From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 80D0445E71 for ; Thu, 13 Apr 2023 14:14:46 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1D56568B963; Thu, 13 Apr 2023 17:14:43 +0300 (EEST) Received: from mail-oa1-f54.google.com (mail-oa1-f54.google.com [209.85.160.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 832BA68A5E1 for ; Thu, 13 Apr 2023 17:14:36 +0300 (EEST) Received: by mail-oa1-f54.google.com with SMTP id 586e51a60fabf-1878504c22aso4469348fac.8 for ; Thu, 13 Apr 2023 07:14:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681395274; x=1683987274; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=jc/JwfOOQOJcvfNTirUzuYCDKwBL3Qgf+f9IoDclozc=; b=bdgxp1vk/5EeX/huD3Js4mRxkXdbn1HxBY9UjEAtIED9Cpi5k+eWEodW7Jx9anNzzU ek1KntVnx66trhhz96KOKh1iENy2i0SN4ZGdxLCqX9r1RV18tI1slHFgqQ/LKcJrCjgJ OFik65yNj4lElB2qyKyKHUsPN5fG/1EeS/Iuz6Bq7lSKc4ADf4yCza1VV1+cTGKxKn5q 6tJQMe9Dc5S0WrG14zICUxXdGDil8uFkUIGL+/HhJXTUYZyLkaiu3elF1oRUoI8MIGuM dv8INS6IhGGdjlqxhUSqz6vsO/a6DXPNO4ZpVo7cE0XCPNEy6t1TZ9ReiggsfCjtB/9C jsGA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681395274; x=1683987274; h=content-transfer-encoding:in-reply-to:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=jc/JwfOOQOJcvfNTirUzuYCDKwBL3Qgf+f9IoDclozc=; b=KawJCu7jtp1BitsmHF2Qbzw2VxhNyLLOeygcAMZ6YAdYAYVje7v0K+P65KfzVXuVIo KlJoknfwu5c9uBZ55s21eHvMa1rwuEQAuKz94pzj8wHV3hzQ8wmXHVf26yKarXlwPrnS ZdwhJBbVMU6SSdSs9BzI9171pC7CLS36ZeAhj7pixSCY/L+LOPqIjekBgrcUC5Ahefuq Th2XiLE5YfaosNNf5c8XFGt4gm4PaS1Wckw5K1MAy9cSFhY/2R4uygihajqAT5sS6MSw lGQOkR4QYOmKzSyUMUvdg3FbGGEfJq5UMwYGzOUuzAochDNew/fwaUEJaHcpX8BxGgSu j+0A== X-Gm-Message-State: AAQBX9cs/hbaZHvfRvwjEFI9zqNDeFKNZ0bir7AyJMOfOgrdu29/GO7j ogxyXlTTUT9oNvmFbXhPvUaNy/lE76I= X-Google-Smtp-Source: AKy350YXCpBJ9ODVjJyOHOtabCEOxr92m9URna8xtLTP5rrpDVUdgGLwOlkEgvovYnY3VcXXoA6IDw== X-Received: by 2002:a05:6871:812:b0:178:fe16:4e6c with SMTP id q18-20020a056871081200b00178fe164e6cmr1762982oap.50.1681395274507; Thu, 13 Apr 2023 07:14:34 -0700 (PDT) Received: from [192.168.0.15] (host197.190-225-105.telecom.net.ar. [190.225.105.197]) by smtp.gmail.com with ESMTPSA id o126-20020a4a2c84000000b00541fb2ddcc2sm638563ooo.11.2023.04.13.07.14.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 13 Apr 2023 07:14:34 -0700 (PDT) Message-ID: <26cc8e9a-5561-7cf3-50bb-f85c3f428c60@gmail.com> Date: Thu, 13 Apr 2023 11:14:33 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20230413135954.26658-1-anton@khirnov.net> From: James Almer In-Reply-To: <20230413135954.26658-1-anton@khirnov.net> Subject: Re: [FFmpeg-devel] [PATCH] fftools/ffmpeg: avoid possible invalid reads with short -tag values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 4/13/2023 10:59 AM, Anton Khirnov wrote: > Fixes #10319. > --- > fftools/ffmpeg_demux.c | 8 ++++++-- > fftools/ffmpeg_mux_init.c | 7 +++++-- > 2 files changed, 11 insertions(+), 4 deletions(-) > > diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c > index b9849d1669..d89e28b9f6 100644 > --- a/fftools/ffmpeg_demux.c > +++ b/fftools/ffmpeg_demux.c > @@ -736,8 +736,12 @@ static void add_input_streams(const OptionsContext *o, Demuxer *d) > MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, ic, st); > if (codec_tag) { > uint32_t tag = strtol(codec_tag, &next, 0); > - if (*next) > - tag = AV_RL32(codec_tag); > + if (*next) { > + uint8_t buf[4] = { 0 }; > + memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag))); > + tag = AV_RL32(buf); > + } > + > st->codecpar->codec_tag = tag; > } > > diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c > index 62e5643a04..aab423464c 100644 > --- a/fftools/ffmpeg_mux_init.c > +++ b/fftools/ffmpeg_mux_init.c > @@ -610,8 +610,11 @@ static OutputStream *new_output_stream(Muxer *mux, const OptionsContext *o, > MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, oc, st); > if (codec_tag) { > uint32_t tag = strtol(codec_tag, &next, 0); > - if (*next) > - tag = AV_RL32(codec_tag); > + if (*next) { > + uint8_t buf[4] = { 0 }; > + memcpy(buf, codec_tag, FFMIN(sizeof(buf), strlen(codec_tag))); > + tag = AV_RL32(buf); > + } > ost->st->codecpar->codec_tag = tag; > if (ost->enc_ctx) > ost->enc_ctx->codec_tag = tag; LGTM. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".