From patchwork Tue Aug 6 22:18:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50914 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:d7b2:0:b0:489:2eb3:e4c4 with SMTP id dc18csp22214vqb; Tue, 6 Aug 2024 15:19:06 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXRpVJJba5O7vHR0enp0T+gpFoPZAIkMcZb1H7uQmMGVCafHXnCIayLwjPIzvu3SjcjDYmx007BD7A+tq8TgHZBWsDk+bP/a5e6hA== X-Google-Smtp-Source: AGHT+IFjQnBp1GLr8KyHVFXjQJJKeKTIjP5jpvev4/ghbgLoxl3sniCnTbaeHZjIXghJ90rV1tWe X-Received: by 2002:a50:eac1:0:b0:5a3:b45:3970 with SMTP id 4fb4d7f45d1cf-5b7f0bd6f5cmr11328774a12.0.1722982745921; Tue, 06 Aug 2024 15:19:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722982745; cv=none; d=google.com; s=arc-20160816; b=i5w6Z35O0xryj/xQMbVFhi+qF8GTc5YkCvA3IUvx6GxE7m6stj6g+eNJdjLp+gsPDV G4BPLx9eSmYhnXHPNoVKEaLUCD0gAgsPuygoFnISPMTHbTUqHbK4n1+T2KpbRzr7dAvT XCWQ+AWH4t1HZcaw0cmxiADOOLFYyzGbP7ff+aScK9J0YVAZiUgq27dIPC4hJ1zgQXvA HwO1zTtQmNXolmkwAABNnkImE0owl27V+N9lEIYHMa3Z9JQ6/G47Kc7ZScJSxNT1oYQE KFX49USSh9RWr+vZwbb5QkwuT7imYv995yxQtePxFE6yDnZdiSVMDvSAvDOJCU3IIOdX rPNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=tRSQd1dI+i4/pUjIQW6MMIH1tvgMj3xm93/w3KZ7E1M=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=pVPSmviF95ozC5Vn2UkdeZZopeIDhqN0G0ePH90bx17cZBCKABT2/uJbNbiOESDnv3 wztMlWy21O+GwKUZ0Dw4FNasDRQ7VC04LgN5ZbUB8hj17RcQ8N3LpZIHRWl7diM/M2+Z AtYNWtsuX+0G3cwpbnTCz1An2k/sZ33q5L/c4PkhbBWoo/VTOpCiJ5yFnVvxLcD6O+vp pS1tqejoecGNmw06pLY3fSDWLwP5UrO6chYX3Cfr+0jwxnqucZDIfstC0KxM4UrWRZoJ E4wzkKt/66vHdBdID/JLWomTCvkS7nyIfRKlXRpsfkTGg894idJyXdC+R8cv9EebX1h/ cPCw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=pXWYuMx4; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-5b83c61b08dsi6150706a12.519.2024.08.06.15.19.05; Tue, 06 Aug 2024 15:19:05 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=pXWYuMx4; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4770568DA9F; Wed, 7 Aug 2024 01:19:03 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3F3CD68D9D2 for ; Wed, 7 Aug 2024 01:18:55 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 7BD6A1BF204 for ; Tue, 6 Aug 2024 22:18:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722982734; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=5gwRuzgZbKUZNhWx5b51gsYHOMv+bXhnoQzEBO2j550=; b=pXWYuMx4pBb1CT3VFY7rMoRqDnk4thf1KMbAvhggO6oJcS4cOepkAGuj+BZlrJQFfp/wbP Cptb8EDskvp0QD23qe0b/A7FrLinO/y5kP5zWzbzeyr6aonbcOmK01sT5KzF5MMKitKBcH wDvSulhhaf4JMs89nMVYEiikHkniA9dvbOCR5vvSfbcMZEUJxL8t0hDb04a23QQyXmg0lo U6z2eLbmTaEH1cb0SAQNv5U/mEL1Ft8//JBuk0vVWzhM5Ip5BlXx9TVw8oJV9oMZ6yAmyP Ifhb9tdvX2Ljrym6ONK6e4ry5V2iZqyzkWbdQ1GHQPl1KYeIaSMxk/OY2OOHCg== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 7 Aug 2024 00:18:48 +0200 Message-ID: <20240806221853.959177-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 1/6] avformat/segafilm: Set keyframe