From patchwork Sun Sep 18 17:13:58 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38009 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp790849pzh; Sun, 18 Sep 2022 10:14:50 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4OXpZ4FB5gdOHHc6Lq/1ML/IYEWKmu70KTv/OIzu1Eiuk/5dBnZp5hLr2skZOzX2CT/64N X-Received: by 2002:a05:6402:1d84:b0:44e:8158:84 with SMTP id dk4-20020a0564021d8400b0044e81580084mr12081921edb.80.1663521289839; Sun, 18 Sep 2022 10:14:49 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521289; cv=none; d=google.com; s=arc-20160816; b=e7sFWNfpUmxju+VmUxmstE6zUQMzgs9XQL9vhwUzk8xN/6jorbLGJtcGjF6HkS8eQ6 2T+PDn/r/9pY4nUZhk+C0WIcK/4h/jQxXCMGuTXq96cANlPcO00kfIkHQzWYcJAT9NzO YdowYzCOWZ8vW2d4exIxXBOWeTZ2vMiGOcqDw7UYxBxlWCSD5+scH4SlBYkkf6AzkgZ1 qNAgg+WK1RPYop3vaW9WeR2SVaISpMrAqEg2P23GVpbt1ZKs2ZWJ9beGDht90SMXgHDb UqGma7TazNiqrevhA3ammaFRrt9dzN1Px4dNqzwYX0hwTzaQH8TuOsLWE0nYJJZiBo1c 51WA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:delivered-to; bh=3jIw3XLJ8iLxJnL4+6Q4V7rJQW/liU4H0Dunc5Yo2TE=; b=EB5xU8uIEzyMsiYf879k46/Wyyq9aiTZiLjYHaT05+TJ5uhTyiYRYkxz5kHnaLoZ8K zqiiZ6RILf00fK+9D9nzuKtPtewT9ZH4USwhRCS5BUDt/nQcvXvtbmza5Qh5xhQg1SZm NadL5J1aykuh53YcLuJZ42uCJ0ZqbkVALmBvEkT/0xzsUaha6KL7wawF2JgaBqJa20Nd GweACHioYakiHBpbsuX6qlcfbzyB5CqG9NzCSfGo1Gk9orV7rWZtwEyZt/XDqUjaygHe ADL/R2FrTWtcSUFKgdwUtpw+2YXP0JGaESXLn8ebNiZOC+Bq8ah2nsX6Bw6ccc2DIufv YdQA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id j15-20020a508a8f000000b0044e762b8d4bsi7550249edj.480.2022.09.18.10.14.49; Sun, 18 Sep 2022 10:14:49 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 56E4C68BB9B; Sun, 18 Sep 2022 20:14:22 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at02-1.mx.upcmail.net (vie01a-dmta-at02-1.mx.upcmail.net [62.179.121.148]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3392268BB14 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at02.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrv-0047Wn-Dv for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:11 +0200 Received: from ren-mail-psmtp-mg02. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxruom0288s8UZxruoH66v; Sun, 18 Sep 2022 19:14:11 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg02. with ESMTP id Zxruo4SrvbZLDZxruoJKI6; Sun, 18 Sep 2022 19:14:10 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=Ufwy9IeN c=1 sm=1 tr=0 ts=632751e2 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=5rNS-B3umHXH4wTWp8IA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:13:58 +0200 Message-Id: <20220918171410.31835-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 X-CMAE-Envelope: MS4wfI9BV6yW0sx0oIBpYi4B7nmO8jtIIvYg6+aaFCJvkg6q+J8GgAYuIUbMETmjcEj+HYJ22eiYe3zZSDb/idM2zHXZUBiEBgWtRETUdhnbXxpxlxXGDzZf 1O0kz+Fkpc1auDMkHd/G1b/Bv1eqgmmTJQudyl+OF7BNPDjXNth7HHDCvA8eHFgVjlr0xO3FW3WJnA== Subject: [FFmpeg-devel] [PATCH 01/13] avformat/flvdec: Use 64bit for sum_flv_tag_size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: GjfOd5cndQMT Fixes: signed integer overflow: 2138820085 + 16130322 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_LIVE_FLV_fuzzer-6704728165187584 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/flvdec.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavformat/flvdec.c b/libavformat/flvdec.c index 7f9d7950448..d83edff727c 100644 --- a/libavformat/flvdec.c +++ b/libavformat/flvdec.c @@ -66,7 +66,7 @@ typedef struct FLVContext { uint8_t resync_buffer[2*RESYNC_BUFFER_SIZE]; int broken_sizes; - int sum_flv_tag_size; + int64_t sum_flv_tag_size; int last_keyframe_stream_index; int keyframe_count; @@ -1032,7 +1032,7 @@ retry: type = (avio_r8(s->pb) & 0x1F); orig_size = size = avio_rb24(s->pb); - flv->sum_flv_tag_size += size + 11; + flv->sum_flv_tag_size += size + 11LL; dts = avio_rb24(s->pb); dts |= (unsigned)avio_r8(s->pb) << 24; av_log(s, AV_LOG_TRACE, "type:%d, size:%d, last:%d, dts:%"PRId64" pos:%"PRId64"\n", type, size, last, dts, avio_tell(s->pb)); @@ -1332,7 +1332,7 @@ leave: !avio_feof(s->pb) && (last != orig_size || !last) && last != flv->sum_flv_tag_size && !flv->broken_sizes) { - av_log(s, AV_LOG_ERROR, "Packet mismatch %d %d %d\n", last, orig_size + 11, flv->sum_flv_tag_size); + av_log(s, AV_LOG_ERROR, "Packet mismatch %d %d %"PRId64"\n", last, orig_size + 11, flv->sum_flv_tag_size); avio_seek(s->pb, pos + 1, SEEK_SET); ret = resync(s); av_packet_unref(pkt); From patchwork Sun Sep 18 17:13:59 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38017 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp791387pzh; Sun, 18 Sep 2022 10:16:04 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7XwGmAocc+cmGBRd4kNmxKmlQntDGi/RtCXGQz8YmcUEyrbbwI38lpgJJwRJEGC3t3WOMc X-Received: by 2002:a05:6402:4148:b0:440:cb9f:d10f with SMTP id x8-20020a056402414800b00440cb9fd10fmr12423139eda.77.1663521364179; Sun, 18 Sep 2022 10:16:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521364; cv=none; d=google.com; s=arc-20160816; b=rHcXzME47GCJgkdE8fBBmGd9wXItB2h7QIaZ2YTrj0ln0nsd4G/hx+I35OOqsNwxk2 +GCS/iMcDn/J4vRdHCecKUskGiCrhgw66hL3nz/NiPrGsdDd9SCMQ5BvFap1mFbBfQZR 5SMiLcmZKpTIr0G47cuc8JXln/IsRxOb1cEDs4F/zp3OUfQSmKd+Atm4mxtNVILcgSaf OztBYh2w1VtmtqThAzV304maStvF5gSSyS9qAlkBD+0KHNTfjw2awTdt775hEDrVgXW2 wbVTyg2tqrSE20KawPVWnj3TloxT3xSD0Gd7uMW7R1AmrotSiVcByyk2kH3hJ3rd2DVE M8Jg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=zqjCK1xJzH0gdTIroiRpIxKaW10TkY1TYvQnXvFb4c0=; b=xn8CnP4APIuCoh6TMt1uBmcZEif2J8n9jex+YFz6tlgzNi+NnRP0j2Z33bBV/VXtlq GxtoMUDvnscKToQKwE8HtoZnIHvg+XEKCrjparufNS9GgMOE4Z4WKZncW02JG4vsWUv1 14Keo09Wr4BycgGyE/F9CL+uThROjnPmryzB12WUFnrusQ4H3oKdIVm4oPuiP2GSkkRG FUqNHhdgDAOEaJX9106K6o1C4Z9e07pF0AQeJxpXmoh+Er0jhhAov74JZ3uCM0RPY543 9pfD0V32JUcupkbtCL2rlIwQfvZSawbvMj7sWHP71ccwcFGpt4NJzBxU2bYZ9mCqywVa 6D+Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id y15-20020a17090629cf00b0072b7fac8a7asi17159541eje.926.2022.09.18.10.16.03; Sun, 18 Sep 2022 10:16:04 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2B51D68BB1F; Sun, 18 Sep 2022 20:15:13 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at03-1.mx.upcmail.net (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8993C68BB21 for ; Sun, 18 Sep 2022 20:15:11 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxst-00EpF3-1Q for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:15:11 +0200 Received: from ren-mail-psmtp-mg02. