From patchwork Thu Feb 11 23:00:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paul B Mahol X-Patchwork-Id: 25593 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id E9673449159 for ; Fri, 12 Feb 2021 01:00:33 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CAD5F68A9BE; Fri, 12 Feb 2021 01:00:33 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ed1-f47.google.com (mail-ed1-f47.google.com [209.85.208.47]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8040F68A89C for ; Fri, 12 Feb 2021 01:00:27 +0200 (EET) Received: by mail-ed1-f47.google.com with SMTP id q2so8689667eds.11 for ; Thu, 11 Feb 2021 15:00:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id; bh=jV39XaTthKSLP+zdYtJx447VnuMJ19OmLfPC0YuBHaM=; b=YtV9FH4jORP3ig9UCLpex2GTb5Z6wjragH8tdfcWJkRR6pjmKkvOsl2ygeK2Wa9pPM pm4VF8hVCDLNNtz4OznHYxsMvtSkXuOKbb3v9miCJCVVezh6h6INQpjPUk3v0VHuf2AN rXbjFjD+3V6ag1RmARU1HgG4rCd3HJu7UImRZJijkRaOXIdBWgESMk9PF9XznbYw+uxF 44OJLSJR9/yTpNJODyurnaVQ+1e2KQ6+izpjG4ZqAbmjabV9UnpG4P4nnr8ZVHHpqdd3 ZxpA/US+tuJwXJpJVaqRRo2vxqubP5I0Wx/13lgTMYTM6o9GVPIFNT24kXXIs4HQlaQA zMaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id; bh=jV39XaTthKSLP+zdYtJx447VnuMJ19OmLfPC0YuBHaM=; b=Yk0+165/TTfk8E/x8E3kUVMg9Rvw77oA2umvVwMTH1lOs7voBp7MxVsQoicEANzgfo LWm+OgJLio46j0cqkQME1xr+53qXT5rL76gOI3eRy78Wybq9p6i0D56WaRzQtBUX2Oak oetk4dfy3p430FBqkRzeImQbyfXq2XTR/DQAZXnTtt+u5Ffb3ZC3p2n0RP7R32MSJZ0I CRMfhXFoIZsB1dparYnBHdHnT0VOHsiwHVRzOmm712Z8tjZtwq+OM2YGDC5wcFTfhJrB qUVWcPmkC8hawkOqp7qsXf9lWmm0Gb/j5Q0XqYUmOmjF1KGqf3/QHvekE+ZWFP5pTqxU wj/g== X-Gm-Message-State: AOAM532lDvk5cX4G1t9fVIfJiEq4op6Fr/H7j9+1seJ4GPQor4yUYBCB cxLt+shmHnlGoWju5GJktOhqpJ1n6gssgA== X-Google-Smtp-Source: ABdhPJymN1C4iMTS5PoF5czyl+ebgJYBSb8dPPuiRFzwyARMutjp6elVOft6Mk60cyeyuoiThZoxsA== X-Received: by 2002:a50:aade:: with SMTP id r30mr413864edc.15.1613084426965; Thu, 11 Feb 2021 15:00:26 -0800 (PST) Received: from localhost.localdomain ([212.15.167.195]) by smtp.gmail.com with ESMTPSA id y13sm4846372eds.25.2021.02.11.15.00.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 11 Feb 2021 15:00:26 -0800 (PST) From: Paul B Mahol To: ffmpeg-devel@ffmpeg.org Date: Fri, 12 Feb 2021 00:00:17 +0100 Message-Id: <20210211230017.17360-1-onemda@gmail.com> X-Mailer: git-send-email 2.17.1 Subject: [FFmpeg-devel] [PATCH] avcodec/dpx: check for possible buffer overreads X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Paul B Mahol --- libavcodec/dpx.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/libavcodec/dpx.c b/libavcodec/dpx.c index 5372e3d586..68a2762017 100644 --- a/libavcodec/dpx.c +++ b/libavcodec/dpx.c @@ -606,6 +606,9 @@ static int decode_frame(AVCodecContext *avctx, ff_set_sar(avctx, avctx->sample_aspect_ratio); + if (buf_size - offset < (((uint64_t)elements * avctx->width * avctx->height * bits_per_color) >> 3)) + return AVERROR_INVALIDDATA; + if ((ret = ff_get_buffer(avctx, p, 0)) < 0) return ret;