From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 3F0D74654A
	for <ffmpegdev@gitmailbox.com>; Tue, 20 Jun 2023 14:41:18 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4B1A068C18D;
	Tue, 20 Jun 2023 17:40:55 +0300 (EEST)
Received: from mail-ot1-f46.google.com (mail-ot1-f46.google.com
 [209.85.210.46])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D45B568C157
 for <ffmpeg-devel@ffmpeg.org>; Tue, 20 Jun 2023 17:40:48 +0300 (EEST)
Received: by mail-ot1-f46.google.com with SMTP id
 46e09a7af769-6b469507e4bso2267497a34.3
 for <ffmpeg-devel@ffmpeg.org>; Tue, 20 Jun 2023 07:40:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1687272047; x=1689864047;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
 :reply-to; bh=VGHl8+k1zq24F+Z0GiHQCLKGG1c4+KoXC+bj7d5ruUc=;
 b=okgVYu1tGxZGfZhzsWgDl18EFxBlFC5FL17VOcIdZaVbRo3a60TktwkhKppenwfUQZ
 AzSYEimnU4H/JuF97ebzFSAUJE1cxTxpL/tnS7glaqFRwuBvtx92WIXzKL8poBoHjD4A
 QlHOHAjGkMoDQxvAB43gLmef6oiIxP1HJCgbjqfwjAYbh9EM0fTihulf53tiWJZ9ofT/
 FOY1ZSrOn53Xug4OnDA0iEgbMg+hjWuCQ18KbVp//31l7ncLQtZaC380DE5wA0o6CuXO
 vFNGulPbmMf+CuLRoAzNmaw7nNK5H6HVklh4UUq/B15Om15fBlHEG0Oem+vB/Mc7aPCu
 +EGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1687272047; x=1689864047;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=VGHl8+k1zq24F+Z0GiHQCLKGG1c4+KoXC+bj7d5ruUc=;
 b=cHDOWwKf8peTkIHFSZxU4ZPa0tdnISnpPg32MzuYAORVYLvZ7jltxR6DBNOs6/SM9e
 YQopIjCxllzzBx1MVGZ4y93oIaFoIg6JaKhq6RVe0zlwWEGpxlx3gYvMw39cYSTPKbwO
 trGGrm220J6/Nnq7R+MvdfdkRxnj3bpwDJhmmYjxi3Tv05WBmna3Agp/uEOigO8hpBYb
 7tK/rnPippUROQpoV2E4CdcpCb5ctc0bjUOX+XciDbKlXoEwNxeGsBaQDb0kz9nUP6W5
 O9qZF1fPy4oa7epUWCGn9Bqj9apwhpBaV8Z3W6f6OGYlxbpeioX66NVohHMkRpOarABa
 8zNA==
X-Gm-Message-State: AC+VfDzIaKRYiumnoL9BdI/DFluEAxQjnAyqyTqmCfBRO9OIJTprweHk
 QZ8UWGnWKnP/fr3pEL7Z5KytsjKxAcQ=
X-Google-Smtp-Source: ACHHUZ43zyYjFkMA0g95vD40wA/WWSS/IRb1KSAmmDMw1Xn+nhjKWcD7TYcCschup+sa5A9Kg0ICIw==
X-Received: by 2002:a05:6870:9554:b0:19f:8566:c210 with SMTP id
 v20-20020a056870955400b0019f8566c210mr7291105oal.37.1687272047114; 
 Tue, 20 Jun 2023 07:40:47 -0700 (PDT)
Received: from localhost.localdomain (host197.190-225-105.telecom.net.ar.
 [190.225.105.197]) by smtp.gmail.com with ESMTPSA id
 nl13-20020a056871458d00b001a69e7efd13sm1417838oab.5.2023.06.20.07.40.46
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 20 Jun 2023 07:40:46 -0700 (PDT)
From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Tue, 20 Jun 2023 11:40:37 -0300
Message-ID: <20230620144042.9629-4-jamrial@gmail.com>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <20230620144042.9629-1-jamrial@gmail.com>
References: <20230620144042.9629-1-jamrial@gmail.com>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 4/9] avformat/evcdec: use an unsigned type
 for nalu_size
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20230620144042.9629-4-jamrial@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

But ensure the value returned by evc_read_nal_unit_length() fits in an int.
Should prevent integer overflows later in the code.

Signed-off-by: James Almer <jamrial@gmail.com>
---
 libavformat/evcdec.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/evcdec.c b/libavformat/evcdec.c
index 842258d229..ef743028ae 100644
--- a/libavformat/evcdec.c
+++ b/libavformat/evcdec.c
@@ -181,7 +181,7 @@ fail:
 static int evc_read_packet(AVFormatContext *s, AVPacket *pkt)
 {
     int ret;
-    int32_t nalu_size;
+    uint32_t nalu_size;
     int au_end_found = 0;
     EVCDemuxContext *const c = s->priv_data;
 
@@ -200,7 +200,7 @@ static int evc_read_packet(AVFormatContext *s, AVPacket *pkt)
             return ret;
 
         nalu_size = read_nal_unit_length((const uint8_t *)&buf, EVC_NALU_LENGTH_PREFIX_SIZE);
-        if (nalu_size <= 0)
+        if (!nalu_size || nalu_size > INT_MAX)
             return AVERROR_INVALIDDATA;
 
         avio_seek(s->pb, -EVC_NALU_LENGTH_PREFIX_SIZE, SEEK_CUR);
-- 
2.41.0

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".