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxstom1Ds8s8UZxstoH6FV; Sun, 18 Sep 2022 19:15:11 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg02. with ESMTP id Zxrvo4SsFbZLDZxrvoJKI9; Sun, 18 Sep 2022 19:14:11 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=Ufwy9IeN c=1 sm=1 tr=0 ts=632751e3 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=xURiMuJYthj9BTddSxYA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:13:59 +0200 Message-Id: <20220918171410.31835-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfJY7KYYb9NRXgszn9WAqqDLXr88uk1tH09msjenO5WFr3+5Tit+4gg0XrJXlgewTAIHL1iJM1TQrf1Stprrwmil1RFwM94v7lojT2z2v+hlzGzEUWWJ6 hf6cUoPHBeYZj2co3CVQ3A25DIdCXqGn6PaiTabtgFixOWfIpPzBTbyG12EJ/UDPnlHLZeaiHYCkpw== Subject: [FFmpeg-devel] [PATCH 02/13] avformat/mxfdec: Check run_in to fit in int and be valid X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: O32jbZXNTfuR Fixes: signed integer overflow: 9223372036854775807 - -2146905566 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-6570996594769920 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/mxfdec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c index e63e803aa56..da81fea3bc1 100644 --- a/libavformat/mxfdec.c +++ b/libavformat/mxfdec.c @@ -3681,6 +3681,7 @@ static int mxf_read_header(AVFormatContext *s) KLVPacket klv; int64_t essence_offset = 0; int ret; + int64_t run_in; mxf->last_forward_tell = INT64_MAX; @@ -3690,7 +3691,10 @@ static int mxf_read_header(AVFormatContext *s) } avio_seek(s->pb, -14, SEEK_CUR); mxf->fc = s; - mxf->run_in = avio_tell(s->pb); + run_in = avio_tell(s->pb); + if (run_in < 0 || run_in != (int)run_in) + return AVERROR_INVALIDDATA; + mxf->run_in = run_in; mxf_read_random_index_pack(s); From patchwork Sun Sep 18 17:14:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38012 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp791044pzh; Sun, 18 Sep 2022 10:15:15 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7hzEJX4uR84EeR89xWDFfPAgEw5zXvcoqpnOaWkxBQ8D/Ys/sMoK3vWFLtvqsaJDTO/EPn X-Received: by 2002:a17:906:ef8c:b0:77c:8d9a:9aed with SMTP id ze12-20020a170906ef8c00b0077c8d9a9aedmr10799640ejb.704.1663521315526; Sun, 18 Sep 2022 10:15:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521315; cv=none; d=google.com; s=arc-20160816; b=XcTCS+D+OWns0Yhw3nwVBvoZC97d9EjUFl7AvbQOQPyZVs1mXJElfU0Rj3jpAiam+F kNMvDCE52sUzqkRDUP+oEZiFA50XXsx2Jh7SQggx2kkZJYZnwAnPtg0mrkXQipj4f+Se q9aLWNUzBdv0PhhfuCdwoWbNloRDko2NL54Etxh6woylbZucPuMnGD0FyUlowmRFDI3G UuuY3nAvHuR1ltkGVj+GX8YviSBt7uGC4Pg+6xI+QYh9mV7JTBCfSVK5MoAHKkUgKv4P iubYnMaoLFVtme88JEKQj/yG+oIOgR5Zs3ErhglT/uuJpCwr+b+yDTetVbmCnArIZRP6 Gb9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=ediC5BdpmPzwNKZjXXWOfSZsDtcpxNB7piYTt/KQ0Tg=; b=MGTuL5JeXVsg+Pp2JztHjKItJiOFVtaPNwjp5OD9CRGxpDIdo4UZlVRoxlhc57Bkg0 vtq7Mia1OsUMMJKNmxf9h95rD73aDoly18EyDXMnZPIXYnItdoyDF4iB+olATgoERQSZ Pa3htPOIa4YwGdiCo1KaHqxnd9MtrHYvR9c5FYXPgXZL5yvQbjEHSu0mSHJo2xHwFa7Z bCmY0a7HkJdhAcUrKjeMfuB22m+y+uUK5DatneyYJofcADs3YDN+OaeJaXBZX0Zjg5eo wXWMxsJ+isTKcg5cJ+IZ8qITzdaWT2iIbg0pIzYIhmvubrUKKxIGr/cdublZNN1K+YUI zICw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id di3-20020a170906730300b007803739fe20si14274378ejc.367.2022.09.18.10.15.14; Sun, 18 Sep 2022 10:15:15 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0DAB868BB28; Sun, 18 Sep 2022 20:14:25 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at01-3.mx.upcmail.net (vie01a-dmta-at01-3.mx.upcmail.net [62.179.121.147]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 780F668BB10 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at01.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrv-00Hane-QC for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:11 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtolzzw8s8UZxrvoH66z; Sun, 18 Sep 2022 19:14:11 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrvoprCzOG5ZZxrvonHiW; Sun, 18 Sep 2022 19:14:11 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e3 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=Nn6dVWX56Be3HNlrA-kA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:00 +0200 Message-Id: <20220918171410.31835-3-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfI9BV6yW0sx0oIBpYi4B7nmO8jtIIvYg6+aaFCJvkg6qQ84H6NH96xkmjxgD/fY+Cg3mBlLQdhtz+uGHoG/rjXx+ipKMuU2SeT1G+sB0FrDBTbwR1IX4 W/LrQTYGIkSSvK9oSfBJT8OGiWXvxdTvuO/wjC7ywFL768Rvq92EIp2Ai5fRdxPJLZ/P8L4iYd8kDQ== Subject: [FFmpeg-devel] [PATCH 03/13] avformat/nutdec: Check fields X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: z8AXhquPyWNS Fixes: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_NUT_fuzzer-6566001610719232 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/nutdec.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavformat/nutdec.c b/libavformat/nutdec.c index 8cc56615ad7..24dedc47582 100644 --- a/libavformat/nutdec.c +++ b/libavformat/nutdec.c @@ -245,6 +245,11 @@ static int decode_main_header(NUTContext *nut) for (i = 0; i < 256;) { int tmp_flags = ffio_read_varlen(bc); int tmp_fields = ffio_read_varlen(bc); + if (tmp_fields < 0) { + av_log(s, AV_LOG_ERROR, "fields %d is invalid\n", tmp_fields); + ret = AVERROR_INVALIDDATA; + goto fail; + } if (tmp_fields > 0) tmp_pts = get_s(bc); From patchwork Sun Sep 18 17:14:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38013 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp791088pzh; Sun, 18 Sep 2022 10:15:23 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5hmbHYJCWrOobYh5/9NVqTVS/dGKgz+w2u6r14zwZ7vaQlLtA0umV74mcgrrnDWrSESYoP X-Received: by 2002:a05:6402:51d1:b0:451:ea13:1583 with SMTP id r17-20020a05640251d100b00451ea131583mr12382297edd.322.1663521323602; Sun, 18 Sep 2022 10:15:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521323; cv=none; d=google.com; s=arc-20160816; b=rQaxSPykIx8LEsLGRIzXPPqVuHGduRUHiFvMTzcAvX+r1mjl3J++EIPcO34ejU8DL8 