From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 10D404C030 for ; Mon, 28 Jul 2025 17:29:05 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 5224168CA41; Mon, 28 Jul 2025 20:29:02 +0300 (EEST) Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id F0D1C68BF28 for ; Mon, 28 Jul 2025 20:28:54 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 4E31B43A28 for ; Mon, 28 Jul 2025 17:28:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1753723734; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=APV2ne1s2pfx3FLVeWZjcjbI6uUu8dWWLxqxmY6lLcs=; b=jYC4BzG+JyrZVEg346S7860H5D0lTyimvJ2FkElX14KbX36z5z2+TRbBPWIDX6CG6nZbv0 7HZqHBoIcmWy432+g+m1S0x5BC187BIVP+oUANVw7cSXBlQ82c/mPF/Owbtc8smUKnmq5o KWY4kSMyhlU1OPLU97IuE0nSw/IhF22R1pqtLMe6VNiDX+L9o3N9OIvup5GfUhZrfKihem W5Y0/7F46PbSEaO/vlzF8HGaoYCwZB/nrDutawYwbly6ktDJhwYlvWL/T9fzOiwcdvkOuf anLYB/L6+K5u3IpDZx8EJu5umydvJ0l6oemuUDu8qtQE0NsyyFkrDVdIza6Icg== Date: Mon, 28 Jul 2025 19:28:52 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20250728172852.GI29660@pb2> References: <20250619030432.2977718-1-michael@niedermayer.cc> <20250619030432.2977718-3-michael@niedermayer.cc> MIME-Version: 1.0 In-Reply-To: X-GND-State: clean X-GND-Score: -85 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeeffedrtdefgdelvdejjecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfitefpfffkpdcuggftfghnshhusghstghrihgsvgenuceurghilhhouhhtmecufedtudenucesvcftvggtihhpihgvnhhtshculddquddttddmnegfrhhlucfvnfffucdludehmdenucfjughrpeffhffvuffkfhggtggujgesghdtreertddtjeenucfhrhhomhepofhitghhrggvlhcupfhivgguvghrmhgrhigvrhcuoehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgeqnecuggftrfgrthhtvghrnhepfeetffetheehtdevjeffleelteefjeeugeeiheekhfefudehkedtkedufeeuveelnecuffhomhgrihhnpehgihhthhhusgdrtghomhenucfkphepgedurdeiiedrieehrddujeeinecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepgedurdeiiedrieehrddujeeipdhhvghloheplhhotggrlhhhohhsthdpmhgrihhlfhhrohhmpehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgdpnhgspghrtghpthhtohepuddprhgtphhtthhopehffhhmphgvghdquggvvhgvlhesfhhfmhhpvghgrdhorhhg X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH 3/4] avcodec/sanm: Check w, h for subversion < 2 X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============3568743443476698512==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============3568743443476698512== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="I7q66dcNqvSNxiH/" Content-Disposition: inline --I7q66dcNqvSNxiH/ Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Jul 03, 2025 at 10:32:35PM +0200, Manuel Lauss wrote: > Servus Michael, >=20 > On Thu, Jun 19, 2025 at 5:05=E2=80=AFAM Michael Niedermayer > wrote: > > > > Fixes: 410609432/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_SANM= _fuzzer-4935159201988608 > > Fixes: out of array access > > > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz= /tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer > > --- > > libavcodec/sanm.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c > > index 642ef02bff2..02bb78859a8 100644 > > --- a/libavcodec/sanm.c > > +++ b/libavcodec/sanm.c > > @@ -1670,6 +1670,8 @@ static int process_frame_obj(SANMVideoContext *ct= x, GetByteContext *gb) > > /* Rebel Assault 1: 384x242 internal size */ > > xres =3D 384; > > yres =3D 242; > > + if (w > xres || h > yres) > > + return AVERROR_INVALIDDATA; > > ctx->have_dimensions =3D 1; > > } else if (codec =3D=3D 37 || codec =3D=3D 47 || codec =3D=3D = 48) { > > /* these codecs work on full frames, trust their dimension= s */ >=20 > This is OK, it does not impact "legitimate" Videos. will apply thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB He who knows, does not speak. He who speaks, does not know. -- Lao Tsu --I7q66dcNqvSNxiH/ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaIezVAAKCRBhHseHBAsP q2m4AJ4jx6vyDzq5vyUSj94+1Xu5Y1arswCeLiSuj+AtjVZwENBWh6MnSTd8K/I= =eijG -----END PGP SIGNATURE----- --I7q66dcNqvSNxiH/-- --===============3568743443476698512== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============3568743443476698512==--