From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 9FE0C4038A for ; Tue, 20 Jan 2026 00:04:57 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'ThhgXdnJv4Z1n8mizsMpSGapy5+Y7Zs7jKMGCr2ZvZM=', expected b'cuKELSDR1oK1jOabmPR4BqVC6rns7Ko7rYWbbgGIU8U=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1768867481; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=ThhgXdnJv4Z1n8mizsMpSGapy5+Y7Zs7jKMGCr2ZvZM=; b=wAQM1yBA40cScEujBgQ/UrQp+Xj1K+kpifFMOJSx6ZVZK/I132K3o7IY6BURXU23mEioh VaKYTif7clwPELti+HmRMmOlqm0EGGxr6xMt/o18cq538ZWaiimurw0NVgxmmqGbvf2s8UG vUU1NMfYayqqZLR7PSoX8V2hRK1W1adZXWCkDkf2e0NGrL5aPqM5ts+tZP3OzSaCY4wp1yc v4w6oNIZAuCMUN6t3x8VT9mAFMMPTueYfXJU5/jmVBB9UQSln7EEENKH9Z8yJpl+Vg72JDi skBTQAUjr52lAGsN9hHUv+aCYJZMGKDD30W0qfoICJJakz+9KmOmM6ypfqBA== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 64DE5690E8A; Tue, 20 Jan 2026 02:04:41 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1768867460; b=ff8itGYUPodOEGEJ9d1JRo1xTN8j3UGxEwM4mv41wa52f9E04GzoMVQ62nwZHzhsr2wCl T0Z4pantpB8Na5rC7CXYAWrqHvSYJtgKCtNcP4vV9fg8jtM9/tQOLv/WYzlR3cIhcn0aXff Gr2rXJ+NvnKA8Aq3mp1wPJIOBmZ3kznygtv0dXOdp1ZwQEUPqDEqJQQCf3J76dxVXpjNOjP YTKNRmCv0vC5c6PpNWufGIhiRg1o4P+Vnh1nWytHvTH1SQRdO2J3hGtlbvhYIPMlkTvJZ+y 2xwNWLg6u/cvp9JCP9ImUnDTijKagbsyyB+tKUib9gEf8yvPlLMKh+FC2cqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1768867460; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=+PQh3c4UI4d1iiC/FvIpCkqx3oYh/+fsTrP/5TiDyO8=; b=ZfZAeuF4FV4Tc82gnb3NM8iEdHQz9ax0gKZMh8It0pwWAMyRS5v+HOxvSl6vTqMZE/5uc WmrqeJGUnwtKYvTOuK36VXyuKieSg2mGnf1hHJX5/wAAYRBG5pAf+9KDVTZQw5uHDZWH6Eh Ijfr30g67G5w32+XhQ0hqsKtcnn52htAmmek+CPcS6B/HJPi0c9LJBNaMW6BH/PsMkGO2U0 41ZXt2wUWp86rXnjM1hxIEx7LLgzWbK26vAFrf9U0Slu03XvwHx9U7J26+hF8b8oSjIg82e 7bbwdX/4RrkU2v0nLD8m56JzrZhw1Pf+a52YJXWQyIvcD33rTI3XmrWlxsvQ== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1768867451; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=cuKELSDR1oK1jOabmPR4BqVC6rns7Ko7rYWbbgGIU8U=; b=IM2fCMDIsI11mP7rR5nQdoCYhm0UVAvO0+0aEY/6BtYrUuIpWzsnszEFJUB2k48btjm9s DFa4aeQlMeCe377mk//dn3xBtwKK4bNAAvDlWs5rxrQA9Hgmij3SrDn2VxARNxHjE7RlRzP fpyN/lgiBhR10Jio7xuaRuemoZGHDCjH2hBwtwBr76t3birmXbrxcHnWR6cvtmvW4f/sscB 1l+5VS3Fl80JsLbBC0CB0wM1Bgx5BsKxJ+/WoFnDV0PZxUdN3e41OlOEUNTJF5SkPlWwjcx u+ObUpTx++uLbVTg9jgzoUGGQmWVFrEx+moTlGB9/8zlLUq75e+KT9+T677w== Received: from 69dab402ede7 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 0B6F8690DA0 for ; Tue, 20 Jan 2026 02:04:11 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Tue, 20 Jan 2026 00:04:10 -0000 Message-ID: <176886745120.25.1201832619926480252@4457048688e7> Message-ID-Hash: WKCIPV52HAEP4TS6STT4VSI7VCTXQLTS X-Message-ID-Hash: WKCIPV52HAEP4TS6STT4VSI7VCTXQLTS X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avformat/iamf_parse: stop trying to parse files that report an unknown layout (PR #21523) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: James Almer via ffmpeg-devel Cc: James Almer Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #21523 opened by James Almer (jamrial) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21523 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21523.patch Exporting unknown layouts as unspec type is pointless in a format that expects the user to remix the channels in location specific ways. This simplifies assumptions and reduces the chances of heap buffer overflows. >>From 2bc471a3012ad213188fd171f2542175d78a1f45 Mon Sep 17 00:00:00 2001 From: James Almer Date: Mon, 19 Jan 2026 21:00:39 -0300 Subject: [PATCH] avformat/iamf_parse: stop trying to parse files that report an unknown layout Exporting unknown layouts as unspec type is pointless in a format that expects the user to remix the channels in location specific ways. This simplifies assumptions and reduces the chances of heap buffer overflows. Fixes: heap-buffer-overflow Fixes: clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6363647720095744 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: James Almer --- libavformat/iamf_parse.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c index a31f7689b3..5ed5e87fb7 100644 --- a/libavformat/iamf_parse.c +++ b/libavformat/iamf_parse.c @@ -451,10 +451,13 @@ static int scalable_channel_layout_config(void *s, AVIOContext *pb, return AVERROR_INVALIDDATA; ch_layout.u.mask &= ~mask; } - } else - ch_layout = (AVChannelLayout){ .order = AV_CHANNEL_ORDER_UNSPEC, - .nb_channels = substream_count + - coupled_substream_count }; + } else { + if (expanded_loudspeaker_layout >= 0) + avpriv_request_sample(s, "expanded_loudspeaker_layout %d", expanded_loudspeaker_layout); + else + avpriv_request_sample(s, "loudspeaker_layout %d", loudspeaker_layout); + return AVERROR_PATCHWELCOME; + } channels = ch_layout.nb_channels; if (i) { @@ -476,11 +479,9 @@ static int scalable_channel_layout_config(void *s, AVIOContext *pb, return ret; } - if (ch_layout.order == AV_CHANNEL_ORDER_NATIVE) { ret = av_channel_layout_custom_init(&layer->ch_layout, ch_layout.nb_channels); if (ret < 0) return ret; - for (int j = 0; j < n; j++) layer->ch_layout.u.map[j].id = av_channel_layout_channel_from_index(&audio_element->element->layers[i-1]->ch_layout, j); @@ -508,8 +509,6 @@ static int scalable_channel_layout_config(void *s, AVIOContext *pb, ret = av_channel_layout_retype(&layer->ch_layout, AV_CHANNEL_ORDER_NATIVE, 0); if (ret < 0 && ret != AVERROR(ENOSYS)) return ret; - } else // AV_CHANNEL_ORDER_UNSPEC - av_channel_layout_copy(&layer->ch_layout, &ch_layout); } if (k != audio_element->nb_substreams) -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org