From patchwork Tue Mar 22 23:07:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 34911 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:ab0:5fda:0:0:0:0:0 with SMTP id g26csp763764uaj; Tue, 22 Mar 2022 16:07:33 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxl0iNZTV9spW6GCVy7LNu+JCBmxm2uh5t9ptaWRD99KONocbjuXc9iS4zDgTawYtWGedkz X-Received: by 2002:a17:907:7287:b0:6df:8f48:3f76 with SMTP id dt7-20020a170907728700b006df8f483f76mr27211883ejc.411.1647990453145; Tue, 22 Mar 2022 16:07:33 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t1-20020a50c241000000b004193683ff98si6879341edf.204.2022.03.22.16.07.32; Tue, 22 Mar 2022 16:07:33 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=jTG+lkdH; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3C8C168AA6A; Wed, 23 Mar 2022 01:07:28 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2040.outbound.protection.outlook.com [40.92.91.40]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9955568AFE2 for ; Wed, 23 Mar 2022 01:07:21 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JtrAc0DRLPxmOvwiOWhLz8bQj0bfrK5J4Vrevr7t1FMTNNBPUfIe7rKYcsdITz7Ub8Yk11X3t6ftdN352tDDRKyqbCqFlM3IcB9bVrcSWGvGAxCiGYoAatkx+pc/PMqvK0AMrK5sMHvXt2tvL8cNccpsWVo5JBeWIe0ioxDubEYi/6g6HwhG7I5nrHiD4WQcfLQZbpudSrgujrSSubCnpTW7a6wr3mv4m0eplKufc16eu5bjjhvbuw8YMDPauxEscf8Qse9cReNGABgln1MRyR3i4GGRlC7T3n24OizJBl/PVUutxuYKf++hSMlv4TRNOj8d3NbhLkdLGqW2fizF9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=yNzH4+ZSCMqPqATYas0Hr+XenwoHrzy8WhmOYW8FbG4=; b=jpplvyT4NkCdVIDKW6uEKYwSMnzT/+d0MoiKL56csPaOtiVWj4T0rhZtztjIKVBrMHhixQ+jGBz1g541qDbwJE94KIXnwCv7R3vTSqvj5BOn3xM+dNEuGZ0OKh2RcjR++QGn2UVfo5x20R4ydMgpy1IdXSWyRw28Kqwy9mpW/SkzCxAzPrW7YivLsrBD8qCml8bNKMRP6moZHvFkGX4KCwHXGMfP7picY+JtG7NNbaq5PSP7O/lVUc7AYqP8ByUeSr9V9x5vQlPRojcx7LdoGAii6QOu+GrOggdBbL+dfB7Pb1vhqeWCFCpclZ9DkMZsvRqjVQh7Hpyjt0vJmwPfZQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=yNzH4+ZSCMqPqATYas0Hr+XenwoHrzy8WhmOYW8FbG4=; b=jTG+lkdHAvNLpUwCKNht+Ctiqe2TZfUapvZ8AViv8aHYtBsTbfpXvOeFTXK5GU7qF4VwV/G1bK3xzHbqEm06ul8/64994TJuMAhSdAPj9KpWd3NiZN8QqFD5R2B0tCRb/3WlyDG7q9G3HSfmEjAaL6CckuFbJSk0AGZjNlm/fjmc4wzFPPLxybMtjNmzXj5V63HjIFnCrrg80S5CSlYPTgc86RSPoaqTac6itcCMkvPymd9JHd6C7QaaUNnn9SD/GydaEY8J9mdhiapVFkL1BjErWT/h7YaqTi9P+ySXSRdAW2k1Jg5WCZ1DsxIN5XZUEzAOuc5VpS1BhhnDw8mvNQ== Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) by AM0PR01MB4468.eurprd01.prod.exchangelabs.com (2603:10a6:208:f4::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Tue, 22 Mar 2022 23:07:19 +0000 Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8]) by AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8%3]) with mapi id 15.20.5081.022; Tue, 22 Mar 2022 23:07:19 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 23 Mar 2022 00:07:09 +0100 Message-ID: X-Mailer: git-send-email 2.32.0 X-TMN: [Z2K3qfv66jR/0ZdBAJaOLjBjkJCWoBsI] X-ClientProxiedBy: AM5PR04CA0002.eurprd04.prod.outlook.com (2603:10a6:206:1::15) To AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) X-Microsoft-Original-Message-ID: <20220322230712.466646-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 9e9a2faf-6c13-4c97-5348-08da0c58b6ea X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiTYoa8NShfDu+flR/LTYW/bSsb/t2e9LbHSg2ZVnIthDpj650m+bG5wDd4gqMepsQPNfPeCPpoKiKbVaFgKsbu5HwnvyQtJ4p3MmxeyOAwW4Tfahq82xO19+6cbdS6rtMCtOwvDubQazfZUQbj/XFl1Qh//v/IeS1fbucLVge25nXjpCPBsGZKVf8mJRJHihnfnEo2a603eutg01eMUkX94z64R2udEfc6a7MZKS1iwuvqCh5659aYij2G88I8wDKTQzKi7Ydi/sjPy5FWedqa2o/9bMalCTh0CVMxQKvupDFGZxVfWMpm/ok9eRCQUGkpRq4uRWEeBq6Bl9rtg4zbhkvodouHcKTfcYgSNx0TxRYsLRgNRNDFvqylcoHnPFz2jcdO7nMTXWzV3U1tMvjsp4029Biaz8giJLqQSqJlDAQHGWBHPhs9aDvioTnUnMrlLcXF8V2qHI6sd5tc5oKkNC2r51385/pVrhTxt3CU1dg1JHVyjreQSguD4n6a2U8xRc4udhV3ZfpzwEMBZgW2HiWryLlcFGrwCAeu/Hq3cJaYAb3YI9H/C2QhHy9vndPnj8xw00Pfv1V9DYqs8szupu4i0k8ueMj9JwjUC60iIabbYcIzXPZSxArJpsdY/rkjRPZaS6n9k2Z98zvasKndYLOmvgfrEFinv+uYM+W8VPb1smm25gBNiXrmxwgBDgK/sNzOXpkRXohOXIwzZghQNWPvspzqAu5Tw1gwWKOj+uqtRyp+Hpwsbj1kiw26E+iM= X-MS-TrafficTypeDiagnostic: