From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 290F24BD62
	for <ffmpegdev@gitmailbox.com>; Thu, 28 Aug 2025 00:05:09 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'Y6tmKWyS1w4BUA0JAVgt1WjuVCMKJT3xqDYGP0MZ0WA=', expected 
   b'p/TO1eCw51C42HFA34ScAJbDNP+FrfUgvLcTD3foxOM=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1756339444; h=mime-version : to :
 message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=Y6tmKWyS1w4BUA0JAVgt1WjuVCMKJT3xqDYGP0MZ0WA=;
 b=Wn1n7yBxQI9snhID83lwDEGkjR5MRcRn8xMliiAj4LVnCMGdm9FmOZ8YcPNDLJg8iOk9J
 GL9U7lZ21HDlWiG8/fe5aPz1a0KfiwNldzE3HG9SYyH4Pc4LxXirqSMgVqO0mKpAGAfNYvT
 SJLHn19AtkeVE3rmu3MkkLtFVtC4uKDtC6/0ctwc93VJBR5NJue9khDuQSkLIJEcs94M8nL
 SHxgdhmOpbNJNTfWzdCpDAj0jf4YMAVsJJD0eCRt41fQ+cP7+oNHdLQLJUKWIenbIeUUmFr
 /JUIaU77pRw22bYZjvN3M00J26TP8p+Sm34b0K8fEnMvGDf51WsCNRI2Y7Ng==
Received: from [172.19.0.4] (unknown [172.19.0.4])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 7892568E7A0;
	Thu, 28 Aug 2025 03:04:04 +0300 (EEST)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1756339423;
 b=ROEtW/O6EcdjiJeh3Ik/ZgtyuPbDopeiwyxvn4+JJHlpK7a2lKy254BXDibIlqmqOMB4R
 9I3EJoBU+pXOmivURnHX5J5y/5ubWwvCT3c13mToAkP9nQue/NLFYl5tsPWYeVM3MnN6eQl
 qtMP1DKCN6wCS54D/MwYPcGU/cc6B+tHqFJ8PfxXtb6M3j1Jbh8sD5HtPydkudXuFDSPjsa
 EvR8chhdgXvDpJINI2lQ1n/rsor+rBCulhEVuczXXblN+s0dmSOwcjM1at5oi1vF68DTxKq
 rJ4FS17QDB8MSIpoyJvDJiBGnRgm1317tCN8mcNrvKc47bTcbevvwuUvYC0A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1756339423; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=xMqMUqzWXLyesig+Es8kmcJMXWDg18yZVyxn6IowIXk=;
 b=KIzPw5YhbZrigvfIQExKvZg3+tKpsNhTqQhSbFFnJkes+gtk3+YBRF6au1dBFWkoLI+DT
 D9hS9uCoEBLovoarE9H8SqtYKdAjme4u3VP9AbRs1TyVDolNwrpyH8l5B3Tc4W5i/mFrqQm
 eRMFro8KFty/caLMMfvy13ekJ+4yoKkMGkRzvm+eVzGXKYnE6oCqTvYtfkH6dp131XiV3PC
 nyK7iyA0Ir9rjLHXXxqDP2BAj44ylgjZv+cB6CwD6RbAO0itkhvWDdbQDEIaZ6M1d1RZuNu
 cmvxo2uFMjGnZCCiV0IrcUAwiEbrCu4CRzcmWDBemfYPy5GuK4CqqKpYTw3g==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=none
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed); dmarc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1756339413; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : from; bh=p/TO1eCw51C42HFA34ScAJbDNP+FrfUgvLcTD3foxOM=;
 b=QWKaMT/rimZxEoYb8LuVL3+zeM2P2NQt1obyw3Bvj8wapgvY8MV+0byP09gRSqbv/5Wbj
 A5ihJDZhCjxhiYN/cTNwY/gt0H0K57DpjPoVxn3NY6Sj19CcNW++78Bu2eiVx3hmzF3jFC0
 MrxFib0mm777bAm5x8ZTfqy+itVMoc4XOUtsY8cXX+xLXgTQi2fU8nzcBI7IyqADeSfgzdS
 fksOm28ccAoHi8wZMFaPMZcANhEFudQwjq5qLgunXmtsQ6Ml9kratghsk9eErW4PWFZx4w0
 co1xM7Jq3rJaBVOqeBfKftcdtQl/D+tPuWauW6eMbJ3LfCaFZhUWaDM6AUeQ==
Received: from 5d8f51c41678 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id F3FA568D79D
	for <ffmpeg-devel@ffmpeg.org>; Thu, 28 Aug 2025 03:03:32 +0300 (EEST)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Message-ID: <175633941324.25.4939827462749641841@463a07221176>
Message-ID-Hash: 2LA4KVYFSDK4AICM7MDQ3NCUYBQO7JJZ
X-Message-ID-Hash: 2LA4KVYFSDK4AICM7MDQ3NCUYBQO7JJZ
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] av_format/whip: fix potential overflow (PR #20357)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/2LA4KVYFSDK4AICM7MDQ3NCUYBQO7JJZ/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/175633941324.25.4939827462749641841@463a07221176/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: Jack Lau via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: Jack Lau <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/175633941324.25.4939827462749641841@463a07221176/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #20357 opened by Jack Lau (JackLau)
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20357
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20357.patch


