From patchwork Thu Jun 16 15:58:09 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thilo Borgmann <thilo.borgmann@mail.de>
X-Patchwork-Id: 36256
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a05:6a20:1a22:b0:84:42e0:ad30 with SMTP id
 cj34csp1015614pzb;
        Thu, 16 Jun 2022 08:58:22 -0700 (PDT)
X-Google-Smtp-Source: 
 AGRyM1uE96v8xmNM5m5p/hb31wERmmjdLmsjRcwFHYXSACak4BMEAxNISUx9Ut0fCaExXx3sYIzK
X-Received: by 2002:a17:907:a427:b0:71b:6f0b:8beb with SMTP id
 sg39-20020a170907a42700b0071b6f0b8bebmr2938158ejc.496.1655395101720;
        Thu, 16 Jun 2022 08:58:21 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1655395101; cv=none;
        d=google.com; s=arc-20160816;
        b=q3bhQrmLN2Fq0sYvq83Xcs26KAnky5EEkI6S9M6PzZa/qNCcat2RVklBG38VmNOCoP
         O5wSY7g+iBlpCRcP6DqiprqJDl0GJ0KQGqejgBoV7LsrWE+igNDTHZGH9AhTVwgSii68
         2EIrLuCwP0Olj+v/IuuAXdz6kD5FVnNPk6oM+0T8HAgcFueAHYw73oaKLkrJtIUaMQ3b
         n/VfPa8k3iImdo3mmLMKwf+wiAoqvcrfC5o4NkEaqBqF6mmhibCsqJ3RS5hytn4/dFN9
         7MQuP22iyhO8+g+HSwRwr9bbSu0fKbE+/DmVNn4b9o4/3g0E4TrK2aioe1xseg+2faKF
         WtBQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:reply-to:list-subscribe:list-help:list-post
         :list-archive:list-unsubscribe:list-id:precedence:subject:from:to
         :content-language:mime-version:date:message-id:dkim-signature
         :delivered-to;
        bh=sbpIbkLToWRPw2qkJrNVUpVv7o5YzzKeLITkGVkEU7Q=;
        b=NEUNwko2tqF0xdOa/nONEHEKGAEtj3whJRCiHbC74klPdzbgOMgxv74dCsQpHav/2l
         lzNv8W/P3GlaySzcPvoFJ+TuxZIsBgdBCC6ZCYjaBWvSa/n11cz1QMA1otlcDPFcqIwT
         2RyBbqVXUbV2L5Q5JkDFt+0EPSDlBBitqP5fJSo/7sIqFL8aMyvajf8b3N/k6kSfpJZD
         P1ceZglRC3/O9iZVOkQItb/4DCS/d/O7qPTPfgHrHYXrgf9lUx4a4Wq2lgwcU9HSnc3j
         c4EqUtYP4BSTixu/yDEVp/pTS7urNfbr9IatjC9DO+XxXtPl3/EHCruy0jK13Y1ThXOy
         981A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@mail.de
 header.s=mailde202009 header.b="5DaPSAy/";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mail.de
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 go19-20020a1709070d9300b006f39645649asi2257839ejc.639.2022.06.16.08.58.20;
        Thu, 16 Jun 2022 08:58:21 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@mail.de
 header.s=mailde202009 header.b="5DaPSAy/";
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mail.de
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BF7D268B7F3;
	Thu, 16 Jun 2022 18:58:17 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from shout02.mail.de (shout02.mail.de [62.201.172.25])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2A7AF68B7B8
 for <ffmpeg-devel@ffmpeg.org>; Thu, 16 Jun 2022 18:58:11 +0300 (EEST)
Received: from postfix03.mail.de (postfix03.bt.mail.de [10.0.121.127])
 by shout02.mail.de (Postfix) with ESMTP id C9379A0C6D
 for <ffmpeg-devel@ffmpeg.org>; Thu, 16 Jun 2022 17:58:10 +0200 (CEST)
Received: from smtp01.mail.de (smtp01.bt.mail.de [10.0.121.211])
 by postfix03.mail.de (Postfix) with ESMTP id AE9E38020B
 for <ffmpeg-devel@ffmpeg.org>; Thu, 16 Jun 2022 17:58:10 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.de;
 s=mailde202009; t=1655395090;
 bh=jmxlnExVTeXvlCT/Zz6IulTCi6Qi+4P3xvcxjwnilOg=;
 h=Message-ID:Date:To:From:Subject:From:To:CC:Subject:Reply-To;
 b=5DaPSAy/46Hq0oEpT9DgDteW5alD0gKfmK/SFah12saY46Am+FmmU3x/oZqvUJqb/
 M6QBpeBe8ZW5/5AFR7IhywKZLGgnx4lDt3kr5oM+aew+Jf2Mn1d3TlCrQhhXb1BbQZ
 8ir0WewATf670vGG9WZPwFYKxjiBhJOp4edNnN1xE155I2nLmG0HoKo5nMU7/PQUWC
 NQ4oQvwKP65qc1BuN+s7n4WqoixTrGBQa9HVr6ZJ3PfSYF4OYPaERtZ6BRMR4U+rxm
 jdqd8siK2DJk3GzUxBwke2ATNggKWFi9V6iIBgoNQ+bZQI+HyaogxCHi9V0v6Qmgaz
 JSIUMde07cqeQ==
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by smtp01.mail.de (Postfix) with ESMTPSA id 7E877102945
 for <ffmpeg-devel@ffmpeg.org>; Thu, 16 Jun 2022 17:58:10 +0200 (CEST)
Message-ID: <23aa6fad-bd13-6aeb-cc27-8b2bd3497b8d@mail.de>
Date: Thu, 16 Jun 2022 17:58:09 +0200
MIME-Version: 1.0
Content-Language: en-US
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
From: Thilo Borgmann <thilo.borgmann@mail.de>
X-purgate: clean
X-purgate: This mail is considered clean (visit http://www.eleven.de for
 further information)
X-purgate-type: clean
X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de
X-purgate: This mail is considered clean (visit http://www.eleven.de for
 further information)
X-purgate: clean
X-purgate-size: 1825
X-purgate-ID: 154282::1655395090-000005DA-042FB084/0/0
Subject: [FFmpeg-devel] [PATCH] lavc/libx264.c: Fix possible UB by NULL
 pointer LHS
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: jh4HHH2OHhqN

Hi,

the LHS pointer might be NULL so that += would be UB.

Thanks,
Thilo
From cfb7ce8092c34436fae3120645aa96fe082af4ea Mon Sep 17 00:00:00 2001
From: Michael Goulet <mgoulet@fb.com>
Date: Thu, 16 Jun 2022 17:52:56 +0200
Subject: [PATCH] lavc/libx264.c: Fix possible UB by NULL pointer LHS

It is UB to attempt to do pointer arithmetic on NULL pointer LHS, even if that pointer arithmetic ends up being "+= 0" (i.e. !!p == 0 if p == NULL).
---
 libavcodec/libx264.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/libx264.c b/libavcodec/libx264.c
index 14177b3016..616d855067 100644
--- a/libavcodec/libx264.c
+++ b/libavcodec/libx264.c
@@ -940,7 +940,9 @@ static av_cold int X264_init(AVCodecContext *avctx)
                     return ret;
             }
             p= strchr(p, ':');
-            p+=!!p;
+            if (p) {
+                ++p;
+            }
         }
     }