AM0PR01MB4468:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cq6u7rR+zjuBPFKdZr5T0jkkPtGOJISnQg8uxKXC4JDcLPmwiScKFJFqbXgTmNvRqvi53KvXLls0OV+U1nNK+obGQ0O0vbjxv3DgzuIECGCyrwOqplw6galNL/SE+bj5XwbOsyWs2pOuL9H0ek1dMsjbUp81KzRb3G5UCUri3lLlmFIuJeDQa4ZChncNcKq9iirM/ODapbouQDPmMAXFLs7J/YVeEEfYeyHmOY8l9bojhG4TSnh1asD4R73xm2h/gphnYu5tCES8Kq+YMbjXViJLbcH+7xyID+eSwsOYIM69XcEfemuKFLwKNAsHCeL0oV8DZXGM3dThnTieFZ7TfFlILZy1P6rJIQJH7l2INHLp650DOdnb0DwA9z+eg+CthXw8dH4/jxScmBYPWaLjJIufDnCmLG40wIyPL+SVFOP9d977wXqZKznrdGhLX6rezwHyudNJwyL76kkCJD2wz4c+ffT2KJTEdjI5cxdgQVXWdGkKHDAOmt0dkn09v1zAL4Fmj2MYsM4zU1TRZ+gywPTBX8/9VqEjdl53wdJ4PZyYXdkZhnVL0xdFue+GRmFskr73J0CEB4bT+1gdpJThrQ== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 9cyNAtVFQsrPCopCmeuyCb5/UUDF5wx+Hi1njN/QpXaY/HbgcoJ7Vqs4lI5wr4eJj4jjTPqyeOMXCJCGQUL1UxnNLGOxdmMErCEAOGWOlJFZTf3ywG33thII1tB+aOkr/9KduXpqs7WDlH+i3p+e1jUuIjZp6RiySrIUQ/BRVM1e1STuFsbnm/494JlwQmCtE5lRw84y0HtWMjWsT1Zx11XjXypVmn7eGOPMk3MEIAQP375fmvhGMq4mxdzXRtPC4ttzE3+dl/gb4JgqGuYdQcn9IbPxVwW6m4DlSyDQMR5nqj0gZPUjBLeZattW5KRt17NHx6yPPBoCY5ZNcStNKQnPq6rHI4lbHrNB4uichQW2sGwwD2OMO3jIUa1mt79tJ1hi9e/jVtzREjlde1Fhx9D3S9ldxp3JRSwX5UTXVSgt1SW53KrPHO2CpRTe7vDTkfIGiDoHqokwpCmbH+AgPNiY43doUjDEO3Cxr7puykAYtQ4v65mmCcJz88N+iqa148ToGkg/+cE0nMOqpeD20sVXjKeEwfvSy2r3Lj800pOsZ5mGn6sTZIY9LS1XuPqnvLyoUdTPNqNVfTq0fTOwO7b193Ib1vKIn6ppUN7Dkdwt7iEMEkSiCGWHQwEUZw02GFgjLcttyEvkHW+3gNzVMSo/2Kd1va1U4wOe1Q8Z4m55gn3qwH8VOHKT20CBis8v/39YpXdJO8v2WGnUfgtqWYdAua9kgwkYHExBILZiwNecdWaTjuwy71gmzkV/FH3xRbKGGMV8o4o5/LQ3nuVCCty4OTciRsUylji3mOJNwhMTd9dd7SznGHa69sUTzpgHSUIFZclHWYxkhntCdVLDNlkvLwFepKtHz8sPV1bYb0LJm1fWUf83e2lNfHar31XHqWYVef/bAbh/i8ZMszCqIGAVMBE2ayVabw+RgXVhG/q1mldy8n0rBAdldn8xppwRA/kLl+eHglbkWiQMPBVhnu/YOXnUjC8fYNq0jcyCZu7ge6WUv4hNgiVohrydjACrxa1VHzfyzMZ5JZvj9L0jPnshBY87xVDwdC652omtKKk+wLKj5LbHT1lGsqbjTM6PiWhvLpbvujfLX1iw+0aW3lVmsFvGR5dEsPkeBBmPpTVNVAzT9oJrNA6SC8bixOGlo6R3c0HwUj0pRDrWcXKDuMFVF7oUiKEORVBLQrOvydo= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9e9a2faf-6c13-4c97-5348-08da0c58b6ea X-MS-Exchange-CrossTenant-AuthSource: AS1PR01MB9564.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2022 23:07:19.6064 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR01MB4468 Subject: [FFmpeg-devel] [PATCH 1/4] avcodec/vp9_raw_reorder_bsf: Check for existence of data before reading it X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: rliiwky7GQMv Signed-off-by: Andreas Rheinhardt --- @michaelni: Please tell me the exact fuzzer issue id. libavcodec/vp9_raw_reorder_bsf.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavcodec/vp9_raw_reorder_bsf.c b/libavcodec/vp9_raw_reorder_bsf.c index 6562399159..1608360fe1 100644 --- a/libavcodec/vp9_raw_reorder_bsf.c +++ b/libavcodec/vp9_raw_reorder_bsf.c @@ -292,6 +292,11 @@ static int vp9_raw_reorder_filter(AVBSFContext *bsf, AVPacket *out) return err; } + if (!in->size) { + av_packet_free(&in); + return AVERROR_INVALIDDATA; + } + if ((in->data[in->size - 1] & 0xe0) == 0xc0) { av_log(bsf, AV_LOG_ERROR, "Input in superframes is not " "supported.