From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 9F4404FA79 for ; Tue, 24 Jun 2025 21:29:20 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id CC49468D077; Wed, 25 Jun 2025 00:29:16 +0300 (EEST) Received: from mslow3.mail.gandi.net (mslow3.mail.gandi.net [217.70.178.249]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id CC81068CE3F for ; Wed, 25 Jun 2025 00:29:09 +0300 (EEST) Received: from relay16.mail.gandi.net (relay16.mail.gandi.net [IPv6:2001:4b98:dc4:8::236]) by mslow3.mail.gandi.net (Postfix) with ESMTP id 655905851A8 for ; Tue, 24 Jun 2025 21:19:13 +0000 (UTC) Received: by mail.gandi.net (Postfix) with ESMTPSA id 7396C44A5E for ; Tue, 24 Jun 2025 21:19:07 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1750799947; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=C13zo+gOclSZLUtB5b9IbpuBekYcpACblhHidzJQZH8=; b=IGpVzFLiSAe9vMQqNpjxJFpP8OcnnouEoGw/2Tm7SMS9t4cBs6+TPvLE91YwgRlRMe2PDF BohLq3RKUxO2Z9EhRKbbPQ3AK1/cuTXfIL/eK88/W5P3ubbcPM62233OQ97hLHp/5lcRlq bjygncZuJ9vNuwiwX6T7ONBMX6qy/wcnKlNXxgTOxbKyjVF1PnGk3dd/nHD1btNix4DL1c RRUNnpTK406JhIDTA5J8L04f/ENpXluDPo77EHZGguC73tKxqOWr3l6mStJNn7YYgHJsza KrRhH7gpDCkSCxa3dFrXGcEekJ5plt/0ccdl9AHpKZSiu74DhpxTLY6inLRZ1w== Date: Tue, 24 Jun 2025 23:19:06 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20250624211906.GW29660@pb2> References: <20250621211521.895204-1-michael@niedermayer.cc> <05b7f838-3271-4646-a5f6-4cc92a28e799@gmail.com> MIME-Version: 1.0 In-Reply-To: <05b7f838-3271-4646-a5f6-4cc92a28e799@gmail.com> X-GND-State: clean X-GND-Score: -85 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtddvgddvtdelhecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfitefpfffkpdcuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnegfrhhlucfvnfffucdludehmdenucfjughrpeffhffvuffkfhggtggujgesghdtreertddtvdenucfhrhhomhepofhitghhrggvlhcupfhivgguvghrmhgrhigvrhcuoehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgeqnecuggftrfgrthhtvghrnheptefggedvffeiueffvefhiedtgfefjedukeefgeetgeevgeejgeekvdevjeelveeknecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepgedurdeiiedrieejrdduudefnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepgedurdeiiedrieejrdduudefpdhhvghloheplhhotggrlhhhohhsthdpmhgrihhlfhhrohhmpehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgdpnhgspghrtghpthhtohepuddprhgtphhtthhopehffhhmphgvghdquggvvhgvlhesfhhfmhhpvghgrdhorhhg Subject: Re: [FFmpeg-devel] [PATCH 1/5] avformat/mov: Check that sample_count is allocated in mov_parse_heif_items() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============0111997182252176850==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============0111997182252176850== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="rYPo6k92BFzh3ng2" Content-Disposition: inline --rYPo6k92BFzh3ng2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jun 23, 2025 at 11:43:04AM -0300, James Almer wrote: > On 6/21/2025 6:15 PM, Michael Niedermayer wrote: > > Fixes: NULL pointer dereference > > Fixes: 416811958/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5= 425269114732544 > >=20 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz= /tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer > > --- > > libavformat/mov.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > >=20 > > diff --git a/libavformat/mov.c b/libavformat/mov.c > > index 8a094b1ea0a..6e9e3498fb5 100644 > > --- a/libavformat/mov.c > > +++ b/libavformat/mov.c > > @@ -10336,7 +10336,7 @@ static int mov_parse_heif_items(AVFormatContext= *s) > > st->codecpar->height =3D item->height; > > err =3D sanity_checks(s, sc, item->item_id); > > - if (err) > > + if (err || !sc->sample_count) > > return AVERROR_INVALIDDATA; > > sc->sample_sizes[0] =3D item->extent_length; >=20 > LGTM will apply thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB He who knows, does not speak. He who speaks, does not know. -- Lao Tsu --rYPo6k92BFzh3ng2 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaFsWPQAKCRBhHseHBAsP q7EuAJ0a/TCBV5cQ/NpgnzX9ZWjhUhc8UACeMAzmotK3EKCpiB/m87MglKlEK8s= =rjpH -----END PGP SIGNATURE----- --rYPo6k92BFzh3ng2-- --===============0111997182252176850== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============0111997182252176850==--