From patchwork Sun Oct 22 03:04:34 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nuo Mi X-Patchwork-Id: 44308 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:1b28:b0:15d:8365:d4b8 with SMTP id ch40csp699734pzb; Sat, 21 Oct 2023 20:05:14 -0700 (PDT) X-Google-Smtp-Source: AGHT+IHRg5rL0fD7Iq3kIyZ4ba+M5yq4I91HmEHyXmPNxeDH1SPOYLdcuI8HVYV7TB0auG7UNETM X-Received: by 2002:a05:6402:35d4:b0:53e:d14d:24b3 with SMTP id z20-20020a05640235d400b0053ed14d24b3mr4860827edc.35.1697943913855; Sat, 21 Oct 2023 20:05:13 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id u13-20020a50c04d000000b0053e4cec090asi2149566edd.486.2023.10.21.20.05.12; Sat, 21 Oct 2023 20:05:13 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=Bj7vx0th; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E76A868CA44; Sun, 22 Oct 2023 06:05:08 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from APC01-SG2-obe.outbound.protection.outlook.com (mail-sgaapc01olkn2093.outbound.protection.outlook.com [40.92.53.93]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2124468BD6B for ; Sun, 22 Oct 2023 06:05:02 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=jGtYlkguQvU+AbdaQjREhirWKEBBWYzrSqjoURUxah9c8xxhWrv2J6jfnakQSpSq/lbZZm2hGtBaA6R3ggmWZVGYMxPHTSiNkmUvRhTvxzSZFTBarwtj88xRXjVUv50qbBLrZ6MIGZ9W3WBWjbE50d7nnmSbBD/Oo5Bs7qNPTVmkGw961czs93J1EglVH2i6Mj4QnLFfWC845EA18lQ7uL5bwM3sCxERJbFdpQkYEYpaDNqyjKeP4iZVUfqjkB6bCnHOhU5NvXnGUCFimBQDt+d1Zej863ojQ8jL7A2jc2wbuKy1o6TLiPwZjUJSFYy80N7Dqiw0ubPxAKexi1mhLQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/sW4b0SaXJU0dmj3cenvJ/U+ZvHjA//n5vgdirzPAi4=; b=LYES0iAl5nipBwYtJa/2zCAO1AgdqGIQ2qI+c1nW/fqQInhTsc0yF0HFU5UVrwdNXNzgwJdABxGN+mQRCY9MFwfU1U587z4gRV1V2wmfO0oV/DPQQnIARGJ6qoWVBjC2sRCsrBtR4iQR+5O6bdloWZ1gQ7AqmT8HYQgUbhX5elRhsrShd/bYybE+j0btXyAPzapaJfrXMYKKzbfERcoK6hQtDmfbwLMLtNX4QrzXu242z8NXCE1CuQRe+MtN5A/wMjcf/ELbzl9WBSRZUAo6EouP3XyiYmRdlNARYmEXOkW06HAZuOsW5xdVvawV9yYe84WkxRkv7lms0i6WCm5tPQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/sW4b0SaXJU0dmj3cenvJ/U+ZvHjA//n5vgdirzPAi4=; b=Bj7vx0thENGwmn6Pe41Jw4McY0IEB3nsZfKZ6dcpIcszvGlLqUrqTCMjquoQUcEUc/L+5j15YuRLq2jq9znVuPxeVVtBobTfBCuORf7JN+wj65B3WOOVL8OsGdH+5rN88xqOpIwOfz4WV+Eq85CZsul2RD2wRA0eRwvIDC/ILhx6tf/95BR85q1jYK8MOXi5yD0iBEciqGSu6OxSPruporLAt8l+Ia0pZgSfSc+w3iyQ8+EoUjTIS/USeId+btXzYp/c3FCEYBOEnz+kyKzyxNYv0s/GIz8RXXxlL9PcC9X/7S9Vj4azkecDVVXk3S6pVE59yQ6+0vJrfPLYnA/reA== Received: from TYSPR06MB6433.apcprd06.prod.outlook.com (2603:1096:400:47a::6) by PSAPR06MB3959.apcprd06.prod.outlook.com (2603:1096:301:2a::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.26; Sun, 