\n"); From patchwork Tue Mar 22 23:09:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 34912 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:ab0:5fda:0:0:0:0:0 with SMTP id g26csp764147uaj; Tue, 22 Mar 2022 16:09:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzbCdiZfVh1+cGv+R4ZyhkuabpAk8e4IdDpRXMoY+jv3OZei3zcstCX+0aQAhLJ7i+YnxRW X-Received: by 2002:a17:906:5d04:b0:6db:7262:570e with SMTP id g4-20020a1709065d0400b006db7262570emr28896598ejt.8.1647990571318; Tue, 22 Mar 2022 16:09:31 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id c15-20020a50f60f000000b00418c2b5bec1si14745762edn.419.2022.03.22.16.09.30; Tue, 22 Mar 2022 16:09:31 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=OsiRp+WG; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7AA5F68B124; Wed, 23 Mar 2022 01:09:28 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-oln040092066052.outbound.protection.outlook.com [40.92.66.52]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E3E8368A920 for ; Wed, 23 Mar 2022 01:09:21 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MQSzT7pQDeXD1IO76itrPjQ/MdHJZGzuhbHZp+3HAW70dAqh/o963q3H8cA2IvHRtYeG7YXKDuXEASpOxLc7L/KjS+w1kvlJEYatqCqlvlxr2kobv64mSBRcsNGyBKX+DMVoNY+E2CPOSOWssWqLOK7cAt/AKVO5gx8Ay5VBxXRBECnpoUZP5v6krznI2i/p1ySeOsiG9PLjl4Up/CkgPQzQl59jsuv0eyAzCojflv/Ouy9Y10CDzRwomxdvvpVufxA5vqTV8wUSF/AEWLMNx+SMU8irjmp/LQ+ygPCgfhsAHeVczWg/6Am9I1vDTOdNmXOKns3qdrT3VJ8GI1UNpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=AcQM8IX1u13M1qwfGEKcOXm98t9Y+/hZz6anzXYB68o=; b=OhbOzxasHn10X+VFUe9uLCwrCCbKf7UwSQ53k3pgPWlTN+unyuAjUWcOsjHOK7D9CaLBuwiu9Ho+ZdHcnBwBGuFfptNLeYyE8HJyGokpEIKQNeqpd/A4B8BQMJ5/7e1KrBxIiEi7gBQGRJKRLXrvmxKaMfAVG7R++3N3Cj8vCGSRFmrjsTGdyqtFP5jVwf9lsIwG5r1AmrHy/ueoQr3KdkZSCZWBv+HxUbZIncT5smotuGBj4vub2EphaF4MnJ59WpAuHQ1e4/A/NqKy84OZSiWZSHuHcRa9oDdLLjUPJ/er+UzWz2z4xtNiHWfB8F2unNKEKNAZmrvaicbZJWjz5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AcQM8IX1u13M1qwfGEKcOXm98t9Y+/hZz6anzXYB68o=; b=OsiRp+WGCJnYGoWEwNMqSWv6hze+vahQlr/dmUvmoU1lCdPaUKW1cNvuWDPzItb08ASs9dHEUl02ry8FFr8ExzKxCYNCVXjnickqjIle77ILkuvsS3U+ZXTKirwpOkJjnQbDBTyzSy1vS52eAYRmOFDRSu+dkGYQXWh+yKBxRIKTteCfVCVSuceZF9BRrBybcc1/9Eijmszd0Zs8JTsJ0w7CB/BETnjqQxZyp7s5WkaS9NO13zmuzJMQbc1wzy3AjK3706RJEnXNnxfVkDK0h90CyG05Evr+Ia++a1Dv2OWK3pf8MXPFKZWSrhAS+GWc5gLRtO7klLWWWRdPc2+qOw== Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) by AM0PR01MB4468.eurprd01.prod.exchangelabs.com (2603:10a6:208:f4::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Tue, 22 Mar 2022 23:09:19 +0000 Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8]) by AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8%3]) with mapi id 15.20.5081.022; Tue, 22 Mar 2022 23:09:19 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 23 Mar 2022 00:09:10 +0100 Message-ID: X-Mailer: git-send-email 2.32.0 In-Reply-To: References: X-TMN: [0tYDmGsV6EPCl+tHzql8RQpayBbFtlKB] X-ClientProxiedBy: AM6P195CA0066.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:87::43) To AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) X-Microsoft-Original-Message-ID: <20220322230912.466724-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: ea076801-b92d-4ec0-a9a5-08da0c58fe94 X-MS-Exchange-SLBlob-MailProps: +LiGfBxqLEuR8JRu/bs3HX1KZ0ZBmgn5tXvuUuldVISQuswswiQO15LZU3BpWd1ENQTqolBc2oI1jov6bcK2/CWA2hWcx8HMpN2H/GB8ndHZZWXcbT+aAWUk7JqcF8eLAtR8CbVTpfo873EHxnntQoLwICRDWToiepVs6TvCbWqIab/TmMeDWI3yv0CyrEaRrjnloYEJFBZlCFAPP7un+oO6Xy9qYSbU46S7xwB8DpRzceSicJLt+mLN6wMsjYdKOKaK4WlrBE/bwYsdRBRp3iCoC4TdUFeySkrD4v73emELFLCmVI/Yjaz2ybimo1fj04aVna9A9f/NAl9GQx0waUOFEnXuk9L6cQrv5AqMrFz6eKz43OHXiRkINCNMZEYhgvk7LKOx5S82uLuXqCjL8ObXhHhP1htDJhWMlrYWJeGQLBmFtcc0XfNwPimzK6BJ0C/q5k9wi6r92KKXJupxS6E5V+ziLFvpl2Uc0HeTKdmxI24GDfiSBprAvPY7GSgqORdEnxBgOzhXaPVApEzA4cyJm6576o1aUla7deEGgAkOabcRGNxgDjjSqj8HyiRq2lgJfbYNsGjoP5L71NTcFah8tkLTc1JdGQlvQM3WylwshMJbzHeUP+97bhGu/l7+FW/qaPWZ8JiChvsnIsMqr1XLjqvy+SL5chDvSh7sJ1p97W8B13iUZ14VGRHCx9mnXvkXAYQIJKku01bZ/y7IkeKuiJgkGFOcO9UR7/L0i4FoHF1Rae271AiTohdffQG3UyCVf7+QO7gc7g3SXrQHs4857B3ep2AC X-MS-TrafficTypeDiagnostic: