From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 2EE3C45994
	for <ffmpegdev@gitmailbox.com>; Tue, 30 May 2023 21:28:07 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3374068BFDD;
	Wed, 31 May 2023 00:28:05 +0300 (EEST)
Received: from mail-oi1-f180.google.com (mail-oi1-f180.google.com
 [209.85.167.180])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 0D75168BE95
 for <ffmpeg-devel@ffmpeg.org>; Wed, 31 May 2023 00:27:59 +0300 (EEST)
Received: by mail-oi1-f180.google.com with SMTP id
 5614622812f47-38e3228d120so3180118b6e.3
 for <ffmpeg-devel@ffmpeg.org>; Tue, 30 May 2023 14:27:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20221208; t=1685482077; x=1688074077;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id:from
 :to:cc:subject:date:message-id:reply-to;
 bh=mN5/BrxJSbVVrZhXPdqYkiC7lzFY1wc7qhuXATiEyQM=;
 b=rDkpRdr4+rhnwwY2LFShnEE0KguxJlVUFwmJUzUyI3RJ0FQoAvakD+u9vm81mzBNsu
 EO65mXnKQY8OXYq0S395TLCf4bkmENuPTS64HskaEfD/ZUIFpUkAkUpF8d02Nv1hGwne
 s021mneXz9OzdJxin68YqZ7YQjtpRNVfgsZb/T3wfmxIlGtwXaXc5ySZgc/Ue/hUSg0I
 JN+fKilhqyIz5gMGw4bz+J197kL8uGPBbH11LRwoQY8fDgYMLi0/QJzbCYJFynmaqY8x
 vIpvdUwDKmW6XyByttQM5Nva9FrKU4XWu09N3fDD+4YBEeSkpW0kKQebpR2Bug7pje09
 8G1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20221208; t=1685482077; x=1688074077;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=mN5/BrxJSbVVrZhXPdqYkiC7lzFY1wc7qhuXATiEyQM=;
 b=d5yEaMhFhne4Lwrm8+TfnTplj2paJpwcWIVpSGcBy2yGb8QR6rUD19+MTqzyDDatEu
 yiQBLNZgUehkQtuadAhkNFqPJLeD7LwoqJccWnJiJOnN3czjTT1jferrEM7VNUjo9M4Z
 o7TcI1rLceSnYW6MLcdmagz3dUHv/hHvO6UZy6XbQ+ejBKTUnOfajF8aRlwSwhRRgOmW
 rqnnzVTk9VhnxUHpcEbquBCzoB3eyMm5SE6eWUsnZWblo0P09p1dwM4UIB/4yDqFiytB
 6tGUsh0RcfAWog38S7mS+3PaRTvxfreVe7MO0pBenu9kx5dmvspMoej68xhyWhyIAAbx
 fskg==
X-Gm-Message-State: AC+VfDyPsEvtfFjOgEJ35mTTVVRvnZnkIpckVlNAGlBVeWOhYgm+NoSo
 eLjc8+cNXp/6bYdLRYIrOGqZB6LftRA=
X-Google-Smtp-Source: ACHHUZ6aqDX3piZsjqBpk/9SpM3wW6ZMODJhTZkePvES5NbY/n0AIg+U9r/MGSmDN7BzyGx9iTPQkw==
X-Received: by 2002:a05:6808:90c:b0:398:1047:9e3a with SMTP id
 w12-20020a056808090c00b0039810479e3amr1837402oih.25.1685482076882; 
 Tue, 30 May 2023 14:27:56 -0700 (PDT)
Received: from [192.168.0.12] (host197.190-225-105.telecom.net.ar.
 [190.225.105.197]) by smtp.gmail.com with ESMTPSA id
 w16-20020a056808091000b003907c4bc505sm5935102oih.11.2023.05.30.14.27.55
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Tue, 30 May 2023 14:27:56 -0700 (PDT)
Message-ID: <3384a0cd-772a-9d9b-1ce7-e28fa956eab6@gmail.com>
Date: Tue, 30 May 2023 18:28:32 -0300
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.2
To: ffmpeg-devel@ffmpeg.org
References: <20230530212136.1368389-1-paul.arzelier@free.fr>
Content-Language: en-US
From: James Almer <jamrial@gmail.com>
In-Reply-To: <20230530212136.1368389-1-paul.arzelier@free.fr>
Subject: Re: [FFmpeg-devel] [PATCH] avformat/oggparseflac: check
 init_get_bits' result
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/3384a0cd-772a-9d9b-1ce7-e28fa956eab6@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On 5/30/2023 6:21 PM, Paul Arzelier wrote:
> From: Polochon-street <polochonstreet@gmx.fr>
> 
> Check init_get_bits' result for NULL, to avoid dereferencing a NULL
> pointer later (CWE-476).
> Without this, a segfault happens when trying to decode a handcrafted
> ogg-flac file with an absurdly long (e.g. 268435455 bytes) ogg header.
> 
> Thanks to jamrial for basically writing this patch after I reported the bug!
> 
> Signed-off-by: Paul Arzelier <paul.arzelier@free.fr>

Applied.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".