From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 5E29646884 for ; Thu, 22 Jun 2023 19:30:11 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 29C6E68C205; Thu, 22 Jun 2023 22:29:46 +0300 (EEST) Received: from mail-ot1-f52.google.com (mail-ot1-f52.google.com [209.85.210.52]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4E55568BB90 for ; Thu, 22 Jun 2023 22:29:39 +0300 (EEST) Received: by mail-ot1-f52.google.com with SMTP id 46e09a7af769-6b5915d0816so3280109a34.1 for ; Thu, 22 Jun 2023 12:29:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1687462177; x=1690054177; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jqMX5WWrGRrc8K0G+ADSqZgbp9W7fgrNdH+RFEH8rWs=; b=JJVZ+Sgp5ZuKkkE0V6+LqGUDPglFNBILNxgxMvjcSA7XPdNpXxZe/ih88hGqIxr9hx HVEgPctQxELZjK5IzMGaxJq7rJuuX/jVaJOLm08p/t/sk+dUKJZM6+A9TXafm2MweEEv AHk5reHW8RMF55fQoWK/ctydRS8eFVJzXkz0ladHOyy8YiCob5PmBnU1gMu/W64fBONp oNc66Bzdq4f8M0VaAO5lRs/iGDmnagcyOIECENzXNFx3NnD41ZyZYyYlFrxzAQCrO3Yj euGOqzENdyvLoBZYinLorlHd4S5ZHvi7OFwt8+Q2Hn3VtGIhZS1ZSiete3+IlvJtyb2y RFqA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1687462177; x=1690054177; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jqMX5WWrGRrc8K0G+ADSqZgbp9W7fgrNdH+RFEH8rWs=; b=PCSkFrU1aIP2OfcQwu4XYwVKLKrfypyrQr5GBMuBHfxZFMhGCmLU/TnPpW8e6PfVio JZODgXiuUAmS75w4jQAngvar1kX/zhK35xSmpt3U5Kfe/ZE/TKT0uisqzv4FZ1YDn7Eh 7twPZ244K3LmYbZ/u8mDPuwQYzn/xeSEFwmEvaVegDEJUCQKM160cVdBnfjZCuatfvR6 NIyeRYOe2KKtSXNlaKTl9tBjzkd+TsDFeT1+sxmQ42t8bDhL1AXj9e+LJunIbMRfLkOw BJi52+dSmYgz3V+tLLhL49TKS4E5HobuV2MKsOB8Een7m8ZOXtHy6h3wliQE9r6mOU5H A9Dw== X-Gm-Message-State: AC+VfDxKLO7+M1U91ktFI7aAyVEIliBVcYmJMx+t7h9klwVvY7r8fcEB pKpgI83baABaomSyqpx1f7QNrMFD3+U= X-Google-Smtp-Source: ACHHUZ5wBfw4WFB/AU+KkFRR7oCQ3O97oqqmxTrmeYEkYKq8vLGV4SNCJOeOwUzW/8R0MBksZUc+Kg== X-Received: by 2002:a9d:6a4a:0:b0:6b5:ee8c:ea4c with SMTP id h10-20020a9d6a4a000000b006b5ee8cea4cmr3464320otn.22.1687462177450; Thu, 22 Jun 2023 12:29:37 -0700 (PDT) Received: from localhost.localdomain (host197.190-225-105.telecom.net.ar. [190.225.105.197]) by smtp.gmail.com with ESMTPSA id w17-20020a9d6391000000b006ac75cff491sm3124631otk.3.2023.06.22.12.29.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Jun 2023 12:29:37 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Thu, 22 Jun 2023 16:29:17 -0300 Message-ID: <20230622192918.3638-4-jamrial@gmail.com> X-Mailer: git-send-email 2.41.0 In-Reply-To: <20230622192918.3638-1-jamrial@gmail.com> References: <20230622192918.3638-1-jamrial@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 4/5] avformat/evc: add range checks to evcc_parse_sps and return proper error codes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Signed-off-by: James Almer --- libavformat/evc.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/libavformat/evc.c b/libavformat/evc.c index 9d0fe8d84c..1803069a7d 100644 --- a/libavformat/evc.c +++ b/libavformat/evc.c @@ -88,17 +88,19 @@ static int evcc_parse_sps(const uint8_t *bs, int bs_size, EVCDecoderConfiguratio { GetBitContext gb; unsigned sps_seq_parameter_set_id; + int ret; bs += EVC_NALU_HEADER_SIZE; bs_size -= EVC_NALU_HEADER_SIZE; - if (init_get_bits8(&gb, bs, bs_size) < 0) - return 0; + ret = init_get_bits8(&gb, bs, bs_size); + if (ret < 0) + return ret; sps_seq_parameter_set_id = get_ue_golomb_31(&gb); if (sps_seq_parameter_set_id >= EVC_MAX_SPS_COUNT) - return 0; + return AVERROR_INVALIDDATA; // the Baseline profile is indicated by profile_idc eqal to 0 // the Main profile is indicated by profile_idc eqal to 1 @@ -114,12 +116,17 @@ static int evcc_parse_sps(const uint8_t *bs, int bs_size, EVCDecoderConfiguratio // 2 - 4:2:2 // 3 - 4:4:4 evcc->chroma_format_idc = get_ue_golomb_31(&gb); + if (sps_seq_parameter_set_id > 3) + return AVERROR_INVALIDDATA; evcc->pic_width_in_luma_samples = get_ue_golomb_long(&gb); evcc->pic_height_in_luma_samples = get_ue_golomb_long(&gb); evcc->bit_depth_luma_minus8 = get_ue_golomb_31(&gb); evcc->bit_depth_chroma_minus8 = get_ue_golomb_31(&gb); + // EVCDecoderConfigurationRecord can't store values > 7. Limit it to bit depth 14. + if (evcc->bit_depth_luma_minus8 > 6 || evcc->bit_depth_chroma_minus8 > 6) + return AVERROR_INVALIDDATA; return 0; } -- 2.41.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".