AM0PR01MB4468:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dMRe60k3v5uUURyeK7Elf7Aj39jn7QZZgSwdlfERf2C9os4zK3j6VTH6LSa/27rYB44Q8EKInM8H3A5HuzAfUn0FJka/4OgU1pJ2km+uUSY0WFe4fmDJKbYZVQne+Ic2tY7LmzZPF4z8Vc6UgZjraTYdimA/Je+3xp5JhsEnekSbX8APFkGHg9ZNzFzcATM4BUEXMHtWllbS3knSTOp/VvPqWHd+Fo2GHLh7ChWWBjp9xvpI1mSzw4+K1Fn357IZaDXTVj7P5A3nGP8Rj3v3DD8T9ozU3XbHoy6SEkrGlYzFdt/76Lrwzv45rzm+uEZYs000lLv99F86cK3KfIHC09QaB1e7SDGT9sUVgP1wlvWrAQCpYhe7UpZcjgfzBIkvzr4dYoDKwUmASO2p6+8g0pJuiEoWVMCV/ptrG2KjqsyVEkWI7H9+Yp55nUiYoUszhMI7xfZ6gRCUbukUzLNNhTp4XFa9vXmo4xXpKh81cK2lQIidmYp10ATITpMCOPM9szEd+7pCmxlL0JQMAd3Ifq/ZKDB3gvy2Md+B+j0s6ujHucB3iTDrP6uHR3z6xb2L+A/CNvcjmyd2O7Li1Sc8wlQobaj4X6WVl+8d0vNmP0v5cZ8Xz88CUYlyBZyE1rjt X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: jFFM7jpl1Bp7CUDEGpp6U9HOyOxyY21iSWBZ0EQ4V397o6RE6w9ZyS+fcjHZPrQNNMgi83n2hZaC6ai/mR9XJN4ZPgXtd7gh8HB2cD/fIKHY3xe3dElGHM6P1VqhQ8S879wZuxNB5mpL6dgu3OJGQSz59cBNRvKtTTGl8s/7x2z8JpRqnnyEMQvhVEaaIR27h+6lLYsNMIAs/ilR+udYv7clHv6I7X5ruuOC/dyZoMnzRL/aJuSALENMc2BDQ7jJ+0Wdb2SCVZPLC9CVA7OzC/SuexAudw2n3U+7BITU5i0JOhEG1ajaldZQ03fnnO2ZdMXRSWt/v8VfcPxP2E7epgBmRpepracwDDGzU6pRfoEAFH2BPAv3WbkPRr12aYboDrR3lTuibQ2WgQAWR6code6T2Edx5aWj7UjMDf8N9UgUnKudRVjJjO53FrUDWm6nZeOfu4+MfeZogC+Txv87ljrZeio+IW2x7M/MeYAjUShxxQ3XtuLdpdetz5u3cfv4mq2v2iXTx7YohmFVvzUd4vX6qkA+s3DkG6PgsHAadxfyPl6w+YSCTgz0e7YH9mIdIwnfwkky2Iwy7HXScWCOguupbpG3bEBWmV2CkuM/kIojq4Wk0BdFS/dt5eBBCWKaNPr3LfHfrulzcHJ4+e/thAK4ziQjtBO3IKreuZLrGEWm9HdFwvdEyySPm6afw39VbP4VZlz0FqN9Sdgnhn443xRbnpkqKMBOg1UokHBV2D9cAuuphzteNxP7RF3HtVeNru/Rag04YfbbiuMjgR7O4ACrLA+9EA3gBcD/5LsgGdx774ybLbS9QWVZhQ8s2w+3YIsvGaWJjUufLlFove9eFE7UtdwO5UWcXxjPF5Z5Txo3BIraUnrQNMbNA1l/VsboLswY4GFmtx8MHmW7+Cmq7erLjU/mDd8baHF7xSOXK4u2vkRP2AqQEUxLYPWfPj5MPdlVlPf4pf1vekuVM8HKDOCSYkZq7us8WBy+AFUQLdLfUh+6eKv8Mk1oeFPnjfYhogczPZscYxwTBHQSmc0nh2m1X6pSLDm0BhrA+Y3LPClO6iYbdFsPH/1ViSGQcAru1egmtSj4AwOPwl4wt3FpEdUN5f3zAU+cmEvoryKkbH09sjJVuS7FRZbkCWNQW2mKpY5Sv52hJMc6gdQK2iCQgQ38nZbvjRDwj1DmzpRI6iU= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ea076801-b92d-4ec0-a9a5-08da0c58fe94 X-MS-Exchange-CrossTenant-AuthSource: AS1PR01MB9564.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2022 23:09:19.8063 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR01MB4468 Subject: [FFmpeg-devel] [PATCH 2/4] avcodec/vp9_superframe_bsf: Check for existence of data before reading it X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: +3pX5KERbN3O Packets without data need to be handled specially in order to avoid undefined reads. Pass these packets through unchanged in case there are no cached packets* and error out in case there are cached packets: Returning the packet would mess with the order of the packets; if one returned the zero-sized packet before the superframe that will be created from the packets in the cache, the zero-sized packet would overtake the packets in the cache; if one returned the packet later, the packets that complete the superframe will overtake the zero-sized packet. *: This case e.g. encompasses the scenario of updated extradata side-data at the end. Fixes: Out of array read Fixes: 45722/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_SUPERFRAME_fuzzer-5173378975137792 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Andreas Rheinhardt --- The current way of passthrough has been suggested by James. libavcodec/vp9_superframe_bsf.