22 Oct 2023 03:04:55 +0000 Received: from TYSPR06MB6433.apcprd06.prod.outlook.com ([fe80::bec9:2820:41fd:3ac9]) by TYSPR06MB6433.apcprd06.prod.outlook.com ([fe80::bec9:2820:41fd:3ac9%6]) with mapi id 15.20.6907.025; Sun, 22 Oct 2023 03:04:55 +0000 From: Nuo Mi To: ffmpeg-devel@ffmpeg.org Date: Sun, 22 Oct 2023 11:04:34 +0800 Message-ID: X-Mailer: git-send-email 2.25.1 X-TMN: [vlTRImNs1van7zILcjGoATlq/nQIy7e8] X-ClientProxiedBy: TY2PR04CA0021.apcprd04.prod.outlook.com (2603:1096:404:f6::33) To TYSPR06MB6433.apcprd06.prod.outlook.com (2603:1096:400:47a::6) X-Microsoft-Original-Message-ID: <20231022030435.3438-1-nuomi2021@gmail.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 2 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: TYSPR06MB6433:EE_|PSAPR06MB3959:EE_ X-MS-Office365-Filtering-Correlation-Id: 6706e124-a0d3-45b7-4e3c-08dbd2abaa39 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: aDtyo7Mb8oBS9z/sei/4fL3BVBmyA9VFXC7/4Xn9DRP3txiiHIY6EYVCoRsbwsPxDjqcaM9woM+AFbpMuiVNP8ePmkCqg0INh6P3iThjQB9Ui4OaOdZ43st5kg0Vd4cRSNM90r+ZQtH+KVNN+uNt8vIlVlYatCTAjj+nVmknD/5I4sB38cPQYIRwB33c4SsF2h/RvkWlNmDlkpswbQJd46V29JXH5G/ca9/183RLZoIrE502PKMtPPMCcaU3MT3UQmGWKg29MBWAvpm6Qpv1wvP6vHOkUVgI+G85HQP7hEkJwdYXNrYzu19L6BbevTwmamQ+OyI7K2leRjF8kSAlZ77AbNM+eIU/gW6y5xnOpzVAOrzv0ki2O2n7+4l3vV3k1Fl6TmRpb4MTHqU7sQh34MLMICMFUGRAEYxFqJy4S01k5QkuzZev9knw4EdlCNiCduJXMUpKnQq11fndxWwWzyPMm5VNeTA1NI5zwASTh9fQHgZIjgJ/ba+sRYX0wmtRE2W49Ne7Xwp7RlRFQTx5Rw48bTv/kFFqdrmnXhy7v6cOhNZbf5JWdmeksyDj5UbEpcd/EBESN3kYe7bnhYauFhZxcxIATe8b3BzqrY8WWbSlB1zvucCDWHypV4S/Da9M X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: KK2k6ZNk1/8UbiqVWKHg9BuwQbOEWPs2e9EMXrbA2JpHabnraDeVjK7kiOe9Ivp6JgFBmbeicbfaVjTUHGI845/fxHv5EYGh5GIOPYkSotD/tUYcTnMJ36/5hpfxKYa3lFQBgenagjCY5NyjDNUzbOR6YeJdF6gdFQ2PfIezEylwSGxmt5NOPW3e+BcyHDGxrIlHWrB4OXKb4oUWoOgH4oj/luMUsQZs5pzYtOJin+/upi/wqFXScAVAFv6CepQY1qMmlO405Ct9525GIp67LWvHDH1EfpRKIx4Sp5/6quEF+Icppz5gIVDSvhSNclJlOjLP9W9Cv0frmdE0FG0/Dm13bQj8doTs504SvXuYC89IImT4wUNq+/EoRrfQuDxdB9Uz/d8OC2gYUSqx9bZLQppb+oZbBWS4kTcMMvmhGipWjLd7sD8XrKTs8sCULP55fpvgbFCNa72FYostL+OSdidmhgNceHaPRFTdz5RPQkGAlMKELYtPVcOmF0pBc6JQs39TpO3+Vb4EOxBJRdxIJ04XxonHVBy+PUznQQQgmOZodGEgdFzOca/w7OpzQf0JYr8AO0cdli1ebjxuO8Zvs+M3e6aGo8gpa7vlkRPwKRYrAIsUEurMBVgr4rMWjR3alhej3qycafvLZE93/l8c1HVx3Lg4fbmP7H3w+cLeaFNeFfxlyYNzpajhE35fvgB+70Q4jXuQ+yh+owPRXsYMhABKWmi+Y081ltCIRKTYyC4tQSAUBweqaSOsY95URQ99YU+IhtBNiz/4iaEKOM7/capEx/Tufg5NOoF/EwLhBv6DwivXDvGgZj4/xocDF+s0nOERf6D5SSCGlo9lljyDZFfjp6/BgQG2/ogeurziCAMRh9dt4mmC5ULpeJgSXL8MTj+ucOmFwzdFQTHm3cx6aCLpyCqOttdySEXrVjTwRGez2zzjYYMwhxrvWdHhCSaeMJfpHucRqdEbpZRYxaNB11LopcMibHC+kNLJNoybS57PCL1+A0q/GJDiJadncor/eTQxfRYYuhahWwGxc/FWNvcgDPGafDoJwdVVvjBVAjhLScK86hL2FxxH5amcF258K0tW60u5g4nVsU8HaehTie6rDf/YWsqGeRDCWGaCABAmZhYiP6HV1eO73FrHp9HAoQAs107FPDo87pWKjT3hxf9oRoIpfYybPxzygWVcP/FVgoSbDK2qgZ6hPnTKndtl4coSSX54tqZo5Z7QICbbgiLYUfE92uiEGXqmNxrUsyPkQnAk+8liFdmYhV0CLgpT