X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ShWz7GGFEfEL Fixes: use of uninitialized value Fixes: 70871/clusterfuzz-testcase-minimized-ffmpeg_dem_SEGAFILM_fuzzer-5883617752973312 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/segafilm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index 96a50c0e3b3..e72d872f963 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -234,6 +234,7 @@ static int film_read_header(AVFormatContext *s) else if (film->audio_type != AV_CODEC_ID_NONE) audio_frame_counter += (film->sample_table[i].sample_size / (film->audio_channels * film->audio_bits / 8)); + film->sample_table[i].keyframe = 1; } else { film->sample_table[i].stream = film->video_stream_index; film->sample_table[i].pts = AV_RB32(&scratch[8]) & 0x7FFFFFFF; From patchwork Tue Aug 6 22:18:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50915 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:d7b2:0:b0:489:2eb3:e4c4 with SMTP id dc18csp22316vqb; Tue, 6 Aug 2024 15:19:21 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUqz1vtMRsNE9QgBhwtKKNPtiIZ+sXdxEa4DNWZsfdMljyOaDyBX0PjtmlT++yOLsI4oVxguGy+xJQXILEEHRCFd9aVLpM2+LY61Q== X-Google-Smtp-Source: AGHT+IEsqSaqC9FX2pgtvY4KWkgockwM++ANw9SF29lSlZznyhcJtDSLn5l3GZsEKRdL6nsnEr/K X-Received: by 2002:a05:6512:1094:b0:530:b76c:65df with SMTP id 2adb3069b0e04-530bb388cd9mr11408414e87.35.1722982760851; Tue, 06 Aug 2024 15:19:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722982760; cv=none; d=google.com; s=arc-20160816; b=UzTIlrQ3r0SAxMBsBDVRbnP/6xOdAyrtZ6ucy5tiD3WsOzC5ogpYgVUwcQxLslzBZy cYSk2URVJDfmtWxS3BherEKxHQqwMEoqU9FdhEtCZm92DV/1XZYkTzCT9ImUXOmonY0j BbKT2YiG5ULF44e00kXz3aM9QpghTkkG4rkgGU5F1nbflG6+Y/tVQtt+nZoGKkDD8wEV 0i9rgR5CDITM1g5SiesIPPEI1tFpVvbRBsb+USXSiCCi0jOKP4VqH2KENu5jEy6KoNv7 ItlcRyNv4lBC/DYXS6GDJp/SZRtII73kWP4UUQtnN3K5D9WBz4VVELsljIVSBRhrP9Yi 4NlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=HWtLj8z0PAZAP/8urJ8E5Oxig0vRfS+NWYKfvcixtdo=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=DMWlRL9j7f9rPIqiEYzje6e5yLB87DLc47wCL1RosnJTNiPd+gNO23/FEmtpuPyxA2 EivyaOFKrNgN+rqo3aN2C1y/mAAv3xW83FxqdMEhXHkt9TLjU3ShDQ5v5uEIMjcsZqRz iYZxpFsHUYvUAjy5m8mL7Zm2Ll+hxSbyQkmcNMX/N25tVVX+Jl2zKcqINJkTtgrAj4pn y+lC2W/saw4MchTuJeOVmr30qy6vxlhdUTF3149sJ5E4pEpIxg0C+46+ojhPcbAXtAkc daqsuaS+7MHZcGhikVsrp3WQr6ihuxM9DZHB6s4ReRrfslGeExCbj3xzXcPZ5m0LJg4X VMzQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=M8Di+QV8; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 2adb3069b0e04-530de435ae7si9080e87.57.2024.08.06.15.19.16; Tue, 06 Aug 2024 15:19:20 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=M8Di+QV8; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 024CC68DAB0; Wed, 7 Aug 2024 01:19:06 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 12B0F68D9D2 for ; Wed, 7 Aug 2024 01:18:56 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 