From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 397CF4D1A3
	for <ffmpegdev@gitmailbox.com>; Wed, 12 Nov 2025 02:34:31 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'NPNhNHl2uMsxur0AL/51V32Yh4L+nvNY96s+U+oEJgQ=', expected 
   b'PM7HvJMqjuqt/HLUvJaqv9hyUYzQvvrbVCVDmVnkfiQ=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1762914859; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=NPNhNHl2uMsxur0AL/51V32Yh4L+nvNY96s+U+oEJgQ=;
 b=Up3L2NQS3nspiJisx5Ck9/fcINUvxEl+9ZKamFE2CO3vPA18Zk6zxheQgusEBods17WlI
 igyssbHfxsap78WQJiqefKkOE/izGaYbKm0UAYFp5D8LvGpgguW2i9dB2Ta2J/cWhwfojmZ
 +g9FWwslFn5YzWZAe03blDK7E5DyIcLmP3Uo5jGU9ypGo+cJLXzdeBWpSTXkHpB0FGWX6x1
 mltva7nfHiItKAGbfSxm8f1IiCmqsKhNekkCAlxoq16+BV9Fl0UYVxsF+c2m/PZw5LId/Ze
 xMXtBtOTEp29gybOwQjVG+EOIWRy/BIDQW0gXdvg+JehB22Js7GVSZfs42uA==
Received: from [172.19.0.2] (unknown [172.19.0.2])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id ED28A68FCE7;
	Wed, 12 Nov 2025 04:34:19 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1762914843;
 b=hJqJnxBityMgsB3q95QHEDO4a5ddvNuElSjdKDNxwb9dPDaqy3uDRtj+HlAe4GrhBrBzx
 FcYXKZoyCFC/D5QhI3DRDVPpR/fGPN/cZqLrKXcxMrrMqyzj0TCc+BLPyBr1HhyYOpAA57a
 nBsVSOQqLFWqdJbZRv2D8KuKgZAbNgAOuuz6oA8EmRLcmNyg2kLknS1n/UqLISbacMPrGPJ
 +KFJigpZ4NjGH5BmXmqu7bIbYhZb+VodHgiV2QCpyZjX5EsFnVF7h0Bl0tdKbH1odw63EAU
 34UsNgJxfHbmw7wm/dKGfVdWB0pgUveXmXOzOn8pjNpNB0Vl0LfopJa4xZSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1762914843; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=7H7wCytW8YU1WnagdmvnVEwqawDSr/8BoBLBjVEDR2I=;
 b=AgMEOSvCKw5h5stQykqZcAFIKiPzQi+INsii3rKp1K1cFURmtjUaxw3Vam6JcdoXW75fT
 OBFED+i2SSwDIfY7bvLvtQxo8uQGi0/zz3Rwf60EPx3xPnyMWztYXH+m+fMDA0ztOYyONNH
 dFezYL3ZOH3/8HK0LxKUVG1gV3a9MKbp3iT0E6+WcDt6d2ct0D9P0qq0UAz4tBtZYT8su0k
 BvFCL9ApeNttSwrtPSNE46ocRFKPyh+4d3La76ejM4/FEA4Dg9GSNWasoIy4GorbiLtQVyw
 8GFP3vYgY8a2n06O3agShjZK+Mhm/5EhIAQ/oSiilzMdlpwXuFAW/uSTGhKg==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1762914834; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=PM7HvJMqjuqt/HLUvJaqv9hyUYzQvvrbVCVDmVnkfiQ=;
 b=3u+X3m079W9ga1/F62fz1wWSc0s3N7fY586tymZ+AIP4aKrGfOQL2XCvFWhzkVA5nDu+b
 CnSFRa+rfza+mlDukslxXMZL5dkAZQGiE6ykW+cRJpoRjUREbAbgaWeWL/hIo845AICqSRm
 58Id3xBTsX4mAC3DKt3Fk2XZg1xBlSMZBQiU87r1ki8XTFeL8nWg0T7ZiDXWuwyCwijb6gw
 tQ+FIcbzey8rgspjOQDxuIefXPbeKpD4sc8OFmPEwgCANROB/cftLmhTMhhf7GY2TKunTiH
 KS7x917K0HorxbhIaPcYSJporefXWdFJh7ExSN5fnVa5DZ/nwlYN41MCKZ2A==
Received: from 188d6d40ca7a (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id D38DB68FCD5
	for <ffmpeg-devel@ffmpeg.org>; Wed, 12 Nov 2025 04:33:54 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 12 Nov 2025 02:33:54 -0000
Message-ID: <176291483496.25.11390699791177932796@2cb04c0e5124>
Message-ID-Hash: ZPDSJ6DB7C36U5HRM4HWTTHVD65KFJZ6
X-Message-ID-Hash: ZPDSJ6DB7C36U5HRM4HWTTHVD65KFJZ6
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PATCH] avcodec/omx: Check extradata size and nFilledLen (PR
 #20894)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/ZPDSJ6DB7C36U5HRM4HWTTHVD65KFJZ6/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/176291483496.25.11390699791177932796@2cb04c0e5124/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: michaelni via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: michaelni <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/176291483496.25.11390699791177932796@2cb04c0e5124/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #20894 opened by michaelni
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20894
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20894.patch

No testcase, its unknown if this is a real issue

Reported-by: Peter Teoh <htmldeveloper@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>


>>From 67eea3903e440bf11666662423be651654bc0275 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michael@niedermayer.cc>
Date: Wed, 12 Nov 2025 03:05:15 +0100
Subject: [PATCH] avcodec/omx: Check extradata size and nFilledLen

No testcase, its unknown if this is a real issue

Reported-by: Peter Teoh <htmldeveloper@gmail.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/omx.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/libavcodec/omx.c b/libavcodec/omx.c
index 6b900d741d..7b003ac1b7 100644
--- a/libavcodec/omx.c
+++ b/libavcodec/omx.c
@@ -688,6 +688,11 @@ static av_cold int omx_encode_init(AVCodecContext *avctx)
             buffer = get_buffer(&s->output_mutex, &s->output_cond,
                                 &s->num_done_out_buffers, s->done_out_buffers, 1);
             if (buffer->nFlags & OMX_BUFFERFLAG_CODECCONFIG) {
+                if (buffer->nFilledLen > INT32_MAX - AV_INPUT_BUFFER_PADDING_SIZE - avctx->extradata_size) {
+                    ret = AVERROR(ENOMEM);
+                    goto fail;
+                }
+
                 if ((ret = av_reallocp(&avctx->extradata, avctx->extradata_size + buffer->nFilledLen + AV_INPUT_BUFFER_PADDING_SIZE)) < 0) {
                     avctx->extradata_size = 0;
                     goto fail;
-- 
2.49.1

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org