From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 112064AB6D for ; Mon, 13 May 2024 23:30:30 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 08CEF68D63C; Tue, 14 May 2024 02:30:28 +0300 (EEST) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 539D968D410 for ; Tue, 14 May 2024 02:30:21 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 685A2E0002 for ; Mon, 13 May 2024 23:30:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1715643020; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=AAsV0T/gAyZQ5d/Tn2Ln0VoEpO6QXCxaaSeiYMy6EF4=; b=KoJQrNEg/G5gZ1t+rrDAtfCv5NK3+m33pMwlsLFushMA2U57L/0Ao5A7ldK88mCnEC62oY 7RxNZWSZFoS2y5DHqCSNChZwM3Xvr64aSORMMXdy4N6cDL5kLDQ/xlP/uKATRAnFyXiQBV KoZZHR1RSE+bzfxsDrNODmiNyZ12mXvyiGiEE06eW8LOBZOpuxeh9DQAuk6s8k1x3k29GS kkZm8DJY8TRZ98wfAvXFDLi1/eXl9s89DwX+j8+algWsDsmVkQQRJrD7nBk3zUPUeKcSPW 7fWHb02FvTkNQjx5c1aMaq28XDBb4DjN+Qfcg+R0p9VxCw9x/C1D1jHrt/8a5A== Date: Tue, 14 May 2024 01:30:19 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240513233019.GK6420@pb2> References: <20240504235200.2875183-1-michael@niedermayer.cc> MIME-Version: 1.0 In-Reply-To: X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH 1/2] avcodec/flac_parser: Assert that we do not overrun the link_penalty array X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============3583134304331752729==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============3583134304331752729== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="npf2WH0pb5UBLCTO" Content-Disposition: inline --npf2WH0pb5UBLCTO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, May 13, 2024 at 10:45:16PM +0200, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: CID1454676 Out-of-bounds read > >=20 > > Sponsored-by: Sovereign Tech Fund > > Signed-off-by: Michael Niedermayer > > --- > > libavcodec/flac_parser.c | 2 ++ > > 1 file changed, 2 insertions(+) > >=20 > > diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c > > index 47904d515a6..d9c47801f83 100644 > > --- a/libavcodec/flac_parser.c > > +++ b/libavcodec/flac_parser.c > > @@ -518,6 +518,8 @@ static int check_header_mismatch(FLACParseContext = *fpc, > > for (i =3D 0; i < FLAC_MAX_SEQUENTIAL_HEADERS && curr !=3D chi= ld; i++) > > curr =3D curr->next; > > =20 > > + av_assert0(i < FLAC_MAX_SEQUENTIAL_HEADERS); > > + > > if (header->link_penalty[i] < FLAC_HEADER_CRC_FAIL_PENALTY || > > header->link_penalty[i] =3D=3D FLAC_HEADER_NOT_PENALIZED_Y= ET) { > > FLACHeaderMarker *start, *end; >=20 > If this is only supposed to mark an issue as invalid for the sanitizer, > why are you adding an av_assert0 instead of av_assert1 here The flac parser code is complex and confusing me a bit If i would write av_assert1() then i would be saying that iam 100% sure this is true and i certainly do not feel that confident. Thats why its av_assert0 and also why i have neither marked this in coverity a false positive nor a = bug. I was hoping posting this to the mailing list would result in either someone confirming it to be correct or telling me that iam an idiot and that this is wrong. And it seemed remi agreed that the change is correct so i intended to push it but iam happy to wait if you or someone else wants to take a look thx > (and in > other patches)? >=20 > - Andreas >=20 > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel >=20 > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >=20 --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB During times of universal deceit, telling the truth becomes a revolutionary act. -- George Orwell --npf2WH0pb5UBLCTO Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZkKiiAAKCRBhHseHBAsP q4XwAJ4m8zv6yhLjaxCe228Dwk+KL54sKACcCw6wMEvcgn8niRrRjwuTm+YQO0w= =Vz19 -----END PGP SIGNATURE----- --npf2WH0pb5UBLCTO-- --===============3583134304331752729== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============3583134304331752729==--