From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 73BAF478FC for ; Fri, 27 Oct 2023 12:59:58 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 59CFC68CB89; Fri, 27 Oct 2023 15:59:51 +0300 (EEST) Received: from mailout1.w1.samsung.com (mailout1.w1.samsung.com [210.118.77.11]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9CE3B68CB40 for ; Fri, 27 Oct 2023 15:59:44 +0300 (EEST) Received: from eucas1p2.samsung.com (unknown [182.198.249.207]) by mailout1.w1.samsung.com (KnoxPortal) with ESMTP id 20231027125943euoutp01d8d51a26425f4207862d7e13151fa930~R_FYYEMgl0042000420euoutp01I for ; Fri, 27 Oct 2023 12:59:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 mailout1.w1.samsung.com 20231027125943euoutp01d8d51a26425f4207862d7e13151fa930~R_FYYEMgl0042000420euoutp01I DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=samsung.com; s=mail20170921; t=1698411583; bh=EvvRC6Pdgu80CLlNCgadYz3qf46aRZjORS8GeEBcuAM=; h=From:To:In-Reply-To:Subject:Date:References:From; b=ZLHO4AjygZciun2uaImafvOlwDTeKdXaalxmQPPXVQW0Lh9G9bzFJ1JIO1rcm2cbn RpKCzhnLUOcVfbTz5z+Jv5u7ygEkeOVtFGIdfQbfjkLncplD3QrDYERrqnGVw7rnZR 9mE0TqSKmaWBDd/YF6liEN/eCYgpIlryy0JWWU30= Received: from eusmges2new.samsung.com (unknown [203.254.199.244]) by eucas1p1.samsung.com (KnoxPortal) with ESMTP id 20231027125942eucas1p17cfdaac11c635836967cd53232002e3b~R_FX-oMVn1733017330eucas1p16 for ; Fri, 27 Oct 2023 12:59:42 +0000 (GMT) Received: from eucas1p2.samsung.com ( [182.198.249.207]) by eusmges2new.samsung.com (EUCPMTA) with SMTP id 01.93.11320.E34BB356; Fri, 27 Oct 2023 13:59:42 +0100 (BST) Received: from eusmtrp1.samsung.com (unknown [182.198.249.138]) by eucas1p2.samsung.com (KnoxPortal) with ESMTPA id 20231027125941eucas1p2d70aa8775f2981ef62411cd9437f5777~R_FW01_WG0141801418eucas1p2f for ; Fri, 27 Oct 2023 12:59:41 +0000 (GMT) Received: from eusmgms1.samsung.com (unknown [182.198.249.179]) by eusmtrp1.samsung.com (KnoxPortal) with ESMTP id 20231027125941eusmtrp1ab6b3440546fa26e53f8a9bdd75113c8~R_FW0LorU0957809578eusmtrp1t for ; Fri, 27 Oct 2023 12:59:41 +0000 (GMT) X-AuditID: cbfec7f4-993ff70000022c38-b0-653bb43e74fd Received: from eusmtip2.samsung.com ( [203.254.199.222]) by eusmgms1.samsung.com (EUCPMTA) with SMTP id 6B.CF.10549.D34BB356; Fri, 27 Oct 2023 13:59:41 +0100 (BST) Received: from AMDN5164 (unknown [106.210.132.171]) by eusmtip2.samsung.com (KnoxPortal) with ESMTPA id 20231027125941eusmtip24177fc582e3288b27e18c8bd6ada270f~R_FWjuK9E3258032580eusmtip27 for ; Fri, 27 Oct 2023 12:59:41 +0000 (GMT) From: "Dawid Kozinski/Multimedia \(PLT\) /SRPOL/Staff Engineer/Samsung Electronics" To: "'FFmpeg development discussions and