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/libavcodec/vp9_superframe_bsf.c b/libavcodec/vp9_superframe_bsf.c index 57681e29e4..df9b97fa3c 100644 --- a/libavcodec/vp9_superframe_bsf.c +++ b/libavcodec/vp9_superframe_bsf.c @@ -108,6 +108,15 @@ static int vp9_superframe_filter(AVBSFContext *ctx, AVPacket *pkt) if (res < 0) return res; + if (!pkt->size) { + /* In case the cache is empty we can pass side-data-only packets + * through unchanged. Otherwise, such a packet makes no sense. */ + if (!s->n_cache) + return 0; + res = AVERROR_INVALIDDATA; + goto done; + } + marker = pkt->data[pkt->size - 1]; if ((marker & 0xe0) == 0xc0) { int nbytes = 1 + ((marker >> 3) & 0x3); From patchwork Tue Mar 22 23:09:11 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 34913 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:ab0:5fda:0:0:0:0:0 with SMTP id g26csp764186uaj; Tue, 22 Mar 2022 16:09:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzkrHbqnaXsBy9q5qxbG9UfZJPGxm8jsIunTCEdsXdNeARJwDOZj+qIJ50Y1Mkg0r0r0YM5 X-Received: by 2002:a17:907:2ce3:b0:6df:d2cf:4d98 with SMTP id hz3-20020a1709072ce300b006dfd2cf4d98mr19009440ejc.139.1647990579900; Tue, 22 Mar 2022 16:09:39 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 1-20020a17090600c100b006df7df025b5si11237330eji.6.2022.03.22.16.09.39; Tue, 22 Mar 2022 16:09:39 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=KDy9EqGV; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7518E68AA6A; Wed, 23 Mar 2022 01:09:33 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-oln040092066052.outbound.protection.outlook.com [40.92.66.52]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 06A2668AA6A for ; Wed, 23 Mar 2022 01:09:27 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BJpGkkZpTJYbmNamwOyAMUtvEMz59g2mRjLXJAQUuFtA/9Kc30qZJgpY+htbrl6O4netwkPWn09awPawyP/Qe1xtfL4dlZFXE04QgqKu52NimHadeNnueTEfeeLJfkRAUqrjTNyqfGgniC4adO0LJFBa42YDR7oVluNogp7gpiIrUlP4EJ18Ksa5XxJNyQtTn2H1PGAIUdf6WMAixTu0Oy5maOM95/rNHNb25b/OfmUAQVfxKuZJTJsdrqkto7OfG+rT8u4Hs5m50ZwpTyrhXIRv4mhqqRZxNFnajyidCzI2sPguGJ/bqrfgFpEHyQqCp31sm9OAipkgkM0RM62P/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CzTI5BMjYlcmv83B64bMUZ50d2BQfUi7bzg+qGskyuY=; b=VVgiPRtPgu11P3mNmuit20ZB1D3p3CiVlooTPIuqF1Gz4f3rPI1P7NZh8JQJc5oCKBX58VLJOGns3WWHmYAOOmrhwppUdkt0pFTzE4zRj74F8mi5H0X0oPJB8/hJ5V2Ad3NLXe1aF0mYZwf5nCleQJzzFF3CiDtBiQPbxCZCTjg8xz4W68szAKJU4GP8MzdkjyNyL73wVBfmaAuEbTqua7uTNkZ+Sk1GEK6/WaEbEXrjuFVGsmpkXvxtLb5B7Y8wbqAQirU1h+w1dVGY/vLP3YDm8+z7xDn6ixB8fvtb3teSpJz7p3lhTHMlDhmgvuytDnvmqckqNpcyOO3FRjNVxA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=CzTI5BMjYlcmv83B64bMUZ50d2BQfUi7bzg+qGskyuY=; b=KDy9EqGVT81KZ7CiI5mAoG85szGOSIYn2WnP365/gxCvVKbBcl32lz85eiKdPmAn3bMxFZpCPLlzjeUb546PPdjU0wkD78WsLLEStj+RylRdQ1/McnKP23hVzGHzl+uimIKAtDSfqaJ+JCOl939vuI60Ckr5XtpiDWuyuvtl059w0Q+4GLw7jL2sv231dBhtRXgEOLSaoAUKDTIm1PWU8BUB2ZNwrJ0mR3fU5W8V9lgwH4cCsi1j1U4hrTIyA0nkYrs9KG24Q3PZrZjV6qQM4s1iREjlIbUZTkkKjwmDG3ybf9NCpB96aDrSZpMhMrpy31IZ92xPltMYuPqqALm9Ew== Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) by AM0PR01MB4468.eurprd01.prod.exchangelabs.com (2603:10a6:208:f4::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Tue, 22 Mar 2022 23:09:24 +0000 Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8]) by AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8%3]) with mapi id 15.20.5081.022; Tue, 22 Mar 2022 23:09:24 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 23 Mar 2022 00:09:11 +0100 Message-ID: X-Mailer: git-send-email 2.32.0 In-Reply-To: References: X-TMN: [0LCiwEB2Cp+dE4dpPv5UAkwHHaqD4XKq] X-ClientProxiedBy: AM6P195CA0066.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:87::43) To AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) X-Microsoft-Original-Message-ID: <20220322230912.466724-2-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 42d3eb62-c484-4e44-4230-08da0c590199 X-MS-Exchange-SLBlob-MailProps: S/btQ8cKWiTYoa8NShfDu+flR/LTYW/b299zjd+KaFjxP9CdBmZ3CvKiRvsKIIzK59kouyLKSQ5h5Chv9b47i+M84+Da7LsMtlXhNxD7Xl8DIaRh5h3wQCO6zvMA2Dc7s9xAjhhUzmEGxjyVyeFQDqNRkagfD2FWABcSlvrBiyePZfBGlsGM1DBLRbnDGaq5cRpqaB4a0KGmwHdIUO+9Hmir/c7bUE2F0HZ/LYTETn5RJD1qlbJvAWamptYzmU6Y4RYCz+SL+0mqLFL0EARrUjTtcr/67YWWN1C3kF6OahgDcR0DuPA/XivwNyB5ICEkvG17WZ48zgOsWUvor4l7h4+iu98VXplL/X4WbrqzjnXOb/cUTV8Nub0h8ltVkrFdpF0B5p7og9qHoQXs2UUjpPhdTIW5/FdydlXS51Rde+VbXM3dHjV+zVMYFvUucJsEIiZ+svP//zJFJgzibBzZEj1ciR1jP8jpi2x7G9dkpODYjiDurCmmsyj7oRN8H0MgEMJFxHTrF1AX+chHNOWVfVV18CGnvU7OuKgmTP83CW6JMSD8oB6ceHK4yAUlGIYkW7I4VM3nWtEmsOD+CLiNZ1N3/Qwu+Sprx7Z3tpgGMV5U1f63sAkDxazDTXCYkPgr155/ePX/JDd8AcMu/2VNo9zwksN8EbgPONVZP8XSi3p5S3vC9R8+75mwExycrw/EpPE6JcdmBPKmcrBowuk5flpG+fXFHyqQfn9oOyAaOPjykDBdIgMbzdi80CZOkks30KtaTPXoO5k= X-MS-TrafficTypeDiagnostic: AM0PR01MB4468:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cLf/zFNuGDszq6SxaeNxJCYCi+Nyy+VXuyC5wE7+Ai/wwL71/veCYUzGZyJ5oaOpyXc5vqIymRSAVKU+jtEQ4o+AZBL4h1r4ZGVoKQ1MFp/9mohB5ZCRWV51fLCssGRu+tDsp/Qkcz7Kv4KRrQqsmpLya9orNyKU/DSIi43R/lNbUOI68YVPPguO1Rj/xZRmZ+05mNTbSwvtCwAVpg6gQiknQvmRnAaHbLvtSHPZGoQ/H9W59JwYb3O/+vYLwXSNFXBJQoi+kplIQkoswBjx+6iYaNzvEwalSM8XWssXKugXQVcrQM785Xn71iJyHedwZya07HxJUuyD0L7uy/y8a6ai7WTzZ9ugdY0+MnnHQacP3dZ+3gh8+Cr/JFv7z9KiBaxS75fmhsMKJ7nAVBZjXiWaKa5Bkxozd3b+dqBeR6GX7QqOEoQcvltclJwezJCNjLpK/lf88f0uiBfeIE6CuIYsksy9EqhHcthF/RXy2lwjYjzLPWo7AW+4Jwy3yavSx82p9DLXbmrs+KHQSFPuIImPeShfnPhIDUu9k5JNXlxQLmDM9AgyqJcjOQNtedhyN8jco2bexd6G1mFmDxTLoA== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: LEdjAHukjO+ZegeiIO79WgSkXGjQ7BiLbe/McdPYALzx7aWipY/lczk+WN5E253cZJcFhKIFZFVq8nN8N8yaTtk8IHsZVqMtzCLVD+ZzWMTMYY4xiYmEkJBXEWQwtJPD3aGL0f52utFdWl98ObzmAoCSDGfkih8dTSOU4Nf1IGSyobgGNYCpO9azT+vqQoDPUerKK8IdxxiIrbwpPg8r0xLTZzYr/93mBTQdq1uPJkR1lzxKt/V5/27rVaeBTjtiz3xg1x1O02Q4e1+dPpAUrPWCQMTlgAGwCzwTxkf1Yaa9TFwz4mBPCOvfZAjYnPWstdxof2e+E/hur2WKNMKNlYwk5TiWHnFDqTa8gFFXgcQWxXNOPGJ7+aaZKIEGyQB+TKt0A21xL77T4tPpmJv0bXds/+56ayVQsQ7iLakMHw+SnVA4txyyL5TikMj33xakiHG7MiOyoz8EQK8Kom6O65wpgTlwyuk8EYqgN4JL+b2oqI4nvt2diglVP7N3/MNWsq19ABnlH1FvgbBYqGH78UM8/bY/y5DfX2AFd+uaI9Znbwf5HCu5E56wqujbYLly0ncOXZK8L7lzWuCj+MQ44c/iWrk6KaoHrXqQI3xMPtO6jKZXsnjvS6n23D17+ULvDmwof/JziU6Oj+9a5w+tp086fA0Cb9tCYWowLISBlsXTBiDffXQuCH44jVQ0VyLFam8o14HWYPQDrLIMUEUGLQj5ljW5d4R0orW+zdLtsxzUkq7nBqh25MrTRkVwlQC2O9n0baG9VZYkhKa1vV6icwuf/bgqvKXj9xzPkH9bLSCzRc9tO7dJHJXbSCs10VRbVAvt+BOMyUKQEuEwwg6pXUEXlVJmVku5tMjZo+2qpF2mM6ysL/WBRECYyOnT6po2Y1Py40xwWbp7iNdzTrROwioH5VPv7coZFqw8QhsfdMjfnFNGXOFuj/kaQU0tjmnCyMx04VMxqX6Sncq6HavF3erN/X5GuVS2bfEB4bJE4odQE2eNdbt5rOySdQWuXCV95NYCJmggGhzVkq/qFbIEnDHDBEXsWF20YUSk3beZTeLBZnW+dt7fp1o977eDMrrAvKSnkgkS8TnRCDLe1it/4GD/V63RSLqES8lNEfQeGY2RGiRdvxtuzd/iERgEMK6Swgffo3+Y4oJUg+/aXp9jVf9RIcdrwA04tRnEAIccJ04= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 42d3eb62-c484-4e44-4230-08da0c590199 X-MS-Exchange-CrossTenant-AuthSource: AS1PR01MB9564.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2022 23:09:24.6821 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR01MB4468 Subject: [FFmpeg-devel] [PATCH 3/4] avcodec/vp9_superframe_split_bsf: Discard invalid zero-sized frames X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: hIxYS0DMjHm8 They are invalid in VP9. If any of the frames inside a superframe had a size of zero, the code would either read into the next frame or into the superframe index; so check for the length to stop this. Signed-off-by: Andreas Rheinhardt --- Now split into a patch of its own. libavcodec/vp9_superframe_split_bsf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/vp9_superframe_split_bsf.c b/libavcodec/vp9_superframe_split_bsf.c index ed0444561a..7f0cad1ea0 100644 --- a/libavcodec/vp9_superframe_split_bsf.c +++ b/libavcodec/vp9_superframe_split_bsf.c @@ -70,7 +70,7 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out) frame_size |= bytestream2_get_byte(&bc) << (j * 8); total_size += frame_size; - if (frame_size < 0 || total_size > in->size - idx_size) { + if (frame_size <= 0 || total_size > in->size - idx_size) { av_log(ctx, AV_LOG_ERROR, "Invalid frame size in a superframe: %d\n", frame_size); ret = AVERROR(EINVAL); From patchwork Tue Mar 22 23:09:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 34914 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:ab0:5fda:0:0:0:0:0 with SMTP id g26csp764216uaj; Tue, 22 Mar 2022 16:09:48 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyYoySH4cT9tW2QyWx7VqJnT2nuaOkh5yS5qrumfC1mCmYBo8DWycpdDq1PwRbxw1hAiGGh X-Received: by 2002:a17:906:1e0c:b0:6cf:d014:e454 with SMTP id g12-20020a1709061e0c00b006cfd014e454mr28925300ejj.583.1647990588508; Tue, 22 Mar 2022 16:09:48 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 27-20020a17090600db00b006df76385b67si10521051eji.7.2022.03.22.16.09.48; Tue, 22 Mar 2022 16:09:48 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=ieOIQ9Cd; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6399C68B1C7; Wed, 23 Mar 2022 01:09:38 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-oln040092066052.outbound.protection.outlook.com [40.92.66.52]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1D9E668B1A3 for ; Wed, 23 Mar 2022 01:09:32 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=L/n4CHLd/RIyoM15xu9cdXK8CJOe2rSyU2MNacSOrKQJL7/a/gMvNXQmz3WfTxUchnpjBX+v9rP2/C6PKcx9UUhkQXNu42Pn1XoRYRfPnlYSwOyTwN9oAxdlN/vvefDW/H69jVkfpI2PYJZppQICtAWhUCzL+qdpXUgiPtWyNMXcooRjnh3XojxO7GHMgUl8F3oL/MqQDoiMKrtH6KLKA2AE8DZT0z1GZM1wY58aoRQbdtuw1p/uOYJtDfjFDMNtyFCqLFHn5s0kO4/NFgDIPO22ktYnP4z+aLTAOClq96q2fOTIUhMc/autQDL39DddH5RwtYC/QtmTHZYpVwQvYQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FWIaDPwYyArAI4SFX3ii90v/X0dreyTv2Kuhx3SFX5g=; b=CpAv8nGjZFLh1Sxv8CNL5EH011INQoEsvM0OR1wcS2lvwrvk0qHIK1y5U9SnBQYL+ddkQgf+Sd29muV08uVM8r3P5aYEy8IldfjCcKsu8+vQIvMmNnaE2V6BXbE7LLZOks75xfnWIwoz4NZzgtg2iZWl58SQeR17LPrnCoaGnwSyaF3SdSTBOSe3kO71S7Da9mMLZU5ZnzCQrh4SKyH+ikqbF3FdRDgcJ53LQqXE/O6lcchNihdadzUmRS9q4IQLlshzFCXPlB5ECwe4yD7e5F+ZaPqH2Iy5NMf+/kfIPqNLl67gRv7z5vQXy0Uv2IIUmmD5pU0VcTtz8qOaRqzEPA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FWIaDPwYyArAI4SFX3ii90v/X0dreyTv2Kuhx3SFX5g=; b=ieOIQ9Cd55lTlEVaSg8W7k7pV5FMgn/NhKbGWEe0dGBUHWTPK8pwpYEMCDRFMPIc+tyr5zPmWgqeNQd5sFZdhDMIOtgewu8mxHfFbdLQA9Qb4i1jhJ7HlZDMXPSdGEjvo3OCim+IETZu9Z5Fr+adk1d86vnrhrLeQ9sH+IodUPIZj4aTQ4n65U3XCdvNkW65c52qMl8FvP3TNupOaxKttmk8ktK1+0QKDEaeVfe4H3jnUnWnp/pruOrWDyeJUXv7KyZsWN3LcVcG6KO2LHkJx8yYuU6gkAduDoITjjsW9+hHD/33s9P6IjMi/bb5RfoHcrM81g2GhAPMPsxsMBepSA== Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) by AM0PR01MB4468.eurprd01.prod.exchangelabs.com (2603:10a6:208:f4::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.17; Tue, 22 Mar 2022 23:09:28 +0000 Received: from AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8]) by AS1PR01MB9564.eurprd01.prod.exchangelabs.com ([fe80::9070:a5fd:e532:bdf8%3]) with mapi id 15.20.5081.022; Tue, 22 Mar 2022 23:09:28 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 23 Mar 2022 00:09:12 +0100 Message-ID: X-Mailer: git-send-email 2.32.0 In-Reply-To: References: X-TMN: [ERP/NGB8kb+ecqszl76YH5webLxTTWmr] X-ClientProxiedBy: AM6P195CA0066.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:87::43) To AS1PR01MB9564.eurprd01.prod.exchangelabs.com (2603:10a6:20b:4d1::16) X-Microsoft-Original-Message-ID: <20220322230912.466724-3-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7e4db7c3-59e9-4254-9b85-08da0c59040c X-MS-Exchange-SLBlob-MailProps: +LiGfBxqLEuR8JRu/bs3HX1KZ0ZBmgn5e+GEA6zPFf9Qgs90IyXEdQcU3KgY2OBbuEVlueUxZ0gUKM82SzmlVRpP7fbpNzKy0NcvEIvuGgPNdaXBKzIv6qoJxrSm6Y0li2w2WHyKUc03JXiDLXDgulK7lvTRTRnCR9Vfi50Wwh4PwGwZoBWUuVkKlE4wzpg91tL1iu6zvw6JaTpKYfDEzoan7aoGdN/Od9ITpVhra75M6H/Q2AuFtAzeidP6Or+vRRtZy0K2uKbFLbFo+x4WKkKpirKdl3tl7SmZl4v9YSS0W4uYPUPsXkMp/QxyK6/A4yt3W64j+nkq3xabKEvys8x7BvqXY2Y8RcyK4qFuAI+IdFm5zaNPsnk2HCpmdQB/D8GAdO5uR/gavCrBYUZPOwgIWD2srSkQfQXE7rc1WjksA4Ar2XHyyMvtTTiNrKzSopHCZ9p2qu2Nh6vgdZn7QSOH28LPk68WVWNSJfNSNPUsO72eKpzimeyGQO5OCrxhWtm+aL1txi9OctfuxqWgOXwdZtLD5vdzFkgkI9uG9+/4NDKo3dV6XGtSHckDiF5jEMA+SDfZa6airINaj2AE+tResk3C1UPESH6lJ3aLXHOsW0Nz6moUNgTwrK9SGyrdS6l7nAS6lC4wY8ENjZHmoDvUBs6EzkxFS0FB+C/dTMuFDfQ/2ZzeBA9+Pf8A4T2++n76F80Zjq50/BSWIFmFyfGNTFKE2RvYqXSa/SdF9ghK17atc/FV5mCHd/f9vL+hMJZIzD5tSvxria9MMUU14cpbbZUP+z/k