525E1240003 for ; Tue, 6 Aug 2024 22:18:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722982735; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=hePN5FbddE7mTLoehr9FVC5VtD/YwB3vuP50fNY038E=; b=M8Di+QV8x5tlOIGGbp/zaAJfenB8+c/f1oPOp+lmMGDbrvFbUTfUgOzhXk3vQNl6/7Pcxw NijlSQNRA+8LzZlmYKQHctqlLKXT1JnWJgMcKg55ak8XLlhaXeLe6i0TM3kMfuB8bOD7jv 9AdNH/WZkBxsMPvF8jqdRTVAL+HlOuJPcv2vOrQ+3/E9UnMTzSujZJXbjvXH00nC+NkdmK AjCagKkjrwp/JVycOoz1Zsi8rSnz0FCTt5lZsMvYuOk34tXlawZiF/OCQXfq7oNGlzX5RV W5bUQG7X1HC1vilFBYh+eRnBjFMKSp6/TZ8hapgcrSnA95DawSa24i2rzobShQ== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 7 Aug 2024 00:18:49 +0200 Message-ID: <20240806221853.959177-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240806221853.959177-1-michael@niedermayer.cc> References: <20240806221853.959177-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 2/6] avformat/av1dec: Check bits left before get_leb128() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: syl/MQzjbyQq Fixes: use of uninitialized value Fixes: 70872/clusterfuzz-testcase-minimized-ffmpeg_dem_OBU_fuzzer-6005782487826432 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/av1dec.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavformat/av1dec.c b/libavformat/av1dec.c index 3363003b181..a5b620a0abf 100644 --- a/libavformat/av1dec.c +++ b/libavformat/av1dec.c @@ -326,6 +326,9 @@ static int read_obu_with_size(const uint8_t *buf, int buf_size, int64_t *obu_siz skip_bits(&gb, 3); // extension_header_reserved_3bits } + if (get_bits_left(&gb) < 8) + return AVERROR_INVALIDDATA; + *obu_size = get_leb128(&gb); if (*obu_size > INT_MAX) return AVERROR_INVALIDDATA; From patchwork Tue Aug 6 22:18:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50916 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:d7b2:0:b0:489:2eb3:e4c4 with SMTP id dc18csp22359vqb; Tue, 6 Aug 2024 15:19:27 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXUOFJ4fE3Z/Ba4uYXexTVL1GLDXGP4p6IjLJG3IuJeMGubuYoWDRZrdoIOk6+/ifBnC+HgKiowskscDqg0zYhdI+EMb4fR6LaooQ== X-Google-Smtp-Source: AGHT+IHodZEkOs7NeX2SnvrK5Ej6QNrymoxFOiQHDywsJDnILbinAEbfCtXPwBHAATFDYFswMxhy X-Received: by 2002:a05:6512:b8d:b0:52f:c0ee:3b5f with SMTP id 2adb3069b0e04-530bb387bccmr11665686e87.10.1722982767082; Tue, 06 Aug 2024 15:19:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722982767; cv=none; d=google.com; s=arc-20160816; b=adrg8tmrRjK4lKcydYDcwEYkjxgFWT5CQ+0PmMAmF3HvWv2sLcWrbaOD4NE+fZl1RA 4FedGsvwSLLfS3jvigkdT9Cc2i1dG7mwxah6mLB2iEsaBo0Xi6jfAUl/81TNu3AOJ1F7 zTjY3YEKWMDSklrzEi33+DOplln4Qr6tLEscyAubA6bBejAO8VfUP2ysCOczbMo3IX9H kUeVvwLTZUQpOuzAISYQdkNoJ7GPei9sOKf56Wt+qi7ICcvFgsiehHzKmAzRFcEENRaJ n6TtoM2hPDCH71eVnmc7tjZliC6rnbys57RtahO8P3hZQnLehyut2oto5ZTKl/AtFKvu GAkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=ZmfePXd8ud/VOc31T251PNEXiLX2OZxQdbjyYLOg7zc=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=H2t7wLF2FXFINhqHzb9rJ7togr1CGu0XN76ghSK/Emy6aHRG3rMus03UtvH/AUdSj9 1JFUvFxy3b7WQmTXpTlpRTDmiehJSh0RylGeVDGsqjRdHWvoplhLCG72Ejmy7D2gQrIf jftFKE/mERTYDL2gtQIPpm73ldBdOY6/erm0swiDlczSPd3Pu7Z/tDr1MHQWcch/xhzM /DR/6tvG7eoVaS6uBRv7uDXwfoFRIMS9taRZ4ofc+6+O3maG6cilEg8EA4YBclvKRf2C is2vIlf/4ZY6DCIydpRpt4pocIi5C2NELGtBZdpoaQFKnsliTgfGHv/LXCIqFrFaVlwh HqQg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=eYupvPqs; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 2adb3069b0e04-530de4bcb40si6511e87.545.2024.08.06.15.19.26; Tue, 06 Aug 2024 15:19:27 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=eYupvPqs; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id EBE3D68DAB4; Wed, 7 Aug 2024 01:19:06 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4A82B68DA18 for ; Wed, 7 Aug 2024 01:18:57 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 8844AE0002 for ; Tue, 6 Aug 2024 22:18:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722982736; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2mFgdqci4fSoSrIRovqhsl+F4OIDpea12xQanQU6J7w=; b=eYupvPqsubG1n0BqECR29ZOdYJppluSBcWd90+fc3uJ/Z0YU6JRsLKzqnvZb2CMWfpTgfB 6v20f79fpCKDyhm89o/GNTZRKuvrJLFz8RI2fNheaDiWVyInq9CIUfkIG3uyu2cjmG+d/r XiG8tE7B8ZMBLTq/PXBT6t06xgQTTUFpAdkcEEqVgbawXTSZ8f9K69dxbk69OWD8Y0d1Qz 3ULoCGo0zWOwyJmjo8JxHttV7hMewLLVaTDQ/H/joMCbPHCRI2UOPDWwaK1zrduH9Wtyd6 9cVwALunvVbaLAfDBdlpEKRQ+eKPa2OY2o6A9QAFFLC847IA70tNJM4DfPcntQ== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 7 Aug 2024 00:18:50 +0200 Message-ID: <20240806221853.959177-3-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240806221853.959177-1-michael@niedermayer.cc> References: <20240806221853.959177-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 3/6] avformat/iamfdec: Check nb_layers before dereferencing layer X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: eYZkvT5S3UKM Fixes: dereferencing pointers near NULL Fixes: 70432/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5255672845893632 Fixes: 70877/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-5348547432611840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/iamfdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/iamfdec.c b/libavformat/iamfdec.c index ce6d4aa0647..2e6608b8685 100644 --- a/libavformat/iamfdec.c +++ b/libavformat/iamfdec.c @@ -107,7 +107,7 @@ static int iamf_read_header(AVFormatContext *s) if (ret < 0) return ret; - if (!i && !j && audio_element->layers[0].substream_count == 1) + if (!i && !j && audio_element->nb_layers && audio_element->layers[0].substream_count == 1) st->disposition |= AV_DISPOSITION_DEFAULT; else st->disposition |= AV_DISPOSITION_DEPENDENT; From patchwork Tue Aug 6 22:18:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50917 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:d7b2:0:b0:489:2eb3:e4c4 