>>From 7c533ae7404fb20a4513ef766e368300dfe3cc54 Mon Sep 17 00:00:00 2001
From: Jack Lau <jacklau1222@qq.com>
Date: Thu, 28 Aug 2025 07:22:04 +0800
Subject: [PATCH 1/2] avformat/whip: fix 8-bit overflow and map constraint_set
 bits for H264

profile_iop is an 8-bit field. Previous code copied
AVCodecParameters::profile (which can contain bits
beyond 8 bits) into profile_iop, producing overflow
and wrong values.

This patch maps the constrained flags into the proper
profile_iop bits (constraint_set1/3)

Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
 libavformat/whip.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavformat/whip.c b/libavformat/whip.c
index 1fcf19aaa3..de8513aadf 100644
--- a/libavformat/whip.c
+++ b/libavformat/whip.c
@@ -562,7 +562,7 @@ static int parse_codec(AVFormatContext *s)
  */
 static int generate_sdp_offer(AVFormatContext *s)
 {
-    int ret = 0, profile, level, profile_iop;
+    int ret = 0, profile, level, profile_iop = 0;
     const char *acodec_name = NULL, *vcodec_name = NULL;
     AVBPrint bp;
     WHIPContext *whip = s->priv_data;
@@ -630,11 +630,12 @@ static int generate_sdp_offer(AVFormatContext *s)
     }
 
     if (whip->video_par) {
-        profile_iop = profile = whip->video_par->profile;
+        profile = whip->video_par->profile;
         level = whip->video_par->level;
         if (whip->video_par->codec_id == AV_CODEC_ID_H264) {
             vcodec_name = "H264";
-            profile_iop &= AV_PROFILE_H264_CONSTRAINED;
+            profile_iop |= profile & AV_PROFILE_H264_CONSTRAINED ? 1 << 6 : 0;
+            profile_iop |= profile & AV_PROFILE_H264_INTRA ? 1 << 4 : 0;
             profile &= (~AV_PROFILE_H264_CONSTRAINED);
         }
 
-- 
2.49.1


>>From df611cb6101d136a300f6ee17a57d7a966f40b80 Mon Sep 17 00:00:00 2001
From: Jack Lau <jacklau1222@qq.com>
Date: Thu, 28 Aug 2025 07:40:40 +0800
Subject: [PATCH 2/2] avformat/whip: fix potential 8bit overflow for
 profile_idc

The profile contains profile_idc and constraint_set*_flag,
throws away high 8 bit flags and then we get profile_idc.

Signed-off-by: Jack Lau <jacklau1222@qq.com>
---
 libavformat/whip.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/libavformat/whip.c b/libavformat/whip.c
index de8513aadf..0089c17b9a 100644
--- a/libavformat/whip.c
+++ b/libavformat/whip.c
@@ -562,7 +562,7 @@ static int parse_codec(AVFormatContext *s)
  */
 static int generate_sdp_offer(AVFormatContext *s)
 {
-    int ret = 0, profile, level, profile_iop = 0;
+    int ret = 0, profile_idc = 0, level, profile_iop = 0;
     const char *acodec_name = NULL, *vcodec_name = NULL;
     AVBPrint bp;
     WHIPContext *whip = s->priv_data;
@@ -630,13 +630,12 @@ static int generate_sdp_offer(AVFormatContext *s)
     }
 
     if (whip->video_par) {
-        profile = whip->video_par->profile;
         level = whip->video_par->level;
         if (whip->video_par->codec_id == AV_CODEC_ID_H264) {
             vcodec_name = "H264";
-            profile_iop |= profile & AV_PROFILE_H264_CONSTRAINED ? 1 << 6 : 0;
-            profile_iop |= profile & AV_PROFILE_H264_INTRA ? 1 << 4 : 0;
-            profile &= (~AV_PROFILE_H264_CONSTRAINED);
+            profile_iop |= whip->video_par->profile & AV_PROFILE_H264_CONSTRAINED ? 1 << 6 : 0;
+            profile_iop |= whip->video_par->profile & AV_PROFILE_H264_INTRA ? 1 << 4 : 0;
+            profile_idc = whip->video_par->profile & 0x00ff;
         }
 
         av_bprintf(&bp, ""
@@ -662,7 +661,7 @@ static int generate_sdp_offer(AVFormatContext *s)
             whip->video_payload_type,
             vcodec_name,
             whip->video_payload_type,
-            profile,
+            profile_idc,
             profile_iop,
             level,
             whip->video_ssrc,
-- 
2.49.1

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org