From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 1B84E4CE87
	for <ffmpegdev@gitmailbox.com>; Fri, 31 Oct 2025 22:18:39 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'NnoJdx7LpctZsxjN6UOhhHuY/HXwN6bYKPkGY+Bf1dA=', expected 
   b'g1ZzxABA0ZliNxnUga0H/UYR7pSvgUR+/za/1IX1Lss=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1761949113; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=NnoJdx7LpctZsxjN6UOhhHuY/HXwN6bYKPkGY+Bf1dA=;
 b=LeyjT9Ic24o1U4tmbjKaIEdSZLC6Q4smQWWQotJLryd0CRIx3ffBk9D+h8ZnNmwDo9lNc
 6iInQooAkwckweKEtnKZ07G3wKpMSvjAsA7HusaYAVOI97uqXj+BKborOn8Pvtcme+xeEiP
 fzMpzh1kX6FhzHHssBc8PStBntbvXT22zAvS7fzQbf6CmcCPGbl76mnYRdD39DbOG6G8eue
 pCumDCt9n9w0CCxeOya8UTT4Xuqk6gSOp6dSu88I2j2728j2DUEFws5F5gSzbvpED2butRF
 NSYIOLGFGf/YU87blPS+FlDZL6b0F3rYuwmb4zS2yChv+KqfkcVSJs8nahcw==
Received: from [172.19.0.2] (unknown [172.19.0.2])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 1809B68F97B;
	Sat,  1 Nov 2025 00:18:33 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1761949096;
 b=IdGNJz1F0GEY1T7dm9TOkSAT5oYksYXBTxZLxXA9cwRb6xz3NXbuu6u0Nn6Ygihp874F3
 pT8csmmcnBch0sfM8oMBQCJk7uB1h1bQjnOl/L8OGOs+ZYBpvvIaBbsG+SKl4W9yGN6Dtph
 dzdi1kpmQJXbtYkYOnoTsNCKWr8TVCdgvJQ7CUGvUnU/VKaSCbledcHgZCEv6cSMrxw/3Xl
 gmJ/y37/eQeoqYwMkwlgGxejodk6AN5FtmBfriE1NXjfxGmidp/7nKTpefiBcGS4+uHpyuy
 Z8aBNV+82/Efl/VJ8kT7REUNZ4lixxWWeFmlz2dK/DIIho7/GVmeA9gf3Rqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1761949096; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=3bQ+iOB3vWksKq+ryYEeevKfl1WUFdskSDFXd2R7zVo=;
 b=FLz2BN1d8ev9rPu+azQRxAO+TyXLLa3hA7P2RjtSiOgzV7GpXdinCZYf3c7gFc19ZoFCh
 pzKjvmxQcnUp9IlvZgDJQ9KRPiaaJRH/MrJdILphyaO36+fwc5kz8dg7iU68PyP94xFc9o6
 uyDtmd9jmbgh/1GnSLFPoWdA7ypl2LAU+V4C8k6IqZZV0ng0MqpLHb/0RUkBXkZtZmwVtmK
 O/iz422SbuQmSDkWFo8sBi2MtlGV44FiPVv5sm5uNaC7fcRMoacJec3LZDDS8R2H65sOVPG
 peUT8ZB1OHRkYwZj8iCc+LSNQh1gmsl4Xh9CEiHVgxGMO/qfEXs3A32Gvbng==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1761949089; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=g1ZzxABA0ZliNxnUga0H/UYR7pSvgUR+/za/1IX1Lss=;
 b=4aX1HH6pNXmmRxUgWxhXiAW+ALz0kDOfAwKjgREOoR4ulOAb1MqTEhnT1RV1ptOKxi7wD
 sNO0fMU5XhV2Dasno0+n9AAqGBYKF56DUxopvkm5phmuyGLOmJyEns9dNjuT37i5wlyi2Dx
 cTuveu3hTR9PQlS+sfNo6iGKe7yMsmyavl3d9QCVE87pAU2zmG5iFyZb9sQf3pRHha/kfTG
 xu9nE8omExZMEvClFnEmvePW1xx9HQZmCqppsIjf4raafFZwy2w0Pvl7l1wIc71cMFvuZZq
 iSkK2EoZdZOyzjifWGlXKyZAmdJeBnOMPMT8ghCesiuE64tkULkEmI2/WImw==
Received: from 02c22a36bd31 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id B0A3768F436
	for <ffmpeg-devel@ffmpeg.org>; Sat,  1 Nov 2025 00:18:09 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Fri, 31 Oct 2025 22:18:09 -0000
Message-ID: <176194908985.25.7745581119022331335@2cb04c0e5124>
Message-ID-Hash: VUYYXGJB3ZMG6XKXYHEJAYRYMRXZSGAD
X-Message-ID-Hash: VUYYXGJB3ZMG6XKXYHEJAYRYMRXZSGAD
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] avformat/sctp: Check size in sctp_write() (PR #20809)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/VUYYXGJB3ZMG6XKXYHEJAYRYMRXZSGAD/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/176194908985.25.7745581119022331335@2cb04c0e5124/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: michaelni <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/176194908985.25.7745581119022331335@2cb04c0e5124/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #20809 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20809
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20809.patch

Fixes: out of array access
No testcase

Found-by: Joshua Rogers <joshua@joshua.hu> with ZeroPath
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>


>>From e124c1f611e45eda94192afbdb6d0d36747892e9 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Fri, 31 Oct 2025 23:08:45 +0100
Subject: [PATCH] avformat/sctp: Check size in sctp_write()

Fixes: out of array access
No testcase

Found-by: Joshua Rogers <joshua@joshua.hu> with ZeroPath
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavformat/sctp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavformat/sctp.c b/libavformat/sctp.c
index 4122fbe312..9a6b991803 100644
--- a/libavformat/sctp.c
+++ b/libavformat/sctp.c
@@ -332,6 +332,9 @@ static int sctp_write(URLContext *h, const uint8_t *buf, int size)
     }
 
     if (s->max_streams) {
+        if (size < 2)
+            return AVERROR(EINVAL);
+
         /*StreamId is introduced as a 2byte code into the stream*/
         struct sctp_sndrcvinfo info = { 0 };
         info.sinfo_stream           = AV_RB16(buf);
-- 
2.49.1

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org