idLDCH40jGxVsJdy4RIN10cw5Q6Rt3VnW+AVMD87O/2SyewAHOW3VUvigkzYNvnzesBE /UpsA4dPsrb/D5W2F27khdo1/OUD7+p8V7H3HlsNsKV1UlkatJ4FTcqyNEMpdI0GlC59 Kl0QYv8FxP1EFabFitp0Xk5HJDhYA+VyEWyGtUZ07+8FHNz5VqZJcgOGfTNsOkGupEwR mjc7aA3EHHYNefaQYUm1xPqltVqEGRepcxMI85VYZW+JkN8c432WNqMtU/pf698c7lSH zd7Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=FNnMPopVF7G7XkHR0BnQ2aQ+MRorjQqlVsLe+iJE92Y=; b=HNoPZS3mOD5ve9b7sQXTP9fcgkixcIL3m8fGegKEIR/87QunSA8kvprOWOn7VS5oc8 Ss+i9cpuicECwB8LCaJnZa7frM8V2vpvchXfDu2CCaLMQG+wQHgReKWV3Xxv3W6rUGgG H2nadN7VWHzojaQf5WruM+SesyigrG8+cbNCHgwO1QJ0yRdWVoOVw/ZZDD81MnDUgbLR Gh6UGD03VpYQPSRDBj+SM8gJiyGQn3TFSaD877bILtaC5OkRlysEGwGJoOJlZUFEZWcc SnxIhLl6h4oUUgkoObD16Ed0iZjVn+lPzQF7NvOoDFBmu+Si/yaCJwvqL12cGfMD6w9/ 09hQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ww6-20020a170907084600b007708400bee0si14078385ejb.620.2022.09.18.10.15.22; Sun, 18 Sep 2022 10:15:23 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E967A68BBC0; Sun, 18 Sep 2022 20:14:25 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at01-3.mx.upcmail.net (vie01a-dmta-at01-3.mx.upcmail.net [62.179.121.147]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 79F9768BB14 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at01.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrv-00Hane-Vc for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:11 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtom00C8s8UZxrvoH670; Sun, 18 Sep 2022 19:14:11 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrvoprDAOG5ZZxrvonHiZ; Sun, 18 Sep 2022 19:14:11 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e3 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=qLX2HWhCFnl5HiQO_hAA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:01 +0200 Message-Id: <20220918171410.31835-4-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfI9BV6yW0sx0oIBpYi4B7nmO8jtIIvYg6+aaFCJvkg6qQ84H6NH96xkmjxgD/fY+Cg3mBlLQdhtz+uGHoG/rjXx+ipKMuU2SeT1G+sB0FrDBTbwR1IX4 W/LrQTYGIkSSvK9oSfBJT8OGiWXvxdTvuO/wjC7ywFL768Rvq92EIp2Ai5fRdxPJLZ/P8L4iYd8kDQ== Subject: [FFmpeg-devel] [PATCH 04/13] avformat/rmdec: check tag_size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 6SSS/nkVEDbu Fixes: signed integer overflow: -2147483648 - 8 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_RM_fuzzer-6598073725353984 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/rmdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c index 881d7002add..0f1534b5820 100644 --- a/libavformat/rmdec.c +++ b/libavformat/rmdec.c @@ -563,6 +563,8 @@ static int rm_read_header(AVFormatContext *s) } tag_size = avio_rb32(pb); + if (tag_size < 0) + return AVERROR_INVALIDDATA; avio_skip(pb, tag_size - 8); for(;;) { From patchwork Sun Sep 18 17:14:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38007 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp790734pzh; Sun, 18 Sep 2022 10:14:34 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6fp2QHN/+GLEFxx+2cff3gi/dKW10elGBZg7qyl6Nl/jnftY+M3CUt1UcUE7vlryRwxxYT X-Received: by 2002:a17:906:9b8a:b0:780:da07:9df5 with SMTP id dd10-20020a1709069b8a00b00780da079df5mr5934277ejc.273.1663521273811; Sun, 18 Sep 2022 10:14:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521273; cv=none; d=google.com; s=arc-20160816; b=rUJPu1UpVRD020A1PkSAU085zlMb/5nq97ZOo7V2kgT0DShHq2ebnW3Rby9JD9klyF N6AbQhfArvUqKrs+HnUDI8GQ3QNUICg+NvtjiF5OFfsozuOopoiqYI/fAP+sxFU3M6fz 8MQkp93j6BfrgzDFfY+GLeYvxQ0wglTf+31Q8cd24fc+/I1UekYFuGnXOdrd1ttqqSUV Ey6QisqpV/Z5KkQTEPtwBFcNEiovf1EwiOKxhkQcOGPWzqgKBSVMENvxqfZVDCl/2Jcx /FIYPLASP3VjVDmy+Dsr48OZSIqmvQ3Hj5QDE4y26Y+mDy+gdLNWWziGs41yShF3HV82 w25A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=nkfuUQm019RyTf+5X1mCKDnBbKUgJ9mgYIF4/NGZxS4=; b=mNWWA1DHgVvjSAu+5WuSELSc6ue9sP9mah+3EL9BKuOizJqFZG0jqmyqQvip46UrHU nOXiY+8YywliPAp38i6guA1epjdF8gDWmAXqOVVQ9/iXSR8ZQ6lHtJSPrMIPscAwOcGx wnYGgxVaF4swpWgY6pgZlOgbattlbUuJ7MRnu0HcSFm5m8XQVXyz9J007+FYhjk4+bJo oBAI51JWh/FVEK4LxZKYW4zMXyLj3QSeaqxCpn3BhQfWQQcC1dcgyERBqafQeA6bxMDW LOkASt0DNgOYDddpeLyM3RLdC96gUS53JUDX9k9NprHaMcwsxNexmXAvGacnt6VIbQ97 Rk7A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gn24-20020a1709070d1800b0077b36470c3csi21440369ejc.74.2022.09.18.10.14.33; Sun, 18 Sep 2022 10:14:33 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8805268BB8D; Sun, 18 Sep 2022 20:14:20 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at03-1.mx.upcmail.net (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 18FAE68BB0F for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrw-00EpEO-5h for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:12 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtom0008s8UZxrwoH672; Sun, 18 Sep 2022 19:14:12 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrwoprDHOG5ZZxrwonHia; Sun, 18 Sep 2022 19:14:12 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e4 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=as6ddgOmgsC_ngIvM0YA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:02 +0200 Message-Id: <20220918171410.31835-5-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfF2HMG47EhbXeicF2ElTeURRlJxsumEeX1rHC4CqCix3UrXTjhBVuorQGqC7Mx1oZFuD4pTXVI/6i+hEa29qK8iizAJjwJ0YB5Q/KB1pkBImB11Mo8Cc SGDNy8FESyJmA05wmEOm45ZQr8dZkF/LiCaUY/iM4n1gdFEC7bU4+FBgZ4xe2J6SxmSS8bEF5zjvKw== Subject: [FFmpeg-devel] [PATCH 05/13] avformat/sbgdec: clamp end_ts X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: rGTQrS01bl9U Fixes: signed integer overflow: 9223372036851135042 + 15666854 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6573717339111424 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/sbgdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index 8a6d6790566..4cd12347e7b 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -1478,7 +1478,7 @@ static int sbg_read_packet(AVFormatContext *avf, AVPacket *packet) int ret; ts = ffstream(avf->streams[0])->cur_dts; - end_ts = ts + avf->streams[0]->codecpar->frame_size; + end_ts = av_sat_add64(ts, avf->streams[0]->codecpar->frame_size); if (avf->streams[0]->duration != AV_NOPTS_VALUE) end_ts = FFMIN(avf->streams[0]->start_time + avf->streams[0]->duration, end_ts); From patchwork Sun Sep 18 17:14:03 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38006 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp790667pzh; Sun, 18 Sep 2022 10:14:24 -0700 (PDT) X-Google-Smtp-Source: AMsMyM6JJqDhBTMziXwWYDECh9Eu8g5/pCrQA6uOrOuFOLRJ2dyL0g2bsSartOjvIKPlJinNYzHA X-Received: by 2002:aa7:cb18:0:b0:452:9071:aff with SMTP id s24-20020aa7cb18000000b0045290710affmr11987195edt.194.1663521263767; Sun, 18 Sep 2022 10:14:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521263; cv=none; d=google.com; s=arc-20160816; b=CwG5e/hkDnAQg4W663mneJBRWUvarvY/BXWm+TXnvnH1/FS278a3JZ1dVxbezyetFY xpQRdTbkFB+sT+A+UkayUrYuG0HDjC05on7RSiuLYum27LYNcGgZ9/Yg+/+XLwqgK6Zu 93Jgcvc8vDIpU//SA6O1i172WwdWB4pGf3ZllrqOCgQYb6vkMg62Gus9hLMs6S0qvbfY ZawdoqPCEZvNSOqcCepKtEWH+DuSFVOmJM15BISCgVv41qd/i9iSK2dZx+kPfV24b3V5 HOLLx2Uyad6dttRUzqHJvgiPR0OL1hJYlLm17g3BOgIqKgxWHSjsQ3FUFpbfmUgrekng OnqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=0B8u3hgNBRRT2hACWjbcvzE17UZAMWmDaL1ry8TYyAQ=; b=TXf47WBzTywwzkIbph/+8qfYNPy5xWZ8p+Tt3xPsgTT4JgjbB3OsOgELk0cqNT11X4 PBsoqhnVfAAcds2lVX8ca1T0fXNORnP1RwnsJibB/v2ZjaLFvWr6UcfMte6IS3Tvrd7g MMkW0kxWC18IyeDbla4LzewZoMZ4qkaL07dC3cYwqUVZKyF6oA73Y/9BodSIDAYEaS8e moqZy+zoh/zX7bRvoXautxkVbtYyECo8xwhDlWvgk0ANiGXeFQvTC1s25/GrcwjEYo9y DwLyjqc+xwrq8M1uGXv2Qr+fbJ0N4+oy4wvXbIS5oL7c1ac74eJa2uFP897ccZ23cXwP S/+g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id i18-20020a17090671d200b0076ed46e4445si19639719ejk.810.2022.09.18.10.14.22; Sun, 18 Sep 2022 10:14:23 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 822D268BB45; Sun, 18 Sep 2022 20:14:19 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at03-1.mx.upcmail.net (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 137A668BAB9 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrw-00EpF3-C3 for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:12 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtom00B8s8UZxrwoH676; Sun, 18 Sep 2022 19:14:12 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrwoprDJOG5ZZxrwonHib; Sun, 18 Sep 2022 19:14:12 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e4 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=qhq8Jqu9SGjGQpMi5ZIA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:03 +0200 Message-Id: <20220918171410.31835-6-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfF2HMG47EhbXeicF2ElTeURRlJxsumEeX1rHC4CqCix3UrXTjhBVuorQGqC7Mx1oZFuD4pTXVI/6i+hEa29qK8iizAJjwJ0YB5Q/KB1pkBImB11Mo8Cc SGDNy8FESyJmA05wmEOm45ZQr8dZkF/LiCaUY/iM4n1gdFEC7bU4+FBgZ4xe2J6SxmSS8bEF5zjvKw== Subject: [FFmpeg-devel] [PATCH 06/13] avformat/sbgdec: Check ts_int in genrate_intervals X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: X+5cxRP6MAUH There is probably a better place to check for this, but better here than nowhere Fixes: signed integer overflow: -9223372036824775808 - 86400000000 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SBG_fuzzer-6601162580688896 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/sbgdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/sbgdec.c b/libavformat/sbgdec.c index 4cd12347e7b..5edb9664cc3 100644 --- a/libavformat/sbgdec.c +++ b/libavformat/sbgdec.c @@ -1317,6 +1317,8 @@ static int generate_intervals(void *log, struct sbg_script *s, int sample_rate, /* Pseudo event before the first one */ ev0 = s->events[s->nb_events - 1]; + if (av_sat_sub64(ev0.ts_int, period) != (uint64_t)ev0.ts_int - period) + return AVERROR_INVALIDDATA; ev0.ts_int -= period; ev0.ts_trans -= period; ev0.ts_next -= period; From patchwork Sun Sep 18 17:14:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38008 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp790791pzh; Sun, 18 Sep 2022 10:14:41 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5JxHpn6QQdT2joXaijQA3xynURzKg+9/dN2sP2cR7hq28ayLfBzpLpct0j0JIYc2Plo1Bx X-Received: by 2002:a05:6402:5179:b0:44e:d177:3a21 with SMTP id d25-20020a056402517900b0044ed1773a21mr12621930ede.20.1663521281752; Sun, 18 Sep 2022 10:14:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521281; cv=none; d=google.com; s=arc-20160816; b=mR5WAMUu5Dzgdj8ioftDffyOwplwF8Q7vYdSLwPeXSkahmNCHHK19j6qKyEG/S/cYA WK0Vh/1oBvJ7ojVmPbfDrnmqVOa+pHWvM4FtyvtojngNCHp3p02a6w9BP8mszJulYAZ4 jL56A4UmdbeN1JhpqKl+OOI3TzVm3TU7q/nOY7HGQOpJRY82UBFKwVvid6BkTbbK1Q3O gJUro/QNMHHV85Qs6TSsFLCuVyW81wKsStA6LwUdd8UUz4TXArkW6Y3Pr7yGAEnQmrEr GMCpddfcOkRN8G3IJcMEKKmwnUuDrI7R7aShPdoKo4s3QmrdYzkDaYKJ6xyxPi/qumKc wEKw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=+u/WQhsQSTunRYvHOkyP37RJvYlQS92e+lD1MEnknm0=; b=tuHHw/azhMh+4VEn96KqmvPb6BURcGxfIwW7BHMPeoSjPj/UlWz1a6NO6VBNcq/yZj 2o0FPDTMXLUn0euiptzvYbj0QNvSBY022lwJzCNzQLiZtu6JY0ws+I6t/n7Ws2SYOdIV ZzwB55OzsB9kUc7Sqe1vjxDsqC5iSp1w968Ns5V8z65f06BGtvxK1k3XvVKu1w1d4kZl IVXkaPIV1nGWlz1l99/MmhByJJ/p3jIvD4tjG1p5KbzrErpRQy9qgy8Xa5cDN7i1ckcx DjXEi8ie393DJEe5ACHF32Cje4wVj7yGxY7qU2n/UmhAFTikR7vnVNcU/tyD5sJSy8pV X5pA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id oz19-20020a1709077d9300b0073d6e50e564si4402039ejc.348.2022.09.18.10.14.41; Sun, 18 Sep 2022 10:14:41 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7BE3268BB92; Sun, 18 Sep 2022 20:14:21 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at02-1.mx.upcmail.net (vie01a-dmta-at02-1.mx.upcmail.net [62.179.121.148]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 307B368BB10 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at02.