[5], av_clip_uintp2(((B_R + Y2) >> 14) + (1<<15), 16)); + output_pixel(&dest[3], av_clip_uintp2(((int)(R_B + Y2) >> 14) + (1<<15), 16)); + output_pixel(&dest[4], av_clip_uintp2(((int)( G + Y2) >> 14) + (1<<15), 16)); + output_pixel(&dest[5], av_clip_uintp2(((int)(B_R + Y2) >> 14) + (1<<15), 16)); dest += 6; } } From patchwork Wed Jul 17 11:27:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50615 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:612c:40f5:b0:482:c625:d099 with SMTP id lb53csp856514vqb; Wed, 17 Jul 2024 04:28:37 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWp342OW6jE01zBkCmjEiHbKEAAJjb7gXBvNh8aw48ufVHGYYkeFprs8HXV323eFPTdhXMbZ4xheUu4cE+sxrlEOVoO+68g91FxJA== X-Google-Smtp-Source: AGHT+IE6pLcbpQ6WEZvRMMFY9V8cmVXnZ1uR+ew01aa9tPzr6mFizW4FeKD34YOJwxYHXVo+QKtl X-Received: by 2002:a17:906:7949:b0:a72:5f3f:27a2 with SMTP id a640c23a62f3a-a7a008d2812mr169162766b.26.1721215717388; Wed, 17 Jul 2024 04:28:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721215717; cv=none; d=google.com; s=arc-20160816; b=R3zE+jw7XTZkXL9uUc2cqVSdwneoTDTOcpxTTiXkSDSJzNAdqoumhaFSyWk8k/XNCd Yz0AXr8HRP7/P6YXj91gcrPBuRz/ET4qmK4NA6kRlJ7LGXO89I+aDNvVY787RnlpT4rj zQ9jojyiWGu9cTmbG26MyG/sMsxPT4/2vHpNIQTX8qECfdBNA6XrA8UNKajdlmsZgkCW 6oETuQnmKiA4YpV4p9WwpIhsqu8fDrNhTJqg12aAkPdXtDfI87HSRkXWrC1lRev1HZpG slXRdfI/D6VzjpuevCd0Jf9qjhxvOD7ZphNrAr2J/s54i8Ik1uBHNcBoFHvErk0ZPTMv WwCw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=Z4fKZenSKhzD66MknX2h06gwS0jsKBMeRnkmOpYZJ/Y=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=UN3ji287CdAX1w8Zygv1GDn5iPcyRkCccWILMxt91P4AR8BprEHDBDF8QubPB8VZ2k y/fI9dTekyvu80E/VtEEpY1SCDD4rPo28FheXCe0X5pSBbW8QKdkqoF+wGBvPFWbp/Cz 2DTKm9FsJGo/jskr54KseOIT6ND7X2zu5YWlLwbVblpLTFLTZh1rHKaLf309WWI8AlZ+ vFwABZm0R6JS8BabHUfx+Zo9owjeZZtSe5fj1bSHDBe2NeY6b9/ZIxUcABs3CzzLj66a gzJgW5hm3gYsweMUmhIRS03/CpHixWu6ogUqKQHvAjXsPt45icW5Oi28RJGf1WpVUhbo 9KsA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=nosUFWwV; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a79bc7c1d39si530073466b.476.2024.07.17.04.28.36; Wed, 17 Jul 2024 04:28:37 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=nosUFWwV; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5579F68DAA5; Wed, 17 Jul 2024 14:28:00 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8FAF568DA56 for ; Wed, 17 Jul 2024 14:27:51 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id F220320003 for ; Wed, 17 Jul 2024 11:27:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1721215671; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IWLH7UZLupira0um/PshUPVdGkQq9mhet02XWGlyg7Y=; b=nosUFWwVjEa2Jsb3qpMRJBzD8W5ycMmVMptufPuwKXc2EaLaKdBc0g043BizPzL0xYPjll 1h3QXzwsQwVVHLEwwe6HN8uHjhIU99+7cTJzJJu1Q+gwnnFPxJAWF8J5wYxnUQ4jnFLLf1 85WDP/4O0/GqrV+rM7dHjwkRv8g0hvCqDS9XXnphU6km5RppQdW2LaWH9Qf0IT/pN6zbw7 dkiDB3+aCRxJ5mM9PIm1B7wL2BvVWCR/APckdjrsqedYAv4L6uIiEwPJEdGcS8etcJMDeT XP5ilnKiLWqBPyoyoQE7IlbcFtNV9lNGumBv6NyIW+E57JjlvkwXlUXsXaTd4w== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 17 Jul 2024 13:27:45 +0200 Message-ID: <20240717112745.1624968-5-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240717112745.1624968-1-michael@niedermayer.cc> References: <20240717112745.1624968-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 5/5] avformat/iamf_parse: Check for negative sample sizes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: T4YJ92wSgYGB Fixes: index -2 out of bounds for type 'const enum AVCodecID [3]' Fixes: 69866/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4971166119821312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/iamf_parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c index a69d4a2f3a5..b3cf90467ba 100644 --- a/libavformat/iamf_parse.c +++ b/libavformat/iamf_parse.c @@ -146,7 +146,7 @@ static int ipcm_decoder_config(IAMFCodecConfig *codec_config, }; int sample_format = avio_r8(pb); // 0 = BE, 1 = LE int sample_size = (avio_r8(pb) / 8 - 2); // 16, 24, 32 - if (sample_format > 1 || sample_size > 2) + if (sample_format > 1 || sample_size > 2U) return AVERROR_INVALIDDATA; codec_config->codec_id = sample_fmt[sample_format][sample_size];