patches'" In-Reply-To: <20231004225921.30287-4-michael@niedermayer.cc> Date: Fri, 27 Oct 2023 14:59:40 +0200 Message-ID: <013e01da08d5$73147df0$593d79d0$@samsung.com> MIME-Version: 1.0 X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQLBd/YEamG8pkZ17K4RTXJx2KX1+AEsidkcAtbTIgmubp/kYA== Content-Language: pl X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrJIsWRmVeSWpSXmKPExsWy7djP87p2W6xTDVZ91LL49ukMswOjx59F m1kCGKO4bFJSczLLUov07RK4Mho+xxUcl62Y8X0XUwPjZZkuRk4OCQETiQl9c5i6GLk4hARW MEqsmr+AHcKZxCRx5cZTVghnIpPE0g+/2GFadv87ClW1nFHi/aFpYAkhgTYmiR0/c0FsNoE8 icef1zKD2CICPhLd69ezgticAjYS37dfAosLC7gA9b4Hi7MIqErsudfPCGLzClhK7J99hwnC FpQ4OfMJC4jNLKAn8ezULChbW2LZwtfMEAcpSPx8uowVYpeTxNFfXxkhakQkbjxqYQQ5VEJg IofEydez2SAaXCTm/77GAmELS7w6vgXqMxmJ05N7gOIcQHaxxKF+BwizRuLQj3SICmuJt43H GSFsR4nGLauZIUr4JG68FYTYyicxadt0qDCvREebEISpItHXKQbRKCXxdNkc5gmMSrOQvDgL yYuzkLw4C8krCxhZVjGKp5YW56anFhvlpZbrFSfmFpfmpesl5+duYgSmhtP/jn/Zwbj81Ue9 Q4xMHIyHGCU4mJVEeCN9LFKFeFMSK6tSi/Lji0pzUosPMUpzsCiJ86qmyKcKCaQnlqRmp6YW pBbBZJk4OKUamIznbduRvPjAts8XhW+uSVXd+fWkqswOvxe9Rce/XohKUCpkLt2bI3vjLfcL wWDXZtFVqv/ONTM90RN7cKt5mZr7roQQpcbfFWcCPcpWnnyhyPCs6Ufrozq2K7dmfVlzTeT2 +YQLK2s1+5jPvxZft3pRSq9Y/SKjPc3BHGoxganKPO9aPZb9lfOS8ym97e/FOlFq8wde5abp +6d52H4QljIQExJ9xeDyIz5Z6aLR4jtTf/ss5flh9E9xGd/d3rK8S5UlG/U8czTWcuX/e5i9 LtFYQ7jns89Vnc9WH29UpmTWRaxxXrhv/8Y5V2K2Hfocn6gn/GByximDY7X/8n2kn88umZu+ +Xv8/BwRRubo3UosxRmJhlrMRcWJAA6AdVh8AwAA X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmpgkeLIzCtJLcpLzFFi42I5/e/4PV3bLdapBu/PSVp8+3SG2YHR48+i zSwBjFF6NkX5pSWpChn5xSW2StGGFkZ6hpYWekYmlnqGxuaxVkamSvp2NimpOZllqUX6dgl6 GWsbj7MVtIhWvPj1m6mBcYZgFyMnh4SAicTuf0fZuxi5OIQEljJKzFo8lRkiISWxdOkiRghb WOLPtS42iKIWJolD556BFbEJ5EisnT2RCcQWEfCR6F6/nhWiaC+jxOKWjWDdnAI2Et+3XwJr EBZwkXh/6D0riM0ioCqx514/WA2vgKXE/tl3mCBsQYmTM5+wgNjMAgYSSxb+YoKwtSWWLXwN dZ2CxM+ny1ghFjtJHP31lRGiRkTixqMWxgmMQrOQjJqFZNQsJKNmIWlZwMiyilEktbQ4Nz23 2FCvODG3uDQvXS85P3cTIzAqth37uXkH47xXH/UOMTJxMB5ilOBgVhLhjfSxSBXiTUmsrEot yo8vKs1JLT7EaAr020RmKdHkfGBc5pXEG5oZmBqamFkamFqaGSuJ83oWdCQKCaQnlqRmp6YW pBbB9DFxcEo1MG1cevTQngTLLgGVZVyK+2wDrfPsVA/aNuytS5L6dY4jhNF/6YJD1fNnaSbO U9vbxj+1JdjC6cOFztR1nj+eP7uRkZ8+/XPRxAM/b22Y3vtu78KZWziiNvhLphgFyj/a8yr1 d1rbo53/jHmmH5nSFrKu96eqSUDw4prngsqir2I3LZp++kB9/wO2TZJHLnaJ2dXEvf0lE6/1 OzKaveADq4DnU6u55/Jftx60ems39UfA0Z4F2Tdv3FViYzWaIz1Fo/XE9ReRDeffZNQtO2ks mBQapWzR6V1wI+P971uWpi/SFZnmJaZ6Hk+d/TXuhJj8WvU3fDnT/seWfLtps9PF0EVj87LK 84WuX3YK83hbyyqxFGckGmoxFxUnAgCaSSyfEwMAAA== X-CMS-MailID: 20231027125941eucas1p2d70aa8775f2981ef62411cd9437f5777 X-Msg-Generator: CA X-RootMTR: 20231004230007eucas1p16bf67b1c4e44ba243d5ae61e5d3b43aa X-EPHeader: CA CMS-TYPE: 201P X-CMS-RootMailID: 20231004230007eucas1p16bf67b1c4e44ba243d5ae61e5d3b43aa References: <20231004225921.30287-1-michael@niedermayer.cc> <20231004225921.30287-4-michael@niedermayer.cc> Subject: Re: [FFmpeg-devel] [PATCH 4/4] avcodec/evc_parse: Check tid X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: > -----Original Message----- > From: ffmpeg-devel On Behalf Of > Michael Niedermayer > Sent: czwartek, 5 pa=BCdziernika 2023 00:59 > To: FFmpeg development discussions and patches > Subject: [FFmpeg-devel] [PATCH 4/4] avcodec/evc_parse: Check tid > = > The check is based on not infinite looping. It is likely a more strict check can be > done > = > Fixes: Infinite loop > Fixes: 62473/clusterfuzz-testcase-minimized- > ffmpeg_BSF_EVC_FRAME_MERGE_fuzzer-5719883750703104 > = > Found-by: continuous fuzzing process > https://protect2.fireeye.com/v1/url?k=3Da44f565e-c532bcdd-a44edd11- > 74fe48600158-625c91e4183f7607&q=3D1&e=3D5e707773-ad1c-4987-a095- > 2350d52c5cd3&u=3Dhttps%3A%2F%2Fgithub.com%2Fgoogle%2Foss- > fuzz%2Ftree%2Fmaster%2Fprojects%2Fffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/evc_parse.c | 3 +++ > 1 file changed, 3 insertions(+) > = > diff --git a/libavcodec/evc_parse.c b/libavcodec/evc_parse.c index > 20b6849041a..8c0ef16f3ad 100644 > --- a/libavcodec/evc_parse.c > +++ b/libavcodec/evc_parse.c > @@ -178,6 +178,9 @@ int ff_evc_derive_poc(const EVCParamSets *ps, const > EVCParserSliceHeader *sh, > } else { > int SubGopLength =3D 1 << sps->log2_sub_gop_length; > = > + if (tid > 1 + av_log2(SubGopLength - 1)) > + return AVERROR_INVALIDDATA; > + > if (tid =3D=3D 0) { > poc->PicOrderCntVal =3D poc->prevPicOrderCntVal + SubGopLength; > poc->DocOffset =3D 0; int SubGopLength =3D 1 << sps->log2_sub_gop_length; if (tid > 1 + av_log2(SubGopLength - 1)) return AVERROR_INVALIDDATA; For the value of SubGopLength =3D 1 ( if sps->log2_sub_gop_length =3D 0; "= The value of log2_sub_gop_length shall be in the range of 0 to 5, inclusive" - ISO_IEC_23094-1-2020 7.4.3.1), we have av_log2(0). The value of the logarithm of 0 with any base (in this case, log2) is minus infinity (-inf) Perhaps we should consider changing the condition to: if (tid < 0 || tid > av_log2(SubGopLength)) return AVERROR_INVALIDDATA; > -- > 2.17.1 > = > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://protect2.fireeye.com/v1/url?k=3D30e716c0-519afc43-30e69d8f- > 74fe48600158-4965ec93628418ff&q=3D1&e=3D5e707773-ad1c-4987-a095- > 2350d52c5cd3&u=3Dhttps%3A%2F%2Fffmpeg.org%2Fmailman%2Flistinfo%2Fffmp > eg-devel > = > To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org > with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".