From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 5B75A478F4 for ; Fri, 27 Oct 2023 11:02:51 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 72EC368CBF0; Fri, 27 Oct 2023 14:02:48 +0300 (EEST) Received: from mailout1.w1.samsung.com (mailout1.w1.samsung.com [210.118.77.11]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3EB5868CBB3 for ; Fri, 27 Oct 2023 14:02:42 +0300 (EEST) Received: from eucas1p1.samsung.com (unknown [182.198.249.206]) by mailout1.w1.samsung.com (KnoxPortal) with ESMTP id 20231027110240euoutp0115f8f72bd4f6b4181f29606c9d395782~R8fMWVNTP0045500455euoutp01Q for ; Fri, 27 Oct 2023 11:02:40 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com 20231027110240euoutp0115f8f72bd4f6b4181f29606c9d395782~R8fMWVNTP0045500455euoutp01Q DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1698404560; bh=v10NzDWSbwu8mhFs3N7uaMHNuWI1cEhgtYOgzkXXBtc=; h=From:To:In-Reply-To:Subject:Date:References:From; b=hZ8br5g3jDb5BNzmmj+CnjA9QIeeQsCVRl4cumQhNC+bUiJHtaRKd3OGAzdLlU6OJ 2AywykxdjTpGXRYKDW1eE9jqr+OCYCoKMp/n0K3Wg9BBie0OtX6zjw6RKJx26MBK/9 Lqi5E+Vtd5q7th0yrbz5kpNAPIAuxe3hyILfAGWE= Received: from eusmges3new.samsung.com (unknown [203.254.199.245]) by eucas1p2.samsung.com (KnoxPortal) with ESMTP id 20231027110240eucas1p2122be06e65693d00d087cec29825ab61~R8fMI4-l41052310523eucas1p2v for ; Fri, 27 Oct 2023 11:02:40 +0000 (GMT) Received: from eucas1p1.samsung.com ( [182.198.249.206]) by eusmges3new.samsung.com (EUCPMTA) with SMTP id 70.21.37758.0D89B356; Fri, 27 Oct 2023 12:02:40 +0100 (BST) Received: from eusmtrp2.samsung.com (unknown [182.198.249.139]) by eucas1p1.samsung.com (KnoxPortal) with ESMTPA id 20231027110240eucas1p1c7c57bf9f3f7cf0020da7cb3042b032b~R8fLkMNxc1104011040eucas1p1C for ; Fri, 27 Oct 2023 11:02:40 +0000 (GMT) Received: from eusmgms2.samsung.com (unknown [182.198.249.180]) by eusmtrp2.samsung.com (KnoxPortal) with ESMTP id 20231027110239eusmtrp25117f3ed6f8bf8f52af2484d1c8440b6~R8fLjVk1E2951529515eusmtrp2Z for ; Fri, 27 Oct 2023 11:02:39 +0000 (GMT) X-AuditID: cbfec7f5-815ff7000002937e-eb-653b98d08ece Received: from eusmtip2.samsung.com ( [203.254.199.222]) by eusmgms2.samsung.com (EUCPMTA) with SMTP id 61.DA.25043.FC89B356; Fri, 27 Oct 2023 12:02:39 +0100 (BST) Received: from AMDN5164 (unknown [106.210.132.171]) by eusmtip2.samsung.com (KnoxPortal) with ESMTPA id 20231027110239eusmtip24c5628594acc7cb4d0bee9b065bf3550~R8fLOtT-q3107331073eusmtip2Y for ; Fri, 27 Oct 2023 11:02:39 +0000 (GMT) From: "Dawid Kozinski/Multimedia \(PLT\) /SRPOL/Staff Engineer/Samsung Electronics" To: "'FFmpeg development discussions and patches'" In-Reply-To: <20231012232759.5352-3-michael@niedermayer.cc> Date: Fri, 27 Oct 2023 13:02:39 +0200 Message-ID: <00e601da08c5$19e97240$4dbc56c0$@samsung.