From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 137074B8FC
	for <ffmpegdev@gitmailbox.com>; Tue, 18 Jun 2024 21:42:39 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8766368D653;
	Wed, 19 Jun 2024 00:42:37 +0300 (EEST)
Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net
 [217.70.183.200])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 097EE68D109
 for <ffmpeg-devel@ffmpeg.org>; Wed, 19 Jun 2024 00:42:30 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 4056120003
 for <ffmpeg-devel@ffmpeg.org>; Tue, 18 Jun 2024 21:42:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1718746950;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=4M5WTdU6telJKFTA+qtNgCQ6XfmxYphwA/uFZqVX4cQ=;
 b=JagVSUMtrXHyMt9IGHjneaC/L4oSFFhIo3EBRYavFWMwK3AAPncxmZUAdNRnjVRZCgM/PB
 W3b0WJkWwKsJKdL5cmrIBbZhVU34oI6O+ofCm7Lh9Y2UXgxVrCJO2JPfFFOYnzOwGx0OXl
 claFyHUIZYCDYYH/K8rb61j9Qhbo2a+m8aFLTsv/l72n2dyf2AOxTdU66VXZhva39iqkLU
 WsJXXcg7zBRg2KQeI0MbOvL1vwWo526gvPZwKzyisjkUAbZLA6eBbxUMhD6OiPGSgN2wL5
 Ip46LiuWsLFJ4ODN8vo2FCu0DTR6GqEC93jokP7MazEBgD0sbfSBYf6xkVlTbw==
Date: Tue, 18 Jun 2024 23:42:29 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20240618214229.GJ4991@pb2>
References: <20240618004901.4835-1-jamrial@gmail.com>
MIME-Version: 1.0
In-Reply-To: <20240618004901.4835-1-jamrial@gmail.com>
X-GND-Sasl: michael@niedermayer.cc
Subject: Re: [FFmpeg-devel] [PATCH] avformat/iamf_parse: add missing padding
 to AAC extradata
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============3929228004841702385=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20240618214229.GJ4991@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============3929228004841702385==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="5me2qT3T17SWzdxI"
Content-Disposition: inline


--5me2qT3T17SWzdxI
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jun 17, 2024 at 09:49:01PM -0300, James Almer wrote:
> Fixes: out of array access
> Fixes: 68863/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-483354=
6039525376
>=20
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/t=
ree/master/projects/ffmpeg
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
>  libavformat/iamf_parse.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>=20
> diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c
> index 312090b247..ff1b6cc75b 100644
> --- a/libavformat/iamf_parse.c
> +++ b/libavformat/iamf_parse.c
> @@ -92,13 +92,16 @@ static int aac_decoder_config(IAMFCodecConfig *codec_=
config,
>      if (left <=3D 0)
>          return AVERROR_INVALIDDATA;
> =20
> -    codec_config->extradata =3D av_malloc(left);
> +    // We pad extradata here because avpriv_mpeg4audio_get_config2() nee=
ds it.
> +    codec_config->extradata =3D av_malloc(left + AV_INPUT_BUFFER_PADDING=
_SIZE);

can this overflow ?

except that, it fixes the testcase

thx

[...]
--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Modern terrorism, a quick summary: Need oil, start war with country that
has oil, kill hundread thousand in war. Let country fall into chaos,
be surprised about raise of fundamantalists. Drop more bombs, kill more
people, be surprised about them taking revenge and drop even more bombs
and strip your own citizens of their rights and freedoms. to be continued

--5me2qT3T17SWzdxI
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZnH/QgAKCRBhHseHBAsP
q4ufAJ9dmIgD9lpGbE9tyEX3FKF271thZwCfUMjBXYVcdD+Dr/4TKmndrRDTHa4=
=baPK
-----END PGP SIGNATURE-----

--5me2qT3T17SWzdxI--

--===============3929228004841702385==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============3929228004841702385==--