with SMTP id dc18csp22431vqb; Tue, 6 Aug 2024 15:19:34 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXULOAYc1yAQ8y8zMXBRpj9ClWYn3/ysfrFA3xdGDF4xcbhj7soquZpCPcoAAKGiyViET5tRiSjUEoaodk+rTqE6gq+nJcQBhnfXQ== X-Google-Smtp-Source: AGHT+IEfvEp1ivRlGjMYpTXpo+IIIlzTrqFb5NmuIxLvj4nmNxQYaspF0FfoF1ZKwlr8/qIY5bH9 X-Received: by 2002:a17:907:7d8f:b0:a7a:83a5:4a1d with SMTP id a640c23a62f3a-a7dc50fff5dmr1157043966b.69.1722982774638; Tue, 06 Aug 2024 15:19:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722982774; cv=none; d=google.com; s=arc-20160816; b=SZyHDpiItn2ehiHmNIMAYVCyHcrmf9AiTs7DScXRY8ierCO8y+H24mVZcilj3oJhDn d175PaDm3K/nXQ6RDDIoRs4+uTJBlrvDYfRGnhMhUctMvh2Aos1SbLNiQJ791apdE7+b VP1Je/5kKZQ3Vn1xRVuxLzpwtfUnhbZRps3YMzd8FyGoEUAoRP37xq3Y3/xrqREb44+3 KwlFOO+X4MTCKUNqYeE1RuWQzbV6EUVr4yKNgbb21b1+M337QFZIEf6INq5lFQHSoP+Z 47nlumHlhAVWP3A3MGoipJOU6pCmnX0cE1BDITEqswG2tyemivN3CdXw+WOVYrMTI2cs zxvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=46BuSjP0Azs+05Y0g8XxNrKF+Q8XXIv8xczBPFgmByU=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=IslPrRMeHJsCRWEd846Z1lWolQTGnECAlob8wDCQflUoG0nSIomL+7Y6gxuQwfB0dp dJ5bs/c5TaacjSH3w7l9O5s9koZPB/TTTbfW/QrtTmczp2uHbYLXEG7eBwjBxofWAjXK MFmd+IgfueQBUebH7HVQFNEWcah3gLL7SPF5rETm46g5tx2qZLFrYsbiiPLoj03FEcfK DrRH2V0o0K/TF3N59Ofy86pAULwMVad2riHYzUDOacNPpJfIA/YrjFGWgcdQSisw4Kb8 GGyJ02wcIhUG5qMezmccjSUEPB0zzxpocH+UdDRFsPdZNvgqF7QfpDTIACThiY4A4DwQ rt2w==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=cW9XytkN; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a7dc9efce5esi614927466b.752.2024.08.06.15.19.34; Tue, 06 Aug 2024 15:19:34 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=cW9XytkN; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E6E5368DABA; Wed, 7 Aug 2024 01:19:07 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net [217.70.183.198]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2023868DA33 for ; Wed, 7 Aug 2024 01:18:58 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 7D865C0003 for ; Tue, 6 Aug 2024 22:18:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722982737; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=ReUhFi4MEAO4RwiF/nHoWgNqcs4Po6kdrcgUMBoXF7s=; b=cW9XytkNpUFLw6fp4rz9YgxZksCMIC+PeA6VBilz+JcG6rjXOpunGb1aN673a2rFOvYuRt jgSfr9Tp6apn7I4WCiaoXCnSetW8WXknXCBGEOjTn1ev5TMZnC0YK0fTivrftotJrqXPBH aDSHdVcDM69IbzcyIYkp4O3LFCswmRF9tPvPsH0KXMIv863Tpyk2VeVJIZ6up4F/ZI+j/H ZihsyE+fXVJeuuZTojbIl+Ph/Cb6w4RVjVcE8NDDeGY+A5xj1De12lRPoad5TpTBWymdsL vTu/E1rn4yKNjWKM0gQVxuVnC2ghNKEQFfJy61XqlOkXXszq9MxdM8DDB8yiUw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 7 Aug 2024 00:18:51 +0200 Message-ID: <20240806221853.959177-4-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240806221853.959177-1-michael@niedermayer.cc> References: <20240806221853.959177-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 