From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id A523745D79 for ; Fri, 7 Jul 2023 01:14:20 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id BE72768C783; Fri, 7 Jul 2023 04:14:17 +0300 (EEST) Received: from mail-ot1-f44.google.com (mail-ot1-f44.google.com [209.85.210.44]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 13E8B68C6F0 for ; Fri, 7 Jul 2023 04:14:11 +0300 (EEST) Received: by mail-ot1-f44.google.com with SMTP id 46e09a7af769-6b7474b0501so1246403a34.1 for ; Thu, 06 Jul 2023 18:14:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1688692448; x=1691284448; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=oS0tVCQPD6xSiJ+0wp+Ip8t+XLGVjbURCt/ZN/b/Krg=; b=UtbrTdwE3mWlifOYKgkytEkuilOVb1VBLvq1BlNjPQSBawFb43MmatyKi/6/cYcxv8 mWk4gF00HKigNlthPoDHuyNyjhpKXunwSDi0npsgeBu1xczMmFRH/4SiWnL0NCQdONs0 GdEqGp2DmgzllYpEzvT2R31mftyf8I0zv4fmud1zekDyHSmTGGCL9pGO4cQG6+WYGT+H se13gDyePO6uR9HPyId4IJappQKkCNyZKnud5373m0Z3lxvALyuGfaTiiWjYXy5hZv+t 33AlSwKhJtxvY5GGJif77AFrMf8xVpl2y/pGBBmGaeUgcPieoBNNdTZI7jfLpni6M4DA V/Og== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688692448; x=1691284448; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=oS0tVCQPD6xSiJ+0wp+Ip8t+XLGVjbURCt/ZN/b/Krg=; b=kBUcaoDbcT4vXBJcsEUqnEZl4jbVQtCxE+S5cuTRz1msl/SKLjLefRNYv/k9LRE6nn CbEjC2ky4nSe+I+YBIkG3DJYauVO/UtDTPgwFh7pbu4REXYFxQSzblj3z/qm7TE//4XX bk/aGf0U0uKkUZ3RAPLMRZU15xdNWXMiHmnm6e0BewscUZ+uwWPaeKbwSv1MJPsPhlTS XB9arZJ051VGdu+71gtjapcvCjOUj3OEPTjGqV9Cx0PXmMJVvJvvaL0RkFM8wpe85M8S 7fxkjxhjXMnuIkySpQHWqnJs3nd70FoVfjHsFNhn1eO1aMgJkPPlsS0bTB3QMQd0kORB FZ1Q== X-Gm-Message-State: ABy/qLbu1qUeJdx4SRqy1C0OeAUseMhUHX/GbGMjO89shkEDwm6hxSXv sTiFYoCkUb+vTAAqhJIILy3J0ziLaPk= X-Google-Smtp-Source: APBJJlG+cNidNrn1OsuilSaFQWj6aDMtPKso602xlhLxDh8JxmNV0HsFenYjYZiLMa766pPCyoCXRg== X-Received: by 2002:a05:6870:8291:b0:1b3:e267:68ab with SMTP id q17-20020a056870829100b001b3e26768abmr4378487oae.53.1688692448381; Thu, 06 Jul 2023 18:14:08 -0700 (PDT) Received: from [192.168.0.12] (host197.190-225-105.telecom.net.ar. [190.225.105.197]) by smtp.gmail.com with ESMTPSA id e18-20020a9d5612000000b006b71d22be29sm1239403oti.18.2023.07.06.18.14.07 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 06 Jul 2023 18:14:07 -0700 (PDT) Message-ID: <07c0b550-e0f6-542b-9551-46b28a83ddc0@gmail.com> Date: Thu, 6 Jul 2023 22:14:08 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: From: James Almer In-Reply-To: Subject: Re: [FFmpeg-devel] [PATCH 2/3] avformat/evcdec: Check that enough data has been read X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 7/6/2023 6:08 PM, Andreas Rheinhardt wrote: > Fixes potential use of uninitialized values > in evc_read_nal_unit_length(). > > Signed-off-by: Andreas Rheinhardt > --- > libavformat/evcdec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/evcdec.c b/libavformat/evcdec.c > index 9886542311..0f464930f7 100644 > --- a/libavformat/evcdec.c > +++ b/libavformat/evcdec.c > @@ -162,6 +162,8 @@ static int evc_read_packet(AVFormatContext *s, AVPacket *pkt) > ret = avio_read(s->pb, buf, EVC_NALU_LENGTH_PREFIX_SIZE); > if (ret < 0) > return ret; > + if (ret != EVC_NALU_LENGTH_PREFIX_SIZE) > + return AVERROR_INVALIDDATA; There's a ffio_ensure_seekback() for EVC_NALU_LENGTH_PREFIX_SIZE bytes immediately before the avio_read() call. Shouldn't that be enough to guarantee that much can be read? Also, you can just pass ret to evc_read_nal_unit_length() below instead of adding this check here. It will return an error if it's < EVC_NALU_LENGTH_PREFIX_SIZE. > > nalu_size = evc_read_nal_unit_length(buf, EVC_NALU_LENGTH_PREFIX_SIZE); > if (!nalu_size || nalu_size > INT_MAX) _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".