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGwSlkZIpKz3g0iSxrKrYb1T+oWTQF9paygAZFZ7PWwmHQXgA== Content-Language: pl X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrBIsWRmVeSWpSXmKPExsWy7djPc7oXZlinGlzYIGfx7dMZZgdGjz+L NrMEMEZx2aSk5mSWpRbp2yVwZczrTy64KFdx900rcwPjXdkuRg4OCQETiTMHqroYuTiEBFYw SlxY0M/axcgJ5Exikvh1XhkiMZFJ4ur9o2AJkIZzFxrZIRLLGSV+LvjIBuG0AXVMPAFWxSaQ J/H481pmEFtEwEeie/16sDingLXEvnfbWUBsYQEXiV1vDrOD2CwCqhLHr7SAxXkFLCUOb9jA CmELSpyc+QQsziygJ/Hs1CwoW1ti2cLXzBAXKUj8fLqMFWKXk8TRk9cYIWpEJG48amEEOU5C YCKHxMZVx9kgGlwkVs5tY4ewhSVeHd8CZctI/N85nwkSLsUSh/odIMwaiUM/0iEqrCXeNh5n hLAdJToeH2KBKOGTuPFWEGIrn8SkbdOZIcK8Eh1tQhCmikRfpxhEo5TE02VzmCcwKs1C8uIs JC/OQvLiLCSvLGBkWcUonlpanJueWmycl1quV5yYW1yal66XnJ+7iRGYGE7/O/51B+OKVx/1 DjEycTAeYpTgYFYS4Y30sUgV4k1JrKxKLcqPLyrNSS0+xCjNwaIkzquaIp8qJJCeWJKanZpa kFoEk2Xi4JRqYDI5c4hnn+uuPRXvzc5OjvspWnak+NshbZurStzTtxlrpp3PPMI/yV/+d0n8 gnkPJYLePowyeOHR5t2x3IN9cWHK1YMyy2c9XjMp5r/q7BzV4gc58z4mFlWfk0+VuNH3o35f fMNB3eN5GUkrlspeVDBujp9weatI1rVnKapredZYfzxwkcXpZsjmB+9KuSJP3ZnoYPpg5Q71 RKu7rf1NkWJWPYaTFlydn3ln0/2vS14waZ58bf/U2MDpgWj6iYgcJcGcGRu3n9TpyY2qTlVJ WHiIU//H7U2pThOO/v7HMH2Fx3XuGg3hZ7OkMpeeMUiSCOXUUp00X5tj7cPqx+xf3zUr/3vz f9spt9lS3/qSDk5WYinOSDTUYi4qTgQA+5wojHsDAAA= X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgkeLIzCtJLcpLzFFi42I5/e/4Pd3zM6xTDf63m1p8+3SG2YHR48+i zSwBjFF6NkX5pSWpChn5xSW2StGGFkZ6hpYWekYmlnqGxuaxVkamSvp2NimpOZllqUX6dgl6 GXtb1rAWfBOtWNR1jbmB8Z9gFyMnh4SAicS5C43sXYxcHEICSxkl2h++ZIRISEksXboIyhaW +HOtiw2iqIVJYs30FawgCTaBHIm1sycygdgiAj4S3evXs0IU7WaU6GuYwwaS4BSwltj3bjsL iC0s4CKx681hdhCbRUBV4viVFrA4r4ClxOENG1ghbEGJkzOfgMWZBQwkliz8xQRha0ssW/ia GeIiBYmfT5exQix2kjh68hojRI2IxI1HLYwTGIVmIRk1C8moWUhGzULSsoCRZRWjSGppcW56 brGRXnFibnFpXrpecn7uJkZgVGw79nPLDsaVrz7qHWJk4mA8xCjBwawkwhvpY5EqxJuSWFmV WpQfX1Sak1p8iNEU6LeJzFKiyfnAuMwriTc0MzA1NDGzNDC1NDNWEuf1LOhIFBJITyxJzU5N LUgtgulj4uCUamCa9N3t6Npmh4CKl0f+LFnoYLAsVsQhIkWAUcTl2q8glcyZE/lu3c6cfcrk wTnnvkmzD623f7Fm4oLQ5U8TTqStXMRwqsRM29g944CHxsFn5WEWNo3LelrbNcQiA/Z+7VIK ulM+Q+yU805+M6vpJ5WMjQ439yYvWd8tERBxuk5Lr1/8u/pCpiVLPvzSW1a6Uni+xd/K0BmX Wk+w5n6ays7t6eFh/fmS7VeRtjbJWQEbv+0+N1tvqby7Z8B3oVNPE+sNVs6evyUl4ZKQrP20 z5b7l5bfWfhc4sHpS1eszsT0snTu00lInra8zvkF68blm5coBGjYrNactWbrDaWiX4YfDTZF yb+tWJlUe+fiAY8bSizFGYmGWsxFxYkAnwz22RMDAAA= X-CMS-MailID: 20231027110240eucas1p1c7c57bf9f3f7cf0020da7cb3042b032b X-Msg-Generator: CA X-RootMTR: 20231012232829eucas1p1c53b05760758a881bfeca2caf8bb3e2a X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20231012232829eucas1p1c53b05760758a881bfeca2caf8bb3e2a References: <20231012232759.5352-1-michael@niedermayer.cc> <20231012232759.5352-3-michael@niedermayer.cc> Subject: Re: [FFmpeg-devel] [PATCH 3/3] avcodec/evc_parse: Check tid X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: > -----Original Message----- > From: ffmpeg-devel On Behalf Of > Michael Niedermayer > Sent: pi=B1tek, 13 pa=BCdziernika 2023 01:28 > To: FFmpeg development discussions and patches > Subject: [FFmpeg-devel] [PATCH 3/3] avcodec/evc_parse: Check tid > = > The check is based on not infinite looping. It is likely a more strict check can be > done > = > Fixes: Infinite loop > Fixes: 62473/clusterfuzz-testcase-minimized- > ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-5719883750703104 > Fixes: 62765/clusterfuzz-testcase-minimized-ffmpeg_dem_EVC_fuzzer- > 6448531252314112 > = > Found-by: continuous fuzzing process > https://protect2.fireeye.com/v1/url?k=3D06e4faf3-676fefea-06e571bc- > 74fe485cbfec-11816a289a0e9c00&q=3D1&e=3D16696cd9-38c1-42d0-9196- > 8ad7c6d1d0d6&u=3Dhttps%3A%2F%2Fgithub.com%2Fgoogle%2Foss- > fuzz%2Ftree%2Fmaster%2Fprojects%2Fffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/evc_parse.c | 3 +++ > 1 file changed, 3 insertions(+) > = > diff --git a/libavcodec/evc_parse.c b/libavcodec/evc_parse.c index > 255706ce61..43b8dabf8b 100644 > --- a/libavcodec/evc_parse.c > +++ b/libavcodec/evc_parse.c > @@ -174,6 +174,9 @@ int ff_evc_derive_poc(const EVCParamSets *ps, const > EVCParserSliceHeader *sh, > } else { > int SubGopLength =3D 1 << sps->log2_sub_gop_length; > = > + if (tid > (SubGopLength > 1 ? 1 + av_log2(SubGopLength - 1) : 0)) > + return AVERROR_INVALIDDATA; > + > if (tid =3D=3D 0) { > poc->PicOrderCntVal =3D poc->prevPicOrderCntVal + SubGopLength; > poc->DocOffset =3D 0; > -- > 2.17.1 > = int SubGopLength =3D 1 << sps->log2_sub_gop_length; if (tid > 1 + av_log2(SubGopLength - 1)) return AVERROR_INVALIDDATA; For the value of SubGopLength =3D 1 ( if sps->log2_sub_gop_length =3D 0; "= The value of log2_sub_gop_length shall be in the range of 0 to 5, inclusive" - ISO_IEC_23094-1-2020 7.4.3.1), we have av_log2(0). The value of the logarithm of 0 with any base (in this case, log2) is minus infinity (-inf) Perhaps we should consider changing the condition to: if (tid < 0 || tid > av_log2(SubGopLength)) return AVERROR_INVALIDDATA; > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://protect2.fireeye.com/v1/url?k=3D63dfcc8a-0254d993-63de47c5- > 74fe485cbfec-e9d44b0bcc16ae00&q=3D1&e=3D16696cd9-38c1-42d0-9196- > 8ad7c6d1d0d6&u=3Dhttps%3A%2F%2Fffmpeg.org%2Fmailman%2Flistinfo%2Fffmp > eg-devel > = > To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org > with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".