From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id DFD624B8D7
	for <ffmpegdev@gitmailbox.com>; Thu, 18 Jul 2024 22:19:07 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 45B9968DB19;
	Fri, 19 Jul 2024 01:19:05 +0300 (EEST)
Received: from mail-pl1-f178.google.com (mail-pl1-f178.google.com
 [209.85.214.178])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 36EDC68D7AF
 for <ffmpeg-devel@ffmpeg.org>; Fri, 19 Jul 2024 01:18:59 +0300 (EEST)
Received: by mail-pl1-f178.google.com with SMTP id
 d9443c01a7336-1fb0d88fdc8so8290435ad.2
 for <ffmpeg-devel@ffmpeg.org>; Thu, 18 Jul 2024 15:18:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1721341137; x=1721945937; darn=ffmpeg.org;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id:from
 :to:cc:subject:date:message-id:reply-to;
 bh=V0kPxV+tdqc1OXDt7ve5gIBqBZ3xVqPEnzyq+YktfPY=;
 b=g2MtorHdi7kQqfLSWQ8U3emSCASc5EzXzzhI9CjGuPFaEU6Y1CaGah4tfEQeKJBDio
 Pxdin19M4hbeqY+LE8wgynCz0np//UNTl9BMPkAo1EzGgDyuqR8NPHQOH5XVOzhWjE1n
 AURPfGymZFlxgE3cO75s3JgyCVjYZQLSHeZ3+DqW/FSzCy8+yzLU46hRTYHIG7URGSD2
 BiiNAdhfYaVA4sdKChIs1OKNbH2809gxafEIS6vDlO+4wGLxdWWU6RbOgFJ5jcjTzeD4
 WZgn9LPmhfwVcWnDgYxtPFLGT7jGG7tnv3keuXQqN322+s4GHyG4V6DobuZPqQmibbB6
 G9zw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1721341137; x=1721945937;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=V0kPxV+tdqc1OXDt7ve5gIBqBZ3xVqPEnzyq+YktfPY=;
 b=k2UKtlmt/Cc/ziBlMmRC7NXiB3ohIkDWY84+GqgfVExy+fiE2lpHccH6+7C2z1HBYD
 /Xgi+O9Uf732Rnewu2O43ftDPu/CvK2uDZ0H4aZ8dADpZLLlJOP+rfdDxo3nd/C+7kjx
 22v+l2yW581pDyHWC3d7fgV7khA5YLLaC0a6l/BYdgTd7R/3OsGOCoTrN/pj7ljL7wNe
 hZhKNtfTxhGto2NITK7TWEiVdaWNzCHVGaaAUSgmC9oTxApLMx727ObVjGt3ptHCFI9T
 j3fYHqh0Bt8pONNEIKR2ZDCy+OiWsThuxhfEKQlxzYdhbUdCYFQQfYOMYBWLYlLNsu1A
 FemQ==
X-Gm-Message-State: AOJu0YxvWt5R9H12YSZLDoI3OV0zckdT/Tn979t3y0Hem7TPNSpviIlL
 o3RM+lTjXkxAvPKtRNmKe7szk5B2yGNFDmbbbaIS0SkxWBN4/Cg3qCDmcA==
X-Google-Smtp-Source: AGHT+IG7uiTINLMKwXL9LxkW8jWLh0pBGHVV+dVu8wh5WT33PpbvHIMrn+CmRrwjXiuUPSiLpWLYKA==
X-Received: by 2002:a17:903:234e:b0:1fb:46b8:62a with SMTP id
 d9443c01a7336-1fc4e71a020mr51657315ad.62.1721341136652; 
 Thu, 18 Jul 2024 15:18:56 -0700 (PDT)
Received: from [192.168.0.12] ([190.194.167.233])
 by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-1fd64b8d1bfsm754005ad.91.2024.07.18.15.18.55
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Thu, 18 Jul 2024 15:18:56 -0700 (PDT)
Message-ID: <12436ccb-ffd3-41b8-8c0f-0a694610c92e@gmail.com>
Date: Thu, 18 Jul 2024 19:19:17 -0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: ffmpeg-devel@ffmpeg.org
References: <20240718221606.3710874-1-michael@niedermayer.cc>
Content-Language: en-US
From: James Almer <jamrial@gmail.com>
In-Reply-To: <20240718221606.3710874-1-michael@niedermayer.cc>
Subject: Re: [FFmpeg-devel] [PATCH 1/2] avformat/mov: Check extradata in
 mov_read_iacb()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/12436ccb-ffd3-41b8-8c0f-0a694610c92e@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On 7/18/2024 7:16 PM, Michael Niedermayer wrote:
> Fixes: MemLeak
> Fixes: 69853/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-4660448545275904
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavformat/mov.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index ce95842ce58..82fce7ef5c1 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -897,6 +897,8 @@ static int mov_read_iacb(MOVContext *c, AVIOContext *pb, MOVAtom atom)
>   
>       st = c->fc->streams[c->fc->nb_streams - 1];
>       sc = st->priv_data;
> +    if (st->codecpar->extradata)
> +        return AVERROR_INVALIDDATA;

Maybe it's better to do like other atoms where we ignore duplicate 
entries (See mov_read_glbl(), used for h264/hevc/etc).

>   
>       sc->iamf = av_mallocz(sizeof(*sc->iamf));
>       if (!sc->iamf)
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".