4/6] avformat/wtvdec: clear sectors X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: bQEWYvNpnaDY The code can leave uninitialized holes in the array. Fixes: use of uninitialized values Fixes: 70883/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6698694567591936 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/wtvdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c index e153034aa19..1a6c4c33481 100644 --- a/libavformat/wtvdec.c +++ b/libavformat/wtvdec.c @@ -185,7 +185,7 @@ static AVIOContext * wtvfile_open_sector(unsigned first_sector, uint64_t length, int nb_sectors1 = read_ints(s->pb, sectors1, WTV_SECTOR_SIZE / 4); int i; - wf->sectors = av_malloc_array(nb_sectors1, 1 << WTV_SECTOR_BITS); + wf->sectors = av_calloc(nb_sectors1, 1 << WTV_SECTOR_BITS); if (!wf->sectors) { av_free(wf); return NULL; From patchwork Tue Aug 6 22:18:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50918 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:d7b2:0:b0:489:2eb3:e4c4 with SMTP id dc18csp22499vqb; Tue, 6 Aug 2024 15:19:44 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVxiO8gVozftA1s+TPCq1UkGamfumJLmxdcYPEoN/S+3VRJ0WhnXYTBdfThi1hdbydE7wJccuALAL5jvDPfekbUv9fP9guGuj6dOA== X-Google-Smtp-Source: AGHT+IHakmw7U6hpMIhxg3NLudm+FfzV5Ng2wU3aszkr8kpLh4rw4kqErLt23r1xdcr6sQ4o9AHx X-Received: by 2002:a2e:9b03:0:b0:2ef:2422:dc21 with SMTP id 38308e7fff4ca-2f15ab5cd3amr128625611fa.43.1722982784181; Tue, 06 Aug 2024 15:19:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722982784; cv=none; d=google.com; s=arc-20160816; b=rKTrrQHVB8nrvwxAsgVyArXBDJt3FUWtmg10fnYZFiuZaukyTmYjB8tqiL7spNdF8V K9AmAxcDM1U9JBm2CrNBzbP4ZluEZJCR+aThuqBTDUXEWlaASI5gUZzpv4xVah/Xe56P TYZYvThYlJiJ5mQXeC03ZyRTYodMj+1jNxov4aZNNimpxbRHF6TTpUWxwVtuQDRwgLoV 3DXTIg2ScQNkVhr9e1W0Hpj/nwQdu1oRQ5vhFuPvO2oDaC3F5O+1iy4HMqkxHFKLOVXm gX7wbAKxtr4ec/Ge5mgDX2k5JxZ9TLBTRk+zPk4/I+HeKAyOOGw1L9RiSVlLcd8rqynB dFwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=+tuOkNklAzyQ2kBL4Hh/pmmD+NKAhUw0urcYQkFueh4=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=ugMXKcVVNlOCMkE64665/Y56+aGTL+ghBV3saxy5LzRTUTgNnajoDKkIeUkYQ3iotn hkVZBwiPVnnZw7p/bUXqX7lQfVrcglGnAF+IYRH91mVaz+ILeoVmTmiVL9xx9gfN0OmD RAawe9Ajtzt849sBeEqmhZ62XUc7qnhs3qXD1Wm8axKPI+Zxnh9+nPYzuD7am9vk5NOF awzgX858Xgt+oJGFpqXIs1oNWj78W48sw83MeF1w1Dq+KkowJ7FaDdBSfxTf0g1cKD7J oHZJs45d5ge0hQmwork+1i6ONP44owrKtC1P9R1I/QXiV04NY1dXAC2xpfbAugR0hQ0m Ra1A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=EK3pNkYa; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a7dc9d6ec80si594761166b.337.2024.08.06.15.19.43; Tue, 06 Aug 2024 15:19:44 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=EK3pNkYa; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 99F6B68DABE; Wed, 7 Aug 2024 01:19:09 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 812DF68DA1F