From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id B44EB4F503 for ; Fri, 27 Feb 2026 00:55:12 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'/z5rn1Zcq8iPAi+Fatpq4PmkzM96UV8njjSkohdZunY=', expected b'Ufd1ZIIJr0wYsDzADsryaGaE8xBxruF2m0vzRYskGKU=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1772153706; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=/z5rn1Zcq8iPAi+Fatpq4PmkzM96UV8njjSkohdZunY=; b=BBTf8rTbj17jtpPAsVQNqNuRupvvwNzZRZToZUGKMVWYDBh8xQ5VmMf0PGMfLCiYlQ9TA zPB0+WKxZiK+an7Hpa+1KxbkbSM7x1kmx41aToXMwltISjNOHIVQHLAHzR7M80zlSQ5vDsu bbqiihq/hEO3IV2kVeVmqb7a6QYvsyn+13G676BPUhvm3xTLq+w650tY3QE30FSZEg8w26w mKh13H8XfLywcKOgnvsMqEQuZr5smJwD8lmjzMd8CqLSDUUQWGPyyuTL5O+X8kU2zWZ03C+ i0ioBELB21OwTnj3O3URp9Dygr/pN3g4vaQQ22x5p4vOr6vKGUz7ddWLtFqg== Received: from [172.18.0.3] (unknown [172.18.0.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 55545691355; Fri, 27 Feb 2026 02:55:06 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1772153696; b=gL/rxH3JDcr2LMx579hk2428HbFy94cuZEFL5wLGrmi8oIoxE1apOBn3844UGnBcBSwqX UoM4uEvY8WIEndLaAw5irXmzOTWsJXHhQ2Gdnmsl/lJUJRDyYm6XusLJpxF9ZmK2ZWFvPuw m9UMxY21rc5blUDq9nEGJT7bMF2uS5Il/CMDF/1D8BvqPg3fENmGKMHSw6A1UtzYFlnA3a2 lPPzrW5T5Kw9gxDxWZVtZeYYf57NyQShdF8K6a/I7LU4k4qj1cT/tiXnWA7ZJqoGF/vMOUK KUm3YphxT/hqF36sFy56F4FMjv5DW1r0wQSyoNzMtURYitrAcWSwTAwGiRUw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1772153696; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=67edsUADMgPBJgER6X+pCXM45Mea4werChBc2Y9DghM=; b=jV7s6PO2fAKu4eS/VeoofkRhWF3QitBUfD7Altrs4wJGGp1AWXt1yida+laZq2DxUNQws FYAh5I2MB+pJIJHEuxUgvxPmYd4YLMfEWGOAuOlYZYAj6PY8zH0ZWoAaLiFMy/APw0xe08g oWwubwMl2yGxGPQYeGfuOAm7fiseMMFf6387M3ctIqyotVlnCFnZR/SJsEBwMVSFJH46Er5 rwq+0xMVOo592Dt+VN3ONtyE8jBswz0Sj4d1is68qKFOwFTWEitvmUxyy/fAli8Kdg2aNPY 0fP1hG9MwTKK3V+UTw0PkUmzp6z9o6m6lGsFMRoIVxUbNxbECQQj+gEcXq4g== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1772153686; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=Ufd1ZIIJr0wYsDzADsryaGaE8xBxruF2m0vzRYskGKU=; b=PdC/sVx6dZv2UlJa7WZtZnOnq7lTcH8tNcoxWidClHnflx94UjCxjZITT+xuu/zPuWbV2 4aKHwFqZZQY83KQG1o/E7oexHrNP+AAHN3j2LmEY29RiN2VOlrw6Lol9gL7K2sd6S2CvY5D IYBTOVUl11LJh5sKA/tmX+LTaK21Ksgby2myQSdU+/DABKNhaUsLIcA0aRZn0VXALC7SG22 cYaNj/rEbt/UEk1KgAenEZxPfA/ehC6y6ffVoJ/S4kS7RFaa9Uw8uvnkmD+40rEzcbm3uFS 13xCsdSoFmlZiW2pvYS9kUVY+qCPIcdBgnveSTfG7kSRkeE82lra7zv+9+eA== MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Fri, 27 Feb 2026 00:54:46 -0000 Message-ID: <177215368708.25.6312390549284865714@29965ddac10e> Message-ID-Hash: ISIMTQOVVUDA5A75VL7DU4LU6ICT6QRA X-Message-ID-Hash: ISIMTQOVVUDA5A75VL7DU4LU6ICT6QRA X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PR] avformat/whip: fix out-of-bounds write in bundle string when no streams (PR #22303) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Nariman-Sayed via ffmpeg-devel Cc: Nariman-Sayed Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #22303 opened by Nariman-Sayed URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22303 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/22303.patch When neither audio_par nor video_par is set, bundle_index remains 0, causing bundle[-1] = '\0' which is an out-of-bounds write. Fix by checking bundle_index before accessing the array. >>From 3b5c25568cc34f6b4c6f03f4bb5a0e3c436b0525 Mon Sep 17 00:00:00 2001 From: Nariman-Sayed Date: Fri, 27 Feb 2026 02:47:54 +0200 Subject: [PATCH] avformat/whip: fix out-of-bounds write in bundle string when no streams --- libavformat/whip.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libavformat/whip.c b/libavformat/whip.c index 8306296b20..affdb0d6e3 100644 --- a/libavformat/whip.c +++ b/libavformat/whip.c @@ -641,7 +641,10 @@ static int generate_sdp_offer(AVFormatContext *s) bundle[bundle_index++] = '1'; bundle[bundle_index++] = ' '; } - bundle[bundle_index - 1] = '\0'; + if (bundle_index > 0) + bundle[bundle_index - 1] = '\0'; + else + bundle[0] = '\0'; av_bprintf(&bp, "" "v=0\r\n" -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org