From patchwork Thu Apr 13 13:59:54 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Khirnov X-Patchwork-Id: 41145 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:4645:b0:e3:3194:9d20 with SMTP id eb5csp1270526pzb; Thu, 13 Apr 2023 07:00:15 -0700 (PDT) X-Google-Smtp-Source: AKy350YW2Fw29f40Ff1RCAUw8v3VYAkKkXW/aRIEeUWbK0O3EnRwFySpSADjWLn8eYzkhAzDIJYQ X-Received: by 2002:a17:907:3e16:b0:91f:5845:4e3c with SMTP id hp22-20020a1709073e1600b0091f58454e3cmr3825307ejc.42.1681394415165; Thu, 13 Apr 2023 07:00:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1681394415; cv=none; d=google.com; s=arc-20160816; b=xZC2CWyOjID3IZw74UXPO5OIEU36/ovSbTrezbIDWYzgkox8c8UojFDJ22KRPmEU/c QsLtE2d1qENuioWq6QvDv8HmuV9S9LLM2bMAni8z5xVHg7Hsjd2O7/40YxsMi38FlzEH cIfq9WbEQS7LThZQvMlX7rN3iAP4x/rFDvGZepxH9nqKpTwf0yep2VEsLdoULU+LQ/WB NIjqd/oRA9kR/6XsNkptMgPRckI0nDI8mIbAdPtwF1MjsqzPd5+TmwdYDAxP/733OGvi 9VD2wFnQpSEfjKSFvk69GBLsfLsj4Pdtk6qdlqRtTW8QxUoTwYHx5whw62s988P4RJPm htpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :delivered-to; bh=6AUdCtiMZM0znSzdZP4w0tWLf6oRLgWgq/JkgjgDTVw=; b=IypEp2ocCwMlMFnm+VMDwLLuUD+oa4kWoeQGja8O9sAFcOHfGuKxPfqehO5YwY80dn OzvlXd1h5O53XAEwfWeWgBOQVO+TQTBNUFs068WukqWP/dEew7YcAlCWx53DBde7021V XaOGopsJGyvLaOjb01FNvR6iTUkb60ggm42w4qUN3lkyL8ZrO/x9PdjpeoGq3LU+8R9M nToSJauEm+kuO6WFM/2WH0G+XC6n/e+7yqG+vGX1qlDYUxlFvFjaSWtsV+e0NFh+HQp7 kVXowlSKB07n47sZxT3WkfLdt5Ay5KEczvQmWwUNeLs+Od/+O8/LXZbYwP9wXc4feiic IOsw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id j23-20020a1709064b5700b0094a9d9bdd90si1799926ejv.749.2023.04.13.07.00.13; Thu, 13 Apr 2023 07:00:15 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 209FE68BE84; Thu, 13 Apr 2023 17:00:10 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail0.khirnov.net (red.khirnov.net [176.97.15.12]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4A39068BE67 for ; Thu, 13 Apr 2023 17:00:03 +0300 (EEST) Received: from localhost (localhost [IPv6:::1]) by mail0.khirnov.net (Postfix) with ESMTP id 42B0C2404EE for ; Thu, 13 Apr 2023 16:00:02 +0200 (CEST) Received: from mail0.khirnov.net ([IPv6:::1]) by localhost (mail0.khirnov.net [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id hmhJJcqRdf4V for ; Thu, 13 Apr 2023 16:00:01 +0200 (CEST) Received: from libav.khirnov.net (libav.khirnov.net [IPv6:2a00:c500:561:201::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "libav.khirnov.net", Issuer "smtp.khirnov.net SMTP CA" (verified OK)) by mail0.khirnov.net (Postfix) with ESMTPS id 6B3852404EC for ; Thu, 13 Apr 2023 16:00:01 +0200 (CEST) Received: from libav.khirnov.net (libav.khirnov.net [IPv6:::1]) by libav.khirnov.net (Postfix) with ESMTP id 158313A038E for ; Thu, 13 Apr 2023 15:59:55 +0200 (CEST) From: Anton Khirnov To: ffmpeg-devel@ffmpeg.org Date: Thu, 13 Apr 2023 15:59:54 +0200 Message-Id: <20230413135954.26658-1-anton@khirnov.net> X-Mailer: git-send-email 2.39.1 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] fftools/ffmpeg: avoid possible invalid reads with short -tag values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ncsOiyGEtU6E Fixes #10319. --- fftools/ffmpeg_demux.c | 8 ++++++-- fftools/ffmpeg_mux_init.c | 7 +++++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c index b9849d1669..d89e28b9f6 100644 --- a/fftools/ffmpeg_demux.c +++ b/fftools/ffmpeg_demux.c @@ -736,8 +736,12 @@ static void add_input_streams(const OptionsContext *o, Demuxer *d) MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, ic, st); if (codec_tag) { uint32_t tag = strtol(codec_tag, &next, 0); - if (*next) - tag = AV_RL32(codec_tag); + if (*next) { + uint8_t buf[4] = { 0 }; + memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag))); + tag = AV_RL32(buf); + } + st->codecpar->codec_tag = tag; } diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c index 62e5643a04..aab423464c 100644 --- a/fftools/ffmpeg_mux_init.c +++ b/fftools/ffmpeg_mux_init.c @@ -610,8 +610,11 @@ static OutputStream *new_output_stream(Muxer *mux, const OptionsContext *o, MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, oc, st); if (codec_tag) { uint32_t tag = strtol(codec_tag, &next, 0); - if (*next) - tag = AV_RL32(codec_tag); + if (*next) { + uint8_t buf[4] = { 0 }; + memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag))); + tag = AV_RL32(buf); + } ost->st->codecpar->codec_tag = tag; if (ost->enc_ctx) ost->enc_ctx->codec_tag = tag;