for ; Wed, 7 Aug 2024 01:18:59 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id D78D620003 for ; Tue, 6 Aug 2024 22:18:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722982739; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=n0NV0d5Yk5yYp8SZpeaV2bYQ81Kj+Zc0dFnXqYfybUU=; b=EK3pNkYat59oztrWrn2SJ/rSJTW/uiCp8Go4HHIgiNzRbSRHV1EKhiewoabSfg6yHT0JWS QxGrDqIBAyeU8+WfT0lCi4UoN12u8v8UJ1Qzrtqhq5PO+jSoGXX6Rt2Df+vMcV5JnnE+0P /8cqOKw3ggqSqL3ZUwP+84VaQeFxVxiy+eQx6gz/fL34ONg926Wt1yFsI+L0r2nkMWV3RQ kYJtkz6DuDsmuD/jFyi6Jw3x0VWpOict5DlKkvy7jre2YoGcsoz4otGkbDcJCcLygOr62T sBcNw2MwEGqihJAmH9Rzt74CgLPaKQzmRXmCAz8HaiL58l+Vkga8V8Apgd1hRw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 7 Aug 2024 00:18:52 +0200 Message-ID: <20240806221853.959177-5-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240806221853.959177-1-michael@niedermayer.cc> References: <20240806221853.959177-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 5/6] tools/target_dec_fuzzer: Use av_buffer_allocz() to avoid missing slices to have unpredictable content X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: VABMpTs8yM3o Fixes: use of uninitialized values Fixes: 70885/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_VP6F_fuzzer-4610946029387776 (and likely others) Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- tools/target_dec_fuzzer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/target_dec_fuzzer.c b/tools/target_dec_fuzzer.c index d2d7e21dac7..794b5b92cc7 100644 --- a/tools/target_dec_fuzzer.c +++ b/tools/target_dec_fuzzer.c @@ -129,7 +129,7 @@ static int fuzz_video_get_buffer(AVCodecContext *ctx, AVFrame *frame) frame->extended_data = frame->data; for (i = 0; i < 4 && size[i]; i++) { - frame->buf[i] = av_buffer_alloc(size[i]); + frame->buf[i] = av_buffer_allocz(size[i]); if (!frame->buf[i]) goto fail; frame->data[i] = frame->buf[i]->data; From patchwork Tue Aug 6 22:18:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 50919 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:d7b2:0:b0:489:2eb3:e4c4 with SMTP id dc18csp22560vqb; Tue, 6 Aug 2024 15:19:52 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVWjODGdamREnkPtKb1yvgCEkvWI84tEaItSWWy0aC4FMJbuvrckzyCH1VyNRC2/AUgitF/SrjtUA/nZ/P7lAfshNtMxrg8b6pslQ== X-Google-Smtp-Source: AGHT+IG++uWfh6QztwpozBEw35WUPX6tMIzeK5B3UFW+mNqTPrwHvwDNeF652GbBe3KvN/KaEpcB X-Received: by 2002:a17:907:3d8c:b0:a7a:b643:654b with SMTP id a640c23a62f3a-a7dc507105dmr1292094466b.50.1722982792461; Tue, 06 Aug 2024 15:19:52 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722982792; cv=none; d=google.com; s=arc-20160816; b=cfq+rTc3gVjybrhDwZjry6ceQ8lyaQa76qlvX6981MaK1OObn4qt3gov/ye9tL4esQ I2ZO7HYezHUJJYFN6pvpWZSIUmNxj9tSycIgP921hCqpomGEuf4RY19Bovsc32YMtC2Z dUHe/3X5dtQhstpruOrkw1lZ6UXSxorZZqrb3QE7Gajdl7G2IlzWktjjLBPf1ZDPoOB6 