X-MS-TrafficTypeDiagnostic: AM0PR01MB4468:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: WfN+67DAZc/3gLHmpOieI1L0xDY5VhL5/GCKBSIvbBiaUaR9qGtrHvRv3UqXa3rCU4hr7YN5bDFOY2ixlEGutLUX2scmhC0WZ1Ow0L9jFp01AobMqLi/tWrfiKKK5N12OWwRsiS++QLxjlBfY5ucuRWp2usowP4YF30J5fboaOh7ffsN6PwEh2itrzr7gE3hi5tO7486ae7Kl722kNvVV2KVtCbms0APPh28Iuw3dDrSgBAIhvOVtXtyJVHN+JabhC4sIYhiFmsqlbgVWHMSZf9/UMFlsym02vHX34sYn75Mdh5sgGJvBPs7o1l++IvscSemyngpTr88mquCBSJPSLgWLPeqdC2KmXsxDWEIIWkqoH7XJrYfwcXy4cEzvXy42pVO5u4H3/c3pZ6RMcVfHFepkD8PlkICBNWNc5GU3l5K6QAu9SeMcfK+m3aagBpsrdxAqcXjKqmquOMoJvX21h8K6gQNz/JIkrjopkMK92ygOVPs7D9hHFoVunnyBBtlbKSVgaD27kxXq+rFZlqDAhfNhhY4UhEooMhlQf/RWah8TiGrVR6cwS5haE92FmxeFDUQuFhwGyWPMdZwKjQdcFFiXhuCP51zDa/zBWXDYCBamloveh850OQxYhwm1YcG X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 7RikKUOUCMi/P2SoYQj/8B74LRzYU/u6gXMgmidUIPxVZIgtjAkvDYAdmoFO0XUlJbi44vLqKB2mUqEzv2M8TU648Ew1BDOCwZPkKXo8w52sT/iR59wckhbx1B255dzHpB+muJxcroM7ZDT1EqUqbrZ3b6gvMr/b5Z3QOlKyDINaR64gkPRDIMj72AKE33Vi5Jz4l4WJiBpv1Gg68Pb5wJ/1zQJgGqJogzH5ni6SG7PDQ/e41GtBopUieNy+9TRuMEzxuP/T0Jmsi6PMZtYebeR9ILkWNVZsHZp/it5Rq/x6ZfTGhMGhm0AoKdmEys/Sk53v9a7+8J9xz1qhVU+VsvJjNbqr7hOokmTwWJiAOgBoV0ZaQpB9mwECd2alRm7bEp0B2d/LXq46bUDrYyi3WTfnOliVbbasfUYT4MyL2kUQdh5raaTi3vWSrWKidrJRLqSvcwwGhlwuh92xdTBtDxvIEdQYZ+CV2U/5wSucQkhgXV+rJYlsGgeM2lFx1xdIVznfyMZ6PDIY9nqXMFBAn0ZSH6pnpp1ej5yNvCBi3qYi/EjjnYG8HO19Rt3OpcsOJK6exL955iYidwmhxB4HBo8VSpfDaTxTh0YzQSE/bsQHBIoYh7zK9XutCaqhDTP42NiL+ii4k7HZ9kKSWakn9nVwvxFrnxjfogM7Clq7VRAkj8lz36ynMJs746sLME6Kd2khKrl1WqQYnddaPt5hgBN0JkgJzONVM1130txsevsC+eNsZgXHuwvdGm4Ce061aIlqQrALRP+C3SfdO9JeoBgWndNQ9+Doz9tDjDWGpblQuKAzbgb5+nxZqgSDsz/X9oUM46cStv5jD2351BJL69t7unEkkyge1evNYYFMscAI5/BnFU0Rr/Ul5rtdsOzObr+JORB9j6D6LAz6cGFqclUOCYZxlZ4oygn4UTKt5DJCjuGRQMj1XW95ybB4Tzd9VddChJqs9vkColcFXn0KT+4qOyDtS9HwQ+B23chX91dGWteyQqQzbH3KW462Y9EHcehJf7W7oyY7UZ0cLraraJhhWQ1zanu0nM9F5lMhJklUiN509Y1s6+XeGkrqyWpfpr/gAgeOjXXprLZTyu0xqQNnC8KuV0YWb+gGmpmPq9INUnp9dcilUoLb2ycyFIdsva5Mqj1E1S8R1/26vHBuGBQndw7fxZWXHnq7OZ/aunQ= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7e4db7c3-59e9-4254-9b85-08da0c59040c X-MS-Exchange-CrossTenant-AuthSource: AS1PR01MB9564.eurprd01.prod.exchangelabs.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Mar 2022 23:09:28.8573 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR01MB4468 Subject: [FFmpeg-devel] [PATCH 4/4] avcodec/vp9_superframe_split_bsf: Don't read inexistent data X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 0NfEAoaz0uFv Fixes: Out of array read Fixes: 45137/clusterfuzz-testcase-minimized-ffmpeg_BSF_VP9_SUPERFRAME_SPLIT_fuzzer-4984270639202304 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Andreas Rheinhardt --- libavcodec/vp9_superframe_split_bsf.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vp9_superframe_split_bsf.c b/libavcodec/vp9_superframe_split_bsf.c index 7f0cad1ea0..c9cf21b541 100644 --- a/libavcodec/vp9_superframe_split_bsf.c +++ b/libavcodec/vp9_superframe_split_bsf.c @@ -51,6 +51,9 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out) return ret; in = s->buffer_pkt; + if (!in->size) + goto passthrough; + marker = in->data[in->size - 1]; if ((marker & 0xe0) == 0xc0) { int length_size = 1 + ((marker >> 3) & 0x3); @@ -121,6 +124,7 @@ static int vp9_superframe_split_filter(AVBSFContext *ctx, AVPacket *out) out->pts = AV_NOPTS_VALUE; } else { +passthrough: av_packet_move_ref(out, s->buffer_pkt); }