From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 206F047B53 for ; Tue, 3 Oct 2023 01:56:26 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 26E5968CAFB; Tue, 3 Oct 2023 04:56:23 +0300 (EEST) Received: from mail-yw1-f180.google.com (mail-yw1-f180.google.com [209.85.128.180]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id F01EB68CA2E for ; Tue, 3 Oct 2023 04:56:15 +0300 (EEST) Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-5a22eaafd72so5471057b3.3 for ; Mon, 02 Oct 2023 18:56:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1696298174; x=1696902974; darn=ffmpeg.org; h=content-transfer-encoding:in-reply-to:autocrypt:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=p2XxR4b91Z/3jGjFj6+wulTL13wFPY8YHWBeVYLHAqg=; b=XPlMjbsKwMsWLGIIIPYvpkDVJ4FaJpqnQA/0QoMot1lCK1qlXiT5xCUweece1FdSRk D6UFpYzj8BrAlW2IoZsCOOE14eO+NZjNohRRohobEabK3Lwe0v7c2gpkTdZ8JNRtJp1E xYkpLKobhMNrLbrUSE4FFEEUGVwE8mZXFO67tPUGpB2YmeqjqHqmaAkHW3y+n4+xsl+l bi7U7/NIME9E68cqsmd7bP8NFGUU5NsSvqTGZ2i5MrNraH7Fl51n2d9PVJoGdqiJT8N6 jLJbO7dak/kn77WfrosomfrL82DEUM/4AQI07znM7D7qKJNEB6RVBjBntG3LQMc0NwfW JzBg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696298174; x=1696902974; h=content-transfer-encoding:in-reply-to:autocrