From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id 80A9A4E442
	for <ffmpegdev@gitmailbox.com>; Thu, 22 Jan 2026 14:26:13 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'RBakv1JWFJAqpICD2DBgFtH8if8ezzfc+tsij5aZtp0=', expected 
   b'5W8CnB/niBv6FyntRblUTrTX1qjGKf6dy2FebqLScq8=')) header.d=ffmpeg.org 
   header.i=@ffmpeg.org header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1769091965; h=mime-version : to :
 date : message-id : reply-to : subject : list-id : list-archive :
 list-archive : list-help : list-owner : list-post : list-subscribe :
 list-unsubscribe : from : cc : content-type :
 content-transfer-encoding : from;
 bh=RBakv1JWFJAqpICD2DBgFtH8if8ezzfc+tsij5aZtp0=;
 b=C6GvZi3C4UV0t2omuRd+O8tgDrxrEZY6DjZyhA7dqEDoM4lhc30Ta4iz9wh7OknPOX9Mq
 qV0FsKEp1zH97AxeLSlcG+LGFC4snRIQZYBYwSssbaqXftF3obEfinmpJzxwD3QwDf6Oj7d
 +Pl6S8BndEkHUdx7cdGjkMT3b9Z21mizW8ojr5EY1/y3vrvx/2itYsWBjBKk2dc2hZlxB5A
 UnELEYiV/yy4HKslbP8PGzsdVoC6Y7ytQLGROG3fO+B0biHVPxFCAyWqQFGsJMZJBLpf1WV
 H8fC0vrtHiyQOuqcWwB/4kNBTlJRzVELUSrupyA2hJ1qkiCgGnqSUMY73Wyw==
Received: from [172.20.0.4] (unknown [172.20.0.4])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 4C84B691060;
	Thu, 22 Jan 2026 16:26:05 +0200 (EET)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1769091950;
 b=MET6dIss6DxgnuNS+bFxpWLzG26mHHWbRq8hNci0MGb1WxIN/VD45mTLJ9OmmZJqwW8Qd
 C8XAYxu524CdC81v93z15nDg8hinrxYWq5kKdHDTq6AGob1clG63S/okmVUW1HSw1ydR9Jo
 lxEBgTwWfM3gdQlbJEQw0uRaJllcQUsUy3goFaSg+78SF6vTgx8Jr6a04H606aRCu0+8Si+
 3kjNibQISPbZTm2vRH1/g5E9HzFWocnoS+TlM7+klz4DXTPKmWIkXiGv/gd95RjSaR2SDgA
 sQHcpuWSHa7meCsZ9gVT1GMmrcH4koszuFHHrYkxVM8hv0Wwj5rFacpiF6Ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1769091950; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=iYLH0aKQ37Hkcjyo80WBCrLJNa+9MrVwAyx6iA6gUDs=;
 b=ffukjiHHfCzP31u0T2ZNoiwpKXUWeRkcpJIj6pHluf3zyz8gsyFUJwf3FGDCsIWgCKATT
 6Muk+ESmXrk9MlgDFNJ9vbV2OixQWTEFA6Rkp/hfGnOO1jg5BsoKs+sOFfNLVP+ufxsNb9d
 CNTpUGBkGorWsn26poLfzWnqS7+t3wuAo+D0jzPLVkm9hpqjm6eocx1w4r0ZZgh5pv3Nkgq
 6ffPWWWUkSFWqkt6iryFyvqn/vGBvv2rLI+Od4AK00I4PCa1YHG9LCTmUpytmUobbfSeUWY
 cCC1XYAQZ1Z01AXbA7ptyGN6q2TasmCG0kHqsmPpENuUkIb4t1AGw2iNvGDQ==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none;
 dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine
Authentication-Results: ffmpeg.org;
 dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org;
 arc=none (Message is not ARC signed);
 dmarc=pass (Used From Domain Record) header.from=ffmpeg.org
 policy.dmarc=quarantine
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1769091943; h=content-type :
 mime-version : content-transfer-encoding : from : to : reply-to :
 subject : date : from;
 bh=5W8CnB/niBv6FyntRblUTrTX1qjGKf6dy2FebqLScq8=;
 b=2pUkbft9hZvrNaGCB67MhomQt9sP7gY8v8KLG3P4QgD39WIHt8rsir2YRD3cjKA7+lvQw
 2HdQpNlF+mYpS39Gzd+YXXXI7qy+jQwyDukmoUBk1HmxtSk1liHuC1sQiVA0/yWmYeAbY8t
 7N8LzoG/ZBUHvUSQIWZpXZJb8/tu0j4YW2nJsZqKPcwpQd2Qi4P0gQl5vEJWnFTqHQ7hgV0
 MlaNhGUXl0snfQxHIoiLQtUNYSZcoewQEa2J62LatrkLHV7u9tLMSXVdW8MOeDEmJ55fGEP
 fDZgb+RwR7QhU1JXs6+ChjO2C7rhyh0dk+zgzNGWzoYzm3jjMvpHtMwiHu4w==
Received: from 69dab402ede7 (code.ffmpeg.org [188.245.149.3])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 9043C691016
	for <ffmpeg-devel@ffmpeg.org>; Thu, 22 Jan 2026 16:25:43 +0200 (EET)
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Date: Thu, 22 Jan 2026 14:25:43 -0000
Message-ID: <176909194370.25.5439127286555311890@4457048688e7>
Message-ID-Hash: AWIDVZ55C642DGZIGPFLYLMVHFFUV5YS
X-Message-ID-Hash: AWIDVZ55C642DGZIGPFLYLMVHFFUV5YS
X-MailFrom: code@ffmpeg.org
X-Mailman-Rule-Hits: nonmember-moderation
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] [PR] avcodec/vorbisdec: validate windowtype and transformtype
 (PR #21547)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/AWIDVZ55C642DGZIGPFLYLMVHFFUV5YS/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/176909194370.25.5439127286555311890@4457048688e7/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: hassanhany via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: hassanhany <code@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Archived-At: <https://master.gitmailbox.com/ffmpegdev/176909194370.25.5439127286555311890@4457048688e7/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

PR #21547 opened by hassanhany
URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21547
Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21547.patch

validates the windowtype and transformtype as required by the Vorbis spec in section 4.2.4 the part about modes "verify ranges; zero is the only legal value in Vorbis I for [vorbis_mode_windowtype] and [vorbis_mode_transformtype]."


>>From bcfd563e25adb1e818b309018b7c03b684668751 Mon Sep 17 00:00:00 2001
From: Hassan Hany <hassanhanyrashad@gmail.com>
Date: Thu, 22 Jan 2026 15:31:41 +0200
Subject: [PATCH] avcodec/vorbisdec: validate windowtype and transformtype

---
 libavcodec/vorbisdec.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c
index 60a83f394f..1bfebda101 100644
--- a/libavcodec/vorbisdec.c
+++ b/libavcodec/vorbisdec.c
@@ -908,8 +908,14 @@ static int vorbis_parse_setup_hdr_modes(vorbis_context *vc)
         vorbis_mode *mode_setup = &vc->modes[i];
 
         mode_setup->blockflag     = get_bits1(gb);
-        mode_setup->windowtype    = get_bits(gb, 16); //FIXME check
-        mode_setup->transformtype = get_bits(gb, 16); //FIXME check
+        mode_setup->windowtype    = get_bits(gb, 16);
+        mode_setup->transformtype = get_bits(gb, 16);
+        if (mode_setup->transformtype != 0 || mode_setup->windowtype != 0) {
+            av_log(vc->avctx, AV_LOG_ERROR,
+                   "Invalid mode: windowtype %u, transformtype %u (both must be 0)\n",
+                    mode_setup->windowtype, mode_setup->transformtype);
+            return AVERROR_INVALIDDATA;
+        }
         GET_VALIDATED_INDEX(mode_setup->mapping, 8, vc->mapping_count);
 
         ff_dlog(NULL, " %u mode: blockflag %d, windowtype %d, transformtype %d, mapping %d\n",
-- 
2.52.0

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org