X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6706e124-a0d3-45b7-4e3c-08dbd2abaa39 X-MS-Exchange-CrossTenant-AuthSource: TYSPR06MB6433.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2023 03:04:55.2877 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PSAPR06MB3959 Subject: [FFmpeg-devel] [PATCH] avcodec/cbs_h266: fix SPS VUI extension data leak X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Nuo Mi Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: EcpfRYnYZ8wY Fixes: VUI extension leak Fixes: 63004/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4928832253329408 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg --- libavcodec/cbs_h2645.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c index 470f60b95f..ef631a11fe 100644 --- a/libavcodec/cbs_h2645.c +++ b/libavcodec/cbs_h2645.c @@ -1979,6 +1979,13 @@ static const CodedBitstreamUnitTypeDescriptor cbs_h265_unit_types[] = { CBS_UNIT_TYPE_END_OF_LIST }; +static void cbs_h266_free_sps(FFRefStructOpaque unused, void *content) +{ + H266RawSPS *sps = (H266RawSPS*)content; + av_buffer_unref(&sps->extension_data.data_ref); + av_buffer_unref(&sps->vui.extension_data.data_ref); +} + static void cbs_h266_free_sei(FFRefStructOpaque unused, void *content) { H266RawSEI *sei = content; @@ -1989,7 +1996,6 @@ static const CodedBitstreamUnitTypeDescriptor cbs_h266_unit_types[] = { CBS_UNIT_TYPE_INTERNAL_REF(VVC_DCI_NUT, H266RawDCI, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_OPI_NUT, H266RawOPI, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_VPS_NUT, H266RawVPS, extension_data.data), - CBS_UNIT_TYPE_INTERNAL_REF(VVC_SPS_NUT, H266RawSPS, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_PPS_NUT, H266RawPPS, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_PREFIX_APS_NUT, H266RawAPS, extension_data.data), CBS_UNIT_TYPE_INTERNAL_REF(VVC_SUFFIX_APS_NUT, H266RawAPS, extension_data.data), @@ -2003,6 +2009,8 @@ static const CodedBitstreamUnitTypeDescriptor cbs_h266_unit_types[] = { CBS_UNIT_RANGE_INTERNAL_REF(VVC_IDR_W_RADL, VVC_GDR_NUT, H266RawSlice, data), + CBS_UNIT_TYPE_COMPLEX(VVC_SPS_NUT, H266RawSPS, cbs_h266_free_sps), + CBS_UNIT_TYPES_COMPLEX((VVC_PREFIX_SEI_NUT, VVC_SUFFIX_SEI_NUT), H266RawSEI, cbs_h266_free_sei),