KXjwozX21eZM51oG9UpFixuaa+trHZTwEmn7JUhuxBgT7+BSuoLhdAEqZAdX1zsS12TP 4UlgadLSI46rwyuj52dpMFTU7T63j4TY0fY8n84wfej7JKh8y7OXYIDe3b5blX6aVC5T 9HJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=7ti4OFHjpl3zegjRhxJuMEgohGIVnnYHquaQVmL7S4U=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=aDDU1fyQJkCys6AdRO5RcYaxROi+UJoRErRcAWRpwgN8OKHRWvpTT2IWzkBvTmKaJo zetxr15JkAqQaA3gVgpeSKvRnDggGBQl5XklForcmtC9IpmVcQAyaKEzftxf+X1CPKB6 OQR0gvg4yCz6mPZ4/UyS61AQnBD54ls8TFj3RlnOg5mb4EHG92gW2Q0vEcM6tuedTAQz ++wVWAmjWOH6i3/tZNdYBKihAjXQGZq8rARYUk2kc6rEGrLAnEL5FuZCl6gNMfM2XeJQ MB2yOgWpQKTqbuY88g5UCNXQmR9G94d1X8jeVgLrzbJJSYRJbpFRQF6h97FyVgkd4dzP UCYg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=IBgY2auP; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a7dc9ebb810si595894866b.630.2024.08.06.15.19.52; Tue, 06 Aug 2024 15:19:52 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=IBgY2auP; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id ADD1168DAC4; Wed, 7 Aug 2024 01:19:11 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 29D9B68DAA9 for ; Wed, 7 Aug 2024 01:19:00 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 89D9F1BF203 for ; Tue, 6 Aug 2024 22:18:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1722982739; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XicLMO/gHxgBJh5rA7T9989MylxD3ALhORBq2thG56Y=; b=IBgY2auPVSSmE0qjF4VFwUIW7WxpB8Ihl4AuJB5TYDODqUZegtAsn4yPc80YRCQEQGxkni DYHgKXz6X6oHCYIBtPbm1136jgEpa9cxAUPXZ2OkREJZYiotAvgs4bz9srZ8r5txvb7Rnp LRrgXgVTuo5laEXcP1lUNQpD0TzCmtO8S8aaRHg9iD+Ne7qXWXtEN98a6vGoMThccxy3DF FTZ1+zhMnYaggkSASNJg2TgnwbqG5Mq2Ar+XB3+wel/QPE0fgyc+M2feVBDIfITHGst/mE hjKaPqhGZzuwyUOaCFfh2DhfTMZ1KUpef+Z1/e75drDJAzxQdlgSWmu+TUT3rw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Wed, 7 Aug 2024 00:18:53 +0200 Message-ID: <20240806221853.959177-6-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20240806221853.959177-1-michael@niedermayer.cc> References: <20240806221853.959177-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 6/6] avformat/wtvdec: Check length of read mpeg2_descriptor X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: b1kJU6sLaTxj Fixes: Use of uninitialized value Fixes: 70900/clusterfuzz-testcase-minimized-ffmpeg_dem_WTV_fuzzer-6286909377150976 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/wtvdec.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/libavformat/wtvdec.c b/libavformat/wtvdec.c index 1a6c4c33481..730c7fca783 100644 --- a/libavformat/wtvdec.c +++ b/libavformat/wtvdec.c @@ -846,7 +846,8 @@ static int parse_chunks(AVFormatContext *s, int mode, int64_t seekts, int *len_p } buf_size = FFMIN(len - consumed, sizeof(buf)); - avio_read(pb, buf, buf_size); + if (avio_read(pb, buf, buf_size) != buf_size) + return AVERROR_INVALIDDATA; consumed += buf_size; ff_parse_mpeg2_descriptor(s, st, 0, &pbuf, buf + buf_size, NULL, 0, 0, NULL); }