From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 6FAAF48964 for ; Thu, 20 Jun 2024 22:55:06 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3919D68D85E; Fri, 21 Jun 2024 01:55:04 +0300 (EEST) Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8F57968D7F3 for ; Fri, 21 Jun 2024 01:54:57 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 9CF78FF804 for ; Thu, 20 Jun 2024 22:54:56 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1718924096; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=UZRI4bRq/F4TS7N5aO1/ANQHGJsk5OAtv5zAdTca+do=; b=cZZwBdSilUgratR9QUH3Fjq74p0gXxv88qOAX/KP/5m5g/lAKRFGGDacaAzwDjr58RiaKU QLMHmPY6LrehVTAa2t1PtTpqSfKURA2BHnKd0a9PFlG68xSqzp8KX4OaguSOvHMNF+0WqT VuLnNPf8feZVukpbBLwgYeUMcMM1J9dzI7uaTuBtOoHoZ0eubwQFfa1KLNpWYKGj+Sz57c L1w9PlJNPc8Xz4WyFm1942hKSZMWun2LwCqZup9w9g4+/5da9Imwbj34VnmtvUSAw4J/6p gQ1dVfCWhlKIjSt7+MiukczKKF0t/CIUsM1KVGzYftqCgkgzwgdkKr0M6k2RnA== Date: Fri, 21 Jun 2024 00:54:55 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240620225455.GT4991@pb2> References: <20240616230831.912377-1-michael@niedermayer.cc> <20240616230831.912377-5-michael@niedermayer.cc> <148B64A1-B7B1-400D-B64B-C9FF8043CDEB@remlab.net> <5ccf7b59-2813-4b88-9170-cdecdd390b26@gmail.com> MIME-Version: 1.0 In-Reply-To: X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH 5/9] avformat/mov: Check extend and base offset X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============0571716889512593603==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============0571716889512593603== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="cUjMc5fB5G+GsIM6" Content-Disposition: inline --cUjMc5fB5G+GsIM6 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jun 19, 2024 at 03:08:58PM +0200, R=E9mi Denis-Courmont wrote: >=20 >=20 > Le 19 juin 2024 14:34:59 GMT+02:00, James Almer a =E9= crit=A0: > >On 6/18/2024 4:07 AM, R=E9mi Denis-Courmont wrote: > >>=20 > >>=20 > >> Le 17 juin 2024 01:08:27 GMT+02:00, Michael Niedermayer a =E9crit=A0: > >>> Fixes: signed integer overflow: 2314885530818453536 + 915131444281684= 7872 cannot be represented in type 'long' > >>> Fixes: 68359/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-657= 1950311800832 > >>>=20 > >>> Found-by: continuous fuzzing process https://github.com/google/oss-fu= zz/tree/master/projects/ffmpeg > >>> Signed-off-by: Michael Niedermayer > >>> --- > >>> libavformat/mov.c | 4 +++- > >>> 1 file changed, 3 insertions(+), 1 deletion(-) > >>>=20 > >>> diff --git a/libavformat/mov.c b/libavformat/mov.c > >>> index 9016cd5ad08..46cbce98040 100644 > >>> --- a/libavformat/mov.c > >>> +++ b/libavformat/mov.c > >>> @@ -8131,7 +8131,9 @@ static int mov_read_iloc(MOVContext *c, AVIOCon= text *pb, MOVAtom atom) > >>> } > >>> for (int j =3D 0; j < extent_count; j++) { > >>> if (rb_size(pb, &extent_offset, offset_size) < 0 || > >>> - rb_size(pb, &extent_length, length_size) < 0) > >>> + rb_size(pb, &extent_length, length_size) < 0 || > >>> + base_offset < 0 || extent_offset < 0 || > >>> + base_offset + (uint64_t)extent_offset > INT64_MAX) > >>=20 > >> Can we please stop with the bespoke arithmetic overflow checks and add= dedicated helpers instead, similar to what GCC and C23 have? > > > >You mean the __builtin_*_overflow() one? >=20 > I'd rather the ckd_*() stuff but the differences are mostly stylistic. Whatever is used must be supported by all currently supported platforms that especially also includes past releases we backport things to. In practice that means continuing to use the classical way to check as well as our av_sat_addXY() stuff. We cannot backport things that depend on C23 as that was not a requirement in the past. So I also cannot use this in bug fixes. thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The smallest minority on earth is the individual. Those who deny=20 individual rights cannot claim to be defenders of minorities. - Ayn Rand --cUjMc5fB5G+GsIM6 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZnSzOwAKCRBhHseHBAsP q94dAJ9Oz06OkxgwCjmieg0CI8ISFM4jQACglYXJL7gL6YMF+2ab29gaN5RGIzs= =I0ck -----END PGP SIGNATURE----- --cUjMc5fB5G+GsIM6-- --===============0571716889512593603== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============0571716889512593603==--