From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id C95844E9D5 for ; Sat, 10 May 2025 15:51:36 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8054968C9FF; Sat, 10 May 2025 18:51:32 +0300 (EEST) Received: from mail-vs1-f50.google.com (mail-vs1-f50.google.com [209.85.217.50]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B08BD68C9FF for ; Sat, 10 May 2025 18:51:25 +0300 (EEST) Received: by mail-vs1-f50.google.com with SMTP id ada2fe7eead31-4ddbb0fc1e7so823581137.2 for ; Sat, 10 May 2025 08:51:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1746892283; x=1747497083; darn=ffmpeg.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=D8tX6VisMu7ftjF/O9Z6qvwhEpL6xFWJBabpDe0ijCE=; b=ODtppahp61mp9LfJQkYDPqjRDQh/zLb8F75Z/3jzy2P0/jBn/jBK/AXHDtLXqWglXf Xpaiw+bmHzYCx4QLEoCXf1tuWSqK0P9NbfPiGWiaMGtSccgjHEBdIDgg4OysOeeOmY+e Vz4QPe6KuEX8YFsdfDZTBvoIht/XeGf/9CqzqUL9Z2cAnYzrrIBVy+lL97RE9Z1YmPjs En5wzwEIigAdKqigdaeTUYhPU7ZvRgKz6bJSZSLyRp43nIRM7c88Wf6skXlvQYNFj/Su oB5otfz7St0pAerfHeMYxdxH5BwrSrgkGo8j1E+smpcNPfpu7ok704E4dkWhRRHkVias zdZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1746892283; x=1747497083; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=D8tX6VisMu7ftjF/O9Z6qvwhEpL6xFWJBabpDe0ijCE=; b=kcxXeZOyXOb8zShXZA0Y0NhPv4Mv1VdGQFm41r/bItrHmcrsCOJSPHb0jQ+dmSaX+h i4lbqj8TiIa6qNRYOkwRXWcKxzt2bRjk8cAUoNHcvLvRSId61dxTlNvQF7gLLZCV/PZb JhwDIoK+Re3dMSrprbsa8A/vfSy9LQ3PhPapMMVCW2kjsbNWjKH7q4o0p915keGU8JEq l37clOfvQX7LTkhgI1KeK4xtFLBsTJ222RTBqeDfftFi0HwPp2ejM4qD1Vl6CiytYsb7 kdiSJDPQmvVTX2bgubznmnONscbaRilRzxJfjzoTiTj1ghuPDXtQDIzrD/tP6SroSPYx CU7w== X-Gm-Message-State: AOJu0Yxh+00PsvH/tDkC/Y7Mr8YbTzFojEf6nAxYlQ7x+MmNVIikqoc3 luv5VzhtM5VPr7WZX44o0iKs0dimVMRVqOe4pTlpVhh2wfCqi53P7jcdBQ== X-Gm-Gg: ASbGncvwK/FeX/ErpXyOOMdzKAbbf7UKaVxVenzXkVVAPU2BCbOlAC47IGCw4jQlDJF 3mI/cT6XFLiUzksvD7LNNi1tAVp58jIrmgw2okIfvEdkuBMNjyx6Q6e8GfIfxlWZaB2BHBZNHS0 W6SaVNk/dZwKIbGkUceHzp8XJe1thbBSaPuwkHd5Gc4qDCLqtahWs79T9GaoVa1AV2QyelQTNz0 vuz3BG9tG2+tIyDOYCZRBSJ7DyRiTEHMH244ZBPbC15UGP0UyUQlxn/52RvC8XJHqCIjBP7FwOH qCIq3Q0+rcZj565kKBItlTIAzG4DiilXfhGt1lvrZtGhz+vP6F3dZaHQRLybcq21GOxGreqyRbp H+Y2l X-Google-Smtp-Source: AGHT+IF8G09Cjjq8iaXjlHiRL7OW7XQI2mnLoksv/qKHpW7LveJEIL0jZYsd6txsLZP/emVoPyeZKQ== X-Received: by 2002:a05:6102:4bc4:b0:4cb:5d6c:9943 with SMTP id ada2fe7eead31-4deed367a63mr6741838137.12.1746892282949; Sat, 10 May 2025 08:51:22 -0700 (PDT) Received: from localhost.localdomain ([2800:2121:b000:82e:c80b:118b:b0b8:8dfa]) by smtp.gmail.com with ESMTPSA id a1e0cc1a2514c-879f6298361sm2742737241.32.2025.05.10.08.51.21 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 10 May 2025 08:51:22 -0700 (PDT) From: James Almer To: ffmpeg-devel@ffmpeg.org Date: Sat, 10 May 2025 12:51:09 -0300 Message-ID: <20250510155109.1358-1-jamrial@gmail.com> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH] avformat/iamf_parse: increase PutBytes buffer when writing AAC extradata X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: We may write up to 43 bits, so 5 bytes is not enough. Fixes: Assertion n>=0 && n<=32 failed at ./libavcodec/get_bits.h:406 Fixes: 398527871/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6602025714647040 Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg Signed-off-by: James Almer --- libavformat/iamf_parse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c index abedfdb066..14b69855c9 100644 --- a/libavformat/iamf_parse.c +++ b/libavformat/iamf_parse.c @@ -285,7 +285,7 @@ static int update_extradata(AVCodecParameters *codecpar) AV_WL16A(codecpar->extradata + 16, AV_RB16A(codecpar->extradata + 16)); // Byte swap Output Gain break; case AV_CODEC_ID_AAC: { - uint8_t buf[5]; + uint8_t buf[6]; init_put_bits(&pb, buf, sizeof(buf)); ret = init_get_bits8(&gb, codecpar->extradata, codecpar->extradata_size); -- 2.49.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".