From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 2CCF747D46
	for <ffmpegdev@gitmailbox.com>; Thu, 19 Oct 2023 17:18:14 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0927B68CAFF;
	Thu, 19 Oct 2023 20:18:12 +0300 (EEST)
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 84F9B68C5F4
 for <ffmpeg-devel@ffmpeg.org>; Thu, 19 Oct 2023 20:18:05 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id B8F6224000A
 for <ffmpeg-devel@ffmpeg.org>; Thu, 19 Oct 2023 17:18:04 +0000 (UTC)
Date: Thu, 19 Oct 2023 19:18:03 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20231019171803.GK3543730@pb2>
References: <20231018004935.18309-1-michael@niedermayer.cc>
 <c329b10bbaa67b7836831f8a21291a2975c14020.camel@haerdin.se>
MIME-Version: 1.0
In-Reply-To: <c329b10bbaa67b7836831f8a21291a2975c14020.camel@haerdin.se>
X-GND-Sasl: michael@niedermayer.cc
Subject: Re: [FFmpeg-devel] [PATCH 1/2] avformat/mxfdec: Check klv offset
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============6585799323768014194=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20231019171803.GK3543730@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============6585799323768014194==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="CYq3B77pNPYNKPVX"
Content-Disposition: inline


--CYq3B77pNPYNKPVX
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Oct 18, 2023 at 08:29:16PM +0200, Tomas H=E4rdin wrote:
> ons 2023-10-18 klockan 02:49 +0200 skrev Michael Niedermayer:
> > Fixes: Assertion klv_offset >=3D mxf->run_in failed at
> > libavformat/mxfdec.c:736
> > Fixes: 62936/clusterfuzz-testcase-minimized-ffmpeg_dem_MXF_fuzzer-
> > 5778404366221312.fuzz
> >=20
> > Found-by: continuous fuzzing process
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> > =A0libavformat/mxfdec.c | 13 ++++++++-----
> > =A01 file changed, 8 insertions(+), 5 deletions(-)
> >=20
> > diff --git a/libavformat/mxfdec.c b/libavformat/mxfdec.c
> > index 68939091e6..f2ec508b72 100644
> > --- a/libavformat/mxfdec.c
> > +++ b/libavformat/mxfdec.c
> > @@ -458,12 +458,15 @@ static int mxf_read_sync(AVIOContext *pb, const
> > uint8_t *key, unsigned size)
> > =A0=A0=A0=A0 return i =3D=3D size;
> > =A0}
> > =A0
> > -static int klv_read_packet(KLVPacket *klv, AVIOContext *pb)
> > +static int klv_read_packet(MXFContext *mxf, KLVPacket *klv,
> > AVIOContext *pb)
> > =A0{
> > =A0=A0=A0=A0 int64_t length, pos;
> > =A0=A0=A0=A0 if (!mxf_read_sync(pb, mxf_klv_key, 4))
> > =A0=A0=A0=A0=A0=A0=A0=A0 return AVERROR_INVALIDDATA;
> > =A0=A0=A0=A0 klv->offset =3D avio_tell(pb) - 4;
> > +=A0=A0=A0 if (klv->offset <=A0 mxf->run_in)
>=20
> One stray space in there which of course can be fixed when pushing
>=20
> Looks OK

will apply with this change

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Modern terrorism, a quick summary: Need oil, start war with country that
has oil, kill hundread thousand in war. Let country fall into chaos,
be surprised about raise of fundamantalists. Drop more bombs, kill more
people, be surprised about them taking revenge and drop even more bombs
and strip your own citizens of their rights and freedoms. to be continued

--CYq3B77pNPYNKPVX
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZTFkvAAKCRBhHseHBAsP
q4aDAJ93NSvYaYE6AtQ/ScUdaspjo/ZQPgCfZXhO++nOlmEURwXBIVnsjEWX12I=
=h6Lc
-----END PGP SIGNATURE-----

--CYq3B77pNPYNKPVX--

--===============6585799323768014194==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============6585799323768014194==--