* [FFmpeg-devel] [PATCH] avformat/oggparseflac: check init_get_bits' result
@ 2023-05-30 21:21 Paul Arzelier
2023-05-30 21:28 ` James Almer
0 siblings, 1 reply; 2+ messages in thread
From: Paul Arzelier @ 2023-05-30 21:21 UTC (permalink / raw)
To: ffmpeg-devel; +Cc: Paul Arzelier, Polochon-street
From: Polochon-street <polochonstreet@gmx.fr>
Check init_get_bits' result for NULL, to avoid dereferencing a NULL
pointer later (CWE-476).
Without this, a segfault happens when trying to decode a handcrafted
ogg-flac file with an absurdly long (e.g. 268435455 bytes) ogg header.
Thanks to jamrial for basically writing this patch after I reported the bug!
Signed-off-by: Paul Arzelier <paul.arzelier@free.fr>
---
libavformat/oggparseflac.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/libavformat/oggparseflac.c b/libavformat/oggparseflac.c
index eef6e09927..557440d94b 100644
--- a/libavformat/oggparseflac.c
+++ b/libavformat/oggparseflac.c
@@ -40,7 +40,10 @@ flac_header (AVFormatContext * s, int idx)
if (os->buf[os->pstart] == 0xff)
return 0;
- init_get_bits(&gb, os->buf + os->pstart, os->psize*8);
+ ret = init_get_bits8(&gb, os->buf + os->pstart, os->psize);
+ if (ret < 0)
+ return ret;
+
skip_bits1(&gb); /* metadata_last */
mdt = get_bits(&gb, 7);
--
2.40.1
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [FFmpeg-devel] [PATCH] avformat/oggparseflac: check init_get_bits' result
2023-05-30 21:21 [FFmpeg-devel] [PATCH] avformat/oggparseflac: check init_get_bits' result Paul Arzelier
@ 2023-05-30 21:28 ` James Almer
0 siblings, 0 replies; 2+ messages in thread
From: James Almer @ 2023-05-30 21:28 UTC (permalink / raw)
To: ffmpeg-devel
On 5/30/2023 6:21 PM, Paul Arzelier wrote:
> From: Polochon-street <polochonstreet@gmx.fr>
>
> Check init_get_bits' result for NULL, to avoid dereferencing a NULL
> pointer later (CWE-476).
> Without this, a segfault happens when trying to decode a handcrafted
> ogg-flac file with an absurdly long (e.g. 268435455 bytes) ogg header.
>
> Thanks to jamrial for basically writing this patch after I reported the bug!
>
> Signed-off-by: Paul Arzelier <paul.arzelier@free.fr>
Applied.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-05-30 21:28 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-05-30 21:21 [FFmpeg-devel] [PATCH] avformat/oggparseflac: check init_get_bits' result Paul Arzelier
2023-05-30 21:28 ` James Almer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git