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrw-0047Wn-IS for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:12 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtom0018s8UZxrwoH678; Sun, 18 Sep 2022 19:14:12 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrwoprDNOG5ZZxrwonHic; Sun, 18 Sep 2022 19:14:12 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e4 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=u4XmoYmZO0_MhMR3n0sA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:04 +0200 Message-Id: <20220918171410.31835-7-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfF2HMG47EhbXeicF2ElTeURRlJxsumEeX1rHC4CqCix3UrXTjhBVuorQGqC7Mx1oZFuD4pTXVI/6i+hEa29qK8iizAJjwJ0YB5Q/KB1pkBImB11Mo8Cc SGDNy8FESyJmA05wmEOm45ZQr8dZkF/LiCaUY/iM4n1gdFEC7bU4+FBgZ4xe2J6SxmSS8bEF5zjvKw== Subject: [FFmpeg-devel] [PATCH 07/13] avformat/sdsdec: Use av_rescale() to avoid intermediate overflow in duration calculation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: sfb3pDFRKPzG Fixes: signed integer overflow: 72128794995445727 * 240 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_SDS_fuzzer-6628185583779840 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/sdsdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/sdsdec.c b/libavformat/sdsdec.c index f98096dca98..d296500beca 100644 --- a/libavformat/sdsdec.c +++ b/libavformat/sdsdec.c @@ -112,7 +112,7 @@ static int sds_read_header(AVFormatContext *ctx) st->codecpar->codec_type = AVMEDIA_TYPE_AUDIO; st->codecpar->ch_layout.nb_channels = 1; st->codecpar->sample_rate = sample_period ? 1000000000 / sample_period : 16000; - st->duration = (avio_size(pb) - 21) / (127) * s->size / 4; + st->duration = av_rescale((avio_size(pb) - 21) / 127, s->size, 4); avpriv_set_pts_info(st, 64, 1, st->codecpar->sample_rate); From patchwork Sun Sep 18 17:14:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38011 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp790976pzh; Sun, 18 Sep 2022 10:15:07 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4t0p4RpseLEPMx88MZA77//qZGWCelMnoT3Ux5203keQM36XOqQCUy9pv2xUMoVqVkz6KK X-Received: by 2002:a17:907:9815:b0:780:cec0:fb0d with SMTP id ji21-20020a170907981500b00780cec0fb0dmr6353141ejc.202.1663521307170; Sun, 18 Sep 2022 10:15:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521307; cv=none; d=google.com; s=arc-20160816; b=plDoxj3Ar1dWKQeHNe5U0EOwZm0AwqLmQQ08VwHuozwDxVodXkSLN8h4qLa9BoARWD +a2ygcTF4kYVEZeX7EpS4vNkS2reDms1GL4TqX3P9NK7YIAkRbLIZY3EtDa06mRhapki PGHO1sCdQBiGswQCS5La1KZ9zXjPpQi3A4DdmFzGewGITF/ibFkMnqVi2Mqkwjl0YVlV 1oECezS/TRN1vVqUR7STbx/eZEhwpoKaWrYHfBghfef9w0K5si+jUaN81XdxxvbBBvvs KJ1VEr4SvrqWvKHFP3Xh/TtiSt/oPqWwf2KpM1pK0TvJpzJgsm/YfZJpkVS0Lqu81vRQ QJ0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=VHOK+LAgz8nGSAkFthjh8TzeSWV8Tyaglchd9xYegok=; b=SutmTC9nuDHEYUF++lkgscSZXT64H3rbDo4p/6rcDEw9Yo55ffA/sZ8gUJhpCM2Wgh 3IidUXJ269QtjhFwDg5PAt9RpG3e36y76+Brh+mi5mzRTEY26Yk/PIUugm2UQD0HlVMC cJjxj1sBv2wQ9d6fNXHJsfKYre+vQwHOavmHcXd6vICgUKcy9du9yCbHmN37ounlugy5 +wWGJLNeiUnEApDNplsJZFTpBHtAs3j+Cz00HTfhgLH1YiUImY3P0W5BHNtA+s2jlBA1 pqj9Y9CNswxtjdveWSqOdeLfO1lqB/jxNlmoBzIL3nFycH32igidNU558xseFpnF5s4b TH1Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t18-20020a056402525200b00451729caaaesi9065261edd.8.2022.09.18.10.15.06; Sun, 18 Sep 2022 10:15:07 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2116568BB2C; Sun, 18 Sep 2022 20:14:24 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at03-1.mx.upcmail.net (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 339B768BB16 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrw-00EpEO-ON for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:12 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtom0098s8UZxrwoH679; Sun, 18 Sep 2022 19:14:12 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrwoprDROG5ZZxrwonHif; Sun, 18 Sep 2022 19:14:12 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e4 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=rbvMADxVwRBv073jqQIA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:05 +0200 Message-Id: <20220918171410.31835-8-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfF2HMG47EhbXeicF2ElTeURRlJxsumEeX1rHC4CqCix3UrXTjhBVuorQGqC7Mx1oZFuD4pTXVI/6i+hEa29qK8iizAJjwJ0YB5Q/KB1pkBImB11Mo8Cc SGDNy8FESyJmA05wmEOm45ZQr8dZkF/LiCaUY/iM4n1gdFEC7bU4+FBgZ4xe2J6SxmSS8bEF5zjvKw== Subject: [FFmpeg-devel] [PATCH 08/13] avformat/xwma: Use av_rescale() for duration computation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 4i14G9YCxNc2 Fixes: signed integer overflow: 34242363648 * 538976288 cannot be represented in type 'long' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6577923913547776 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/xwma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/xwma.c b/libavformat/xwma.c index c16ff1be634..12689f37fd7 100644 --- a/libavformat/xwma.c +++ b/libavformat/xwma.c @@ -278,7 +278,7 @@ static int xwma_read_header(AVFormatContext *s) * the total duration using the average bits per sample and the * total data length. */ - st->duration = (size<<3) * st->codecpar->sample_rate / st->codecpar->bit_rate; + st->duration = av_rescale((size<<3), st->codecpar->sample_rate, st->codecpar->bit_rate); } fail: From patchwork Sun Sep 18 17:14:06 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38010 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp790919pzh; Sun, 18 Sep 2022 10:14:58 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5zl4BIwq2C16aEIXvA4xjQJMqyXee6/V5/DFDhR+Qqkd7j/bhUetuMAsTaxnT8IEfVSgZT X-Received: by 2002:a17:907:1df1:b0:779:4f57:6bb2 with SMTP id og49-20020a1709071df100b007794f576bb2mr10413152ejc.407.1663521298008; Sun, 18 Sep 2022 10:14:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521298; cv=none; d=google.com; s=arc-20160816; b=bdwelcVFm+ncDCUl5bZmP2c8zBysMTdhBLLEPGDzFwykOyOtDZ/rm5s/XHFqQ/BjEM ERnC6Tr7aIl4q4JsFqwCkAVTJrvk9Zmgb680aFQXsW3rtHJZU/iTVLXK3mNjK2b8g3Le kRJW4BqWyU9lGXAKkaZmDfXt1B3/j9iiAisJ3Rq7vtIfOuqc1qtpY+XDLbNylr13+k2/ Ev4owuPC64Q8BffV4tNzWWxr2lKHhwZybZZykd0tqlK88cDoJhqAjjUhPPKu3oUVx2my tkvv90MvG+Yd3wM5Fh0jV2uaZz6ndGv+HeOMg9Ae8X0YUS/yE5LinUsQ1mwOCxSQ4bWC Vh9w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=mbSUzZRCevDxEYuP06G82hFbovAjbo+Mg4MMyZnpnrI=; b=Wm3hjXYGycYt5wid4ewL0E7JYvp1UO44MxJgobZOZ6E8V3I7YbU0gNj9zU8VO9sfHP 64T3xcq6IcgMv3qIEOnSmR91I68k5jn+EyE6r/FzH6nfpFkEJNy4vtC/lsfpQocYIkaS mURq3G4i94A0hk9+AMRQ043ApzFYRRBJoy38kDigGeMl4E6VpodiIeT3096aEc+0jl7n +n5yjL5Heemkb7+5BWwy1GPbOcFddniG6aK30F2N0Aw1ft3KdlAp445Hi7LCPJ1tzchQ c7Z/K67AsQJyUjItTgVtJj1B87nZqlD6p/aNv1GxxbLQwMRpnHo4s6rjhJHxoWkug8dJ 2Uxg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id xc1-20020a170907074100b007806a566bc2si10246300ejb.457.2022.09.18.10.14.57; Sun, 18 Sep 2022 10:14:57 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4690468BB99; Sun, 18 Sep 2022 20:14:23 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at03-1.mx.upcmail.net (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 5F2AB68BAB9 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrw-00EpF3-UQ for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:12 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtolzzy8s8UZxrwoH67A; Sun, 18 Sep 2022 19:14:12 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrwoprDWOG5ZZxrwonHig; Sun, 18 Sep 2022 19:14:12 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e4 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=szEW-crVBjs0wOCdKpIA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:06 +0200 Message-Id: <20220918171410.31835-9-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfF2HMG47EhbXeicF2ElTeURRlJxsumEeX1rHC4CqCix3UrXTjhBVuorQGqC7Mx1oZFuD4pTXVI/6i+hEa29qK8iizAJjwJ0YB5Q/KB1pkBImB11Mo8Cc SGDNy8FESyJmA05wmEOm45ZQr8dZkF/LiCaUY/iM4n1gdFEC7bU4+FBgZ4xe2J6SxmSS8bEF5zjvKw== Subject: [FFmpeg-devel] [PATCH 09/13] avformat/rpl: Use 64bit for duration computation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: NvsfRMR42fLp Fixes: signed integer overflow: 24709512 * 88 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-6737973728641024 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/rpl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/rpl.c b/libavformat/rpl.c index d025589bfc3..3ef6fda3862 100644 --- a/libavformat/rpl.c +++ b/libavformat/rpl.c @@ -279,7 +279,7 @@ static int rpl_read_header(AVFormatContext *s) error |= read_line(pb, line, sizeof(line)); // size of "helpful" sprite if (vst) { error |= read_line(pb, line, sizeof(line)); // offset to key frame list - vst->duration = number_of_chunks * rpl->frames_per_chunk; + vst->duration = number_of_chunks * (int64_t)rpl->frames_per_chunk; } // Read the index From patchwork Sun Sep 18 17:14:07 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38014 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp791147pzh; Sun, 18 Sep 2022 10:15:31 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7y58qPppwmT0sOQM2jkfKFqen7Gy6mtRaRCqacKrJ7OvxiImQ33roCha+tBECTjgV9LneV X-Received: by 2002:a50:c8c3:0:b0:44c:5cb6:5484 with SMTP id k3-20020a50c8c3000000b0044c5cb65484mr12258556edh.285.1663521331273; Sun, 18 Sep 2022 10:15:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521331; cv=none; d=google.com; s=arc-20160816; b=eLiTe+jpHLnJLrJQ2+NqryN8DMu8d/gW45FTMKQE+mVwlHwmLD25a2VbdGoMLGwhg1 h3ItkekEPUBdJAqtJmwhH5j+rs1sW+9gz2rQnQC0FLhWiC9F4VW79XI+nMJAgpk1q84D 4hSwXKA8+Yv1HWwFzrMvaRer3mu5uxjE0o3wq4bWcHlS08wwnrrd3Ye6BRvGvLKHt8sF /Cw0FF1fu5+DNeeWdEEu2wzJ3SPgEF/OHG745/qR1sOVmjIRmlk7AGfcDcyKfBrJ3VYg KAsz99+p6pNyj8tUjYEbYAtsc/9AV60IlpIRlJxVGhoKEvmTn+3Td7ZcbPu0BKGFmgDe gXLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=F/bOgiJhSWggnhwr8vBghNsNksIW8/M1KotVd9qiyxk=; b=J/STNms8floM8HpgoZ7T8wtojNgrXCIqCbnQXgLSeBZXb4jCiF2j/KTMCOnKYv4/aY 7W4eaV4yfWaY1uPATkg8lpzZbmGtSngO+z2Vcu8HCySeUO59dlU8W/N+/35XEjgaxEYN +bIAQ3mdJOva4yNQRx+3wfWv4a260M+8zVEOeRkTy++mQav85zLaP+tymoVpOsm72LDF f42W4jM5iW3b7gWsmFchVw+oYTNe43h3GJZuVwLDtNENrpqzNFYJd2YsUmwM3p2VzPYp 44ye9BN5y4/p8kaYLHIJFISLYoI7JUg1p9JkqZPAupiTxCSFBMF+xh2yBwsRHme9LcMH 1iOA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id z1-20020a05640240c100b00446190ccceesi9246142edb.10.2022.09.18.10.15.30; Sun, 18 Sep 2022 10:15:31 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F282968BBB4; Sun, 18 Sep 2022 20:14:26 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at03-1.mx.upcmail.net (vie01a-dmta-at03-1.mx.upcmail.net [62.179.121.151]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 92B4968BAB9 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at03.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrx-00EpEO-4a for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:13 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtom0058s8UZxrxoH67C; Sun, 18 Sep 2022 19:14:13 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrwoprDYOG5ZZxrxonHih; Sun, 18 Sep 2022 19:14:13 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e5 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=NshO9-A1oeDdFREysYEA:9 a=gwxJs2bdBLB-eNNpozNY:22 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:07 +0200 Message-Id: <20220918171410.31835-10-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfDbd5uOikFynSxtcRSdV7B3YQPfN2yNcUeVdyOi4L3ghNI+dmAB/widXj3Yt8dy6gVCIJOfoL2QXr2T8rMztHUDDxKZvjB6j6Rpq9ZA5v9kzp1ia7DSg Wapp+4xdzDUAurop/nMq9tLLeCRI4Kx8GVkrVJPIElWgQuuy+GSfsI+B53cnSgDriDwmBX9qBzW1bg== Subject: [FFmpeg-devel] [PATCH 10/13] avformat/vividas: Check packet size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 49LB6KTBAvru Fixes: signed integer overflow: 119760682 - -2084600173 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_VIVIDAS_fuzzer-6745781167587328 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/vividas.