From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 00CF2437E3
	for <ffmpegdev@gitmailbox.com>; Tue, 28 Jun 2022 19:28:42 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 27CBC68B992;
	Tue, 28 Jun 2022 22:28:39 +0300 (EEST)
Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net
 [217.70.183.198])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 51D7B68B92F
 for <ffmpeg-devel@ffmpeg.org>; Tue, 28 Jun 2022 22:28:32 +0300 (EEST)
Received: from localhost (213-47-68-29.cable.dynamic.surfer.at [213.47.68.29])
 (Authenticated sender: michael@niedermayer.cc)
 by mail.gandi.net (Postfix) with ESMTPSA id 64986C0002
 for <ffmpeg-devel@ffmpeg.org>; Tue, 28 Jun 2022 19:28:31 +0000 (UTC)
Date: Tue, 28 Jun 2022 21:28:30 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20220628192830.GT396728@pb2>
References: <20220627084347.30362-1-michael@niedermayer.cc>
 <165639370846.12703.18353942820053902051@lain.khirnov.net>
 <5868ba10-3131-7a10-da47-e586a7234857@gmail.com>
MIME-Version: 1.0
In-Reply-To: <5868ba10-3131-7a10-da47-e586a7234857@gmail.com>
Subject: Re: [FFmpeg-devel] [PATCH] avformat/aaxdec: Check for empty segments
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============5660778785718530233=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20220628192830.GT396728@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============5660778785718530233==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="nUIyxxw8BSSbt6Ef"
Content-Disposition: inline


--nUIyxxw8BSSbt6Ef
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 28, 2022 at 08:26:54AM -0300, James Almer wrote:
>=20
>=20
> On 6/28/2022 2:21 AM, Anton Khirnov wrote:
> > Quoting Michael Niedermayer (2022-06-27 10:43:47)
> > > Fixes: Timeout
> > > Fixes: 48154/clusterfuzz-testcase-minimized-ffmpeg_dem_AAX_fuzzer-514=
9094353436672
> > >=20
> > > Found-by: continuous fuzzing process https://github.com/google/oss-fu=
zz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > ---
> > >   libavformat/aaxdec.c | 2 ++
> > >   1 file changed, 2 insertions(+)
> > >=20
> > > diff --git a/libavformat/aaxdec.c b/libavformat/aaxdec.c
> > > index dd1fbde736..bcbff216db 100644
> > > --- a/libavformat/aaxdec.c
> > > +++ b/libavformat/aaxdec.c
> > > @@ -252,6 +252,8 @@ static int aax_read_header(AVFormatContext *s)
> > >                   size  =3D avio_rb32(pb);
> > >                   a->segments[r].start =3D start + a->data_offset;
> > >                   a->segments[r].end   =3D a->segments[r].start + siz=
e;
> > > +                if (!size)
> > > +                    return AVERROR_INVALIDDATA;
> >=20
> > Why check for invalid size only after some things are set based on it
> > and not before?

moved it up


>=20
> Also, if the problem is that a->segments[r].start =3D=3D a->segments[r].e=
nd,
> then maybe it'd be better, or at least more clear to the reader, to ensure
> that as part of the checks immediately after this line.

its easy to add it into that check but the check becomes more complex and
harder to understand.
Unless you have some specific suggestion i would tend to keep the if()s sep=
erate

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle

--nUIyxxw8BSSbt6Ef
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCYrtWWgAKCRBhHseHBAsP
qyQsAJ9Fc8yLNhX8/5ibii50d3wKZ3okYQCfWku/d27yKdNhEYlnpPVBUuqfSAA=
=2B4T
-----END PGP SIGNATURE-----

--nUIyxxw8BSSbt6Ef--

--===============5660778785718530233==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============5660778785718530233==--