From patchwork Thu Apr 22 22:07:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: James Almer X-Patchwork-Id: 27213 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:5014:0:0:0:0:0 with SMTP id e20csp967146iob; Thu, 22 Apr 2021 15:09:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz8RF3LN33Oj7zIfYUAKBUqJsaaJ/lVg57iYKOmp8iIk5PXsISEIgBIIbIMYXs81jpfqcXN X-Received: by 2002:a05:6402:31b3:: with SMTP id dj19mr735036edb.180.1619129364464; Thu, 22 Apr 2021 15:09:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1619129364; cv=none; d=google.com; s=arc-20160816; b=kvkag8woSqA7RNAS30SdP1J2prW6gIFJNtThryFgBOn/ye4sgyeGeZ7pt9NRbUZP1R iBPY3JBKfTgVXCb0rqexjY94xUvz1H53JleaU+axRaUYDBR+DddvG1bVpAfLwMADEYEB m7KYAWhLlUhXf4r7IJYKpVZeko1LOcBqlB92bVRDUiIhD4XT5Psc89xLWqhzKvbairYP Q4ynG1UbrvjTYAnQy7WdkZmDK50wBtKbd/gQ9svzG7W8HrX6yIFvlIbD7HDxv2pL/kxd p7QkWjWZmdkagcxhBOyUm3o8tTJAjSIg3+DaVpNgAg8g8ek7Xdc3DmK7qwMYPI6gTqou 5lvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=EA6cLHPMX3Hy4qLQnJBzrBMcyNVYrThHUWT7vU42Be0=; b=Y3AxHD6GQiNCf9Bq7j690kYYk7WSavZ5LNgInSmiVNNpNfN57fIY0IIQFrrL0nAnaU ECGBRnuiI8p46dsi3XTMDSxt/ob0Efg80mZf2qn+YbE3b1dzF5aw0/MnMJSvpp66Un+B wV9MU1ZLOZsBaqqiTJ7SsfdPW1xCE1jSgcuXOOTc5cnZipjFXMpeoPVp3put9BtspvXc P/7aSBom78P8geGHxYYJpjqv+DIEKX/5x6zxGynASSFWTacin5Rn6SEIFwM7sFKWQF61 PC6HlDcs18suZn4pEvhBheS1m56ZGg83GDMJASVnjJ5Ui/+ffCnLP9RrY/MqrYy41Ool J8ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=rPseWAeU; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id dn3si3957455ejc.68.2021.04.22.15.09.23; Thu, 22 Apr 2021 15:09:24 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=rPseWAeU; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A2177689BBC; Fri, 23 Apr 2021 01:09:19 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qk1-f171.google.com (mail-qk1-f171.google.com [209.85.222.171]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4AD576800FB for ; Fri, 23 Apr 2021 01:09:13 +0300 (EEST) Received: by mail-qk1-f171.google.com with SMTP id x11so47893465qkp.11 for ; Thu, 22 Apr 2021 15:09:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=6Qdtoc+Xye1iKsSTLOfUy469Vt6PiBvnQ7NN+2+EGww=; b=rPseWAeUcnUVUg83psX9xXi86r7r6ElbjPnUxRpEPqQIkXFDdHJHD60itPaX+arAww VdZDTZkXtOkzGDBln3RCPpERtcL9KcKVrH2CroslZlo37dR/VTOu7ZumuKCFnS2KMfPb +rGo8YSuFJ4qeWsQJLu0ipxCqnfTtdIWOVMZJEShtQuxpetKtLRiHr5Tmd3lCb1tpSB2 ex00AZUpTYnLYrRbdRrGv645Jx4T0prtC8S+j4s5B+GYK4ZE1QD8tZSJafwSbH4DI8NI 6JoTsknEPOQfKhRu5GnW3sxmXKuQEEOl6VrgVIQIT0Uxtl+jbp8mFXbHraRwIEd6S9Ag wKvg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:mime-version :content-transfer-encoding; bh=6Qdtoc+Xye1iKsSTLOfUy469Vt6PiBvnQ7NN+2+EGww=; b=k7zW3XVKpAJyA02irLzCZLAZhuXaatBJ1awcAdAgiyEUcwYdOwYMuX9SK8nSg7ocsa HyP9SrHYLe8CqWnfFKOHvjgitU3DZm2/UfTUtNavRCJyZS8n2c4glvK1tE9yzJic6A1W Ps+khOPOShlX8ra7nr1B7D4xFvAxnzAdDPhi1hGSjIkkWsoYyIL5SpZfy20SHFnU+yJx 54IGgsxYG7udFO4IhAtd9+JsT+nXvG6xLi4nQEI6Uu3zQIdSBQTOmrMobo0gVk/4v6mv TeZhpvw4RflJHQPOFd3RuZ3chehTaTMNR8WJj+BFdxjnQ9/XA9B9FYCpqbLL42GitLXS B8pg== X-Gm-Message-State: AOAM530MmVFP2tWowrpkE4JGm4twcF4vZPsLX0XbmGR9gV6EiMqn8/+/ cfeLB+jRd+K4M0rurWcNXhyzODqEDmg= X-Received: by 2002:a05:620a:1592:: with SMTP id d18mr925298qkk.329.1619129350751; Thu, 22 Apr 2021 15:09:10 -0700 (PDT) Received: from localhost.localdomain ([191.83.218.38]) by smtp.gmail.com with ESMTPSA id x85sm3237136qkb.44.2021.04.22.15.09.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Apr 2021 15:09:10 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Thu, 22 Apr 2021 19:07:52 -0300 Message-Id: <20210422220752.41938-1-jamrial@gmail.com> X-Mailer: git-send-email 2.31.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avcodec/av1_metadata: don't store the inserted TD OBU in stack X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: pZfoWg+B04WB Fixes: stack-use-after-return Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-5931515701755904 Fixes: clusterfuzz-testcase-minimized-ffmpeg_BSF_AV1_METADATA_fuzzer-6105676541722624 Signed-off-by: James Almer --- libavcodec/av1_metadata_bsf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavcodec/av1_metadata_bsf.c b/libavcodec/av1_metadata_bsf.c index 328db5c0da..b1ae364431 100644 --- a/libavcodec/av1_metadata_bsf.c +++ b/libavcodec/av1_metadata_bsf.c @@ -28,6 +28,7 @@ typedef struct AV1MetadataContext { CBSBSFContext common; int td; + AV1RawOBU td_obu; int color_primaries; int transfer_characteristics; @@ -107,7 +108,7 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, CodedBitstreamFragment *frag) { AV1MetadataContext *ctx = bsf->priv_data; - AV1RawOBU td, *obu; + AV1RawOBU *obu; int err, i; for (i = 0; i < frag->nb_units; i++) { @@ -124,12 +125,12 @@ static int av1_metadata_update_fragment(AVBSFContext *bsf, AVPacket *pkt, if (ctx->td == BSF_ELEMENT_REMOVE) ff_cbs_delete_unit(frag, 0); } else if (pkt && ctx->td == BSF_ELEMENT_INSERT) { - td = (AV1RawOBU) { + ctx->td_obu = (AV1RawOBU) { .header.obu_type = AV1_OBU_TEMPORAL_DELIMITER, }; err = ff_cbs_insert_unit_content(frag, 0, AV1_OBU_TEMPORAL_DELIMITER, - &td, NULL); + &ctx->td_obu, NULL); if (err < 0) { av_log(bsf, AV_LOG_ERROR, "Failed to insert Temporal Delimiter.\n"); return err;