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/libavformat/vividas.c b/libavformat/vividas.c index e9954f73ed0..22f61db7576 100644 --- a/libavformat/vividas.c +++ b/libavformat/vividas.c @@ -643,7 +643,9 @@ static int viv_read_packet(AVFormatContext *s, if (viv->current_audio_subpacket < viv->n_audio_subpackets) { AVStream *astream; - int size = viv->audio_subpackets[viv->current_audio_subpacket+1].start - viv->audio_subpackets[viv->current_audio_subpacket].start; + int64_t size = viv->audio_subpackets[viv->current_audio_subpacket+1].start - (int64_t)viv->audio_subpackets[viv->current_audio_subpacket].start; + if (size < 0 || size != (int)size) + return AVERROR_INVALIDDATA; pb = viv->sb_pb; ret = av_get_packet(pb, pkt, size); From patchwork Sun Sep 18 17:14:08 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38015 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp791193pzh; Sun, 18 Sep 2022 10:15:39 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4RrqTlXeumq8N+jufjf8Iivhfmw5BgiynCgd3kvOgjDIii4lhZnNA3gCr/lu7hs08ci0AG X-Received: by 2002:a05:6402:b6c:b0:44e:2faf:1ba4 with SMTP id cb12-20020a0564020b6c00b0044e2faf1ba4mr12305739edb.191.1663521339512; Sun, 18 Sep 2022 10:15:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521339; cv=none; d=google.com; s=arc-20160816; b=MlD/uZX0LuAx+s+w8ILCDz38eWD51M8efUbNYpTp+Ki1jBoARKK/0WR5CauAo25hOZ qHhdraoAA3NF5AjIXgmHHY0W42N8Dv/OIhvE2sESGr28WyIzd6dFtQGErFOICzIjQlAY VFID/YiwkqrBhnd5073VQ3LQWy1Fr3cCaMWZkNTxbX9aGtVXKfpfXG4my1CgWf3G/kd6 iQ9hDHCwVBYJtYFFkDT5WpnXxw1YA2bQNvmHsZv2FQkBLzyw+s4mrdi48MmNQn1UH37i yogj0JXJqqIP5S2Cn4+nzWyU/PvAQlySs5Mu13FSNST3QR2bHV+hS+zidlthXoJI7Kak Ge+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=1lAZIrsPQFjyRyFt27sRa5HZGWAjUSIu4MPV5Jemqxw=; b=rxB94nuoi098dT7JpozpxmeDUK7HDyONyH+x8XgflWZowI1xygyWwZvL6YTucpH+++ x+UbpT0Y+E4gZavhQ5PzhPidbgm59jAl11EgMHRwWSG9dd3crlaFMZgpbChKhjPunPE2 LHYqzev5PXZT6m973oAat76FrqKPDTA5kGzMbM5ALLPJy3BI3FE5KijxU8+C+NJD8+ej g4AhjlJIqpW4jju27LHiD/NeDcbZ37PEKUzdgJ+LU5AayIuilGLOBysbEsWhfGmDdeWC DiPhpb2oyJCgcKqAShZuq+iVaJXY6DM2Xjhdxf2TkIT9SkrU2ZGNCNXjip9iT6L4mXyH tkjQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id t19-20020a056402525300b00451fabfd89csi8468929edd.552.2022.09.18.10.15.39; Sun, 18 Sep 2022 10:15:39 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0D53C68BBCA; Sun, 18 Sep 2022 20:14:28 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at02-1.mx.upcmail.net (vie01a-dmta-at02-1.mx.upcmail.net [62.179.121.148]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C189F68BAB9 for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at02.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrx-0047Wn-Am for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:13 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtolzzr8s8UZxrxoH67E; Sun, 18 Sep 2022 19:14:13 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrxoprDfOG5ZZxrxonHii; Sun, 18 Sep 2022 19:14:13 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e5 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=tDVPisFFTa73rHJEf_oA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:08 +0200 Message-Id: <20220918171410.31835-11-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfDbd5uOikFynSxtcRSdV7B3YQPfN2yNcUeVdyOi4L3ghNI+dmAB/widXj3Yt8dy6gVCIJOfoL2QXr2T8rMztHUDDxKZvjB6j6Rpq9ZA5v9kzp1ia7DSg Wapp+4xdzDUAurop/nMq9tLLeCRI4Kx8GVkrVJPIElWgQuuy+GSfsI+B53cnSgDriDwmBX9qBzW1bg== Subject: [FFmpeg-devel] [PATCH 11/13] avformat/spdifdec: Use 64bit to compute bit rate X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: k0tlM3li8udN Fixes: signed integer overflow: 32 * 553590816 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WAV_fuzzer-6564974517944320 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/spdifdec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/spdifdec.c b/libavformat/spdifdec.c index 2af75ca9dbd..672133581a8 100644 --- a/libavformat/spdifdec.c +++ b/libavformat/spdifdec.c @@ -226,7 +226,7 @@ int ff_spdif_read_packet(AVFormatContext *s, AVPacket *pkt) if (!s->bit_rate && s->streams[0]->codecpar->sample_rate) /* stream bitrate matches 16-bit stereo PCM bitrate for currently supported codecs */ - s->bit_rate = 2 * 16 * s->streams[0]->codecpar->sample_rate; + s->bit_rate = 2 * 16LL * s->streams[0]->codecpar->sample_rate; return 0; } From patchwork Sun Sep 18 17:14:09 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38005 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp791246pzh; Sun, 18 Sep 2022 10:15:47 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5/d8qApEspH3RXOUIdFnLaBfZdET73MsCZSAyRKwDJCvsMKLMh/Qb2EBDp1gIPVfr/ig0Z X-Received: by 2002:a17:907:845:b0:731:2f6c:6dbd with SMTP id ww5-20020a170907084500b007312f6c6dbdmr10097521ejb.551.1663521347671; Sun, 18 Sep 2022 10:15:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521347; cv=none; d=google.com; s=arc-20160816; b=wWw/6Fqb7IX+LOtmYvIhOJ8ZJukhmGDqqV1HpukVJoUvGXLV74UrDea1uqBIIiQZ6r +JI/ufXFNjRaEHWqYfCQtEh8HNnyGiiBUcCB3+AhZqj05EuOjoAa34poiSkWIlloxO3T rw53Oqh7s0/Cwm+w7BygdJXBxsWhsLkj7r7avcOg8m+1PTyXaCG01RTdDJu5eqxELGYc s29JArBYpxf5eSr8V+BumNLubzIfmeXMahrIiIYoMJ7nA8zZ5NzR0YaeK5yE9b1FjCRZ 5dxsu+bQ1bjePBlMqrmnEqGi+V0gZPJMnijMAdmS0QCxrKpP8WzZNJHNC/AM+dlNkT/u WihQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=P+ijITAUGDkuHcfFriaRHCSduCw0Jdcol3F2R5KsQ24=; b=vNFLntxWcmKXrUh1Jg09xLKcjCdM0A3dSQCMHeefjZrK9W9ajkjUmg1eBrnL9WV+Fp TT/vt261sj5ImhyPxL23VhYHhjROUJsRlWmeKwCN/nxLHiXksOEVdFFUfjlBlc5aJI7t 4uIVPNbaiA1i7WMcNP1IyB9V2EXhcVgw4MKlCHcFcXdpBhZ/oYDBYBphOtW90AYWHyZy Ja/Ns2OhUIuFzP4paQrNCsj7FKPeXYcPNQrI++LyAuO74PmG0B5IjBVupyYGZP8AT5PQ P3uq7MmGKst//Tk+xleiugcgPdST2XcQGhbTs9yX03ZXaHqxE841XmEv/dSK2zSS7lh1 SJgA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id qf26-20020a1709077f1a00b0073bebc45090si19130130ejc.392.2022.09.18.10.15.47; Sun, 18 Sep 2022 10:15:47 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2E21268BBD5; Sun, 18 Sep 2022 20:14:29 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at01-3.mx.upcmail.net (vie01a-dmta-at01-3.mx.upcmail.net [62.179.121.147]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EAEBB68B96F for ; Sun, 18 Sep 2022 20:14:13 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at01.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrx-00Hane-Fz for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:13 +0200 Received: from ren-mail-psmtp-mg01. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxrtolzzs8s8UZxrxoH67F; Sun, 18 Sep 2022 19:14:13 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg01. with ESMTP id ZxrxoprDmOG5ZZxrxonHik; Sun, 18 Sep 2022 19:14:13 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=KJo5sHJo c=1 sm=1 tr=0 ts=632751e5 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=vQp9cOZCSIj9pZDBZ8kA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:09 +0200 Message-Id: <20220918171410.31835-12-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfDbd5uOikFynSxtcRSdV7B3YQPfN2yNcUeVdyOi4L3ghNI+dmAB/widXj3Yt8dy6gVCIJOfoL2QXr2T8rMztHUDDxKZvjB6j6Rpq9ZA5v9kzp1ia7DSg Wapp+4xdzDUAurop/nMq9tLLeCRI4Kx8GVkrVJPIElWgQuuy+GSfsI+B53cnSgDriDwmBX9qBzW1bg== Subject: [FFmpeg-devel] [PATCH 12/13] avformat/matroskadec: Error out if a timestamp is beyond duration X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: tk1SpXYkcT6y Maybe timestamp / duration validity should be checked earlier Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WEBM_DASH_MANIFEST_fuzzer-6586894739177472 Fixes: signed integer overflow: 0 - -9223372036854775808 cannot be represented in type 'long' Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/matroskadec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/matroskadec.c b/libavformat/matroskadec.c index 16a3e936110..8b079e11104 100644 --- a/libavformat/matroskadec.c +++ b/libavformat/matroskadec.c @@ -4009,7 +4009,8 @@ typedef struct { /* This function searches all the Cues and returns the CueDesc corresponding to * the timestamp ts. Returned CueDesc will be such that start_time_ns <= ts < - * end_time_ns. All 4 fields will be set to -1 if ts >= file's duration. + * end_time_ns. All 4 fields will be set to -1 if ts >= file's duration or + * if an error occurred. */ static CueDesc get_cue_desc(AVFormatContext *s, int64_t ts, int64_t cues_start) { MatroskaDemuxContext *matroska = s->priv_data; @@ -4028,6 +4029,8 @@ static CueDesc get_cue_desc(AVFormatContext *s, int64_t ts, int64_t cues_start) } } --i; + if (index_entries[i].timestamp > matroska->duration) + return (CueDesc) {-1, -1, -1, -1}; cue_desc.start_time_ns = index_entries[i].timestamp * matroska->time_scale; cue_desc.start_offset = index_entries[i].pos - matroska->segment_start; if (i != nb_index_entries - 1) { From patchwork Sun Sep 18 17:14:10 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 38016 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:3b1c:b0:96:9ee8:5cfd with SMTP id c28csp791321pzh; Sun, 18 Sep 2022 10:15:56 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4D/og4U7b9SLE3BBX1hQJveqIDB1ZZGN3u7i7tB5QOimb91S8MMAnZBnWy8nFDz7c1jPaM X-Received: by 2002:a17:906:9752:b0:780:5b5f:3573 with SMTP id o18-20020a170906975200b007805b5f3573mr9780481ejy.497.1663521355955; Sun, 18 Sep 2022 10:15:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1663521355; cv=none; d=google.com; s=arc-20160816; b=WpMnhVMAnXT7UrCTLR3U0MAwoa8eN6bib48hq3mp5wTg5TRurp/VjVqw1wUX8JoQkk MX7hfTAxgASc6KXgCgT2twhjBnz6FgIWv3u2kysteFwtTJu/FrGhmpyuhIaBPf60XZNI lrIeXhlWFp2nF4I2dWYnyQ1LNslFrTLpKsH6dwSQ6/iGz+oznqtZBU3sfTqYgAOYJm8K 6PcpjF/IriqRgY61mdubTrk3/XZhEp4APGi6NU0B2KTc6lEbtjcBPphrfWpNeDKuwB6O XGGwHgRg63vGaW3ZVddwxWB8l6bw03RPMfdwFhrAk/7Rm6wCd99ZuTbHQ537xL/1MfK2 c6uQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:references:in-reply-to:message-id:date :to:from:delivered-to; bh=+rrON0vw0YtmgXA6M4mBt8lx7bCzaI/aENf6PURvUDY=; b=D/JzqTi3ko84/tNst9IbBHm/23NMmHwoT2IrE3lQtMhPZHS+6SMTPVgH/NzaPZur9x T5EBADzhPO2fzFTm1TIsPgbCaeQYWBzB15/nRE3khNdB5eaOwn5ZXg1JbOYW5wxe0R+G 4hhp0DvImEK8R5XQLwESA2TOyuM92sOMHpo5XstqqohqNeRwOvxOYVHH3GFqmR/unMNa xLNXgyzo1IGOlEo4l5c4pgi2sCo3AfGoW3rjahrKDySdFzv+6d53TrDiziyIw+LMlDtY uPLWYqMsmrzkEdmW4BGGYjhgZjHdlc7S1SEzPlXDz+iuuzeCnCNQzcsguz15UnPjhRue zJWQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id ht14-20020a170907608e00b007806fdd9797si8712927ejc.320.2022.09.18.10.15.55; Sun, 18 Sep 2022 10:15:55 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2368368BBE4; Sun, 18 Sep 2022 20:14:30 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from vie01a-dmta-at02-1.mx.upcmail.net (vie01a-dmta-at02-1.mx.upcmail.net [62.179.121.148]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4D99568BB45 for ; Sun, 18 Sep 2022 20:14:14 +0300 (EEST) Received: from [172.31.216.235] (helo=vie01a-pemc-psmtp-pe12.mail.upcmail.net) by vie01a-dmta-at02.mx.upcmail.net with esmtp (Exim 4.92) (envelope-from ) id 1oZxrx-0047Wn-Re for ffmpeg-devel@ffmpeg.org; Sun, 18 Sep 2022 19:14:13 +0200 Received: from ren-mail-psmtp-mg02. ([80.109.253.241]) by vie01a-pemc-psmtp-pe12.mail.upcmail.net with ESMTP id Zxruom0288s8UZxrxoH67I; Sun, 18 Sep 2022 19:14:13 +0200 Received: from localhost ([213.47.68.29]) by ren-mail-psmtp-mg02. with ESMTP id Zxrxo4StAbZLDZxrxoJKIG; Sun, 18 Sep 2022 19:14:13 +0200 X-Env-Mailfrom: michael@niedermayer.cc X-Env-Rcptto: ffmpeg-devel@ffmpeg.org X-SourceIP: 213.47.68.29 X-CNFS-Analysis: v=2.4 cv=Ufwy9IeN c=1 sm=1 tr=0 ts=632751e5 a=2hcxjKEKjp0CzLx6oWAm4g==:117 a=2hcxjKEKjp0CzLx6oWAm4g==:17 a=MKtGQD3n3ToA:10 a=1oJP67jkp3AA:10 a=GEAsPZ9sns4A:10 a=NEAV23lmAAAA:8 a=X31LuYFbodU6tBhASqYA:9 From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 18 Sep 2022 19:14:10 +0200 Message-Id: <20220918171410.31835-13-michael@niedermayer.cc> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20220918171410.31835-1-michael@niedermayer.cc> References: <20220918171410.31835-1-michael@niedermayer.cc> X-CMAE-Envelope: MS4wfDbd5uOikFynSxtcRSdV7B3YQPfN2yNcUeVdyOi4L3ghKPwe+KsDCRHWPewzwA6ZXI/LKiigtVT6JaMIl7D9ww+3Q/YDzAQDFndgBv6UaCoz7qpVmUB+ OrpG0F5oIbKBJgD0erQayN25JT8fyhKT9+BX1xm1xHWmkhhnD9IXDr8VGVs2BXRyhRinhQD652Hdjg== Subject: [FFmpeg-devel] [PATCH 13/13] avformat/westwood_vqa: Check chunk size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: e6YqvfggWWyK Fixes: signed integer overflow: 2147483647 + 1 cannot be represented in type 'int' Fixes: 50993/clusterfuzz-testcase-minimized-ffmpeg_dem_WSVQA_fuzzer-6593408795279360 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: Michael Niedermayer --- libavformat/westwood_vqa.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/westwood_vqa.c b/libavformat/westwood_vqa.c index e3d2e2668c4..bd8df5e0b34 100644 --- a/libavformat/westwood_vqa.c +++ b/libavformat/westwood_vqa.c @@ -274,6 +274,8 @@ static int wsvqa_read_packet(AVFormatContext *s, return AVERROR(EIO); /* the decoder expects chunks to be 16-bit aligned */ + if (wsvqa->vqfl_chunk_size == INT_MAX) + return AVERROR_INVALIDDATA; if (wsvqa->vqfl_chunk_size % 2 == 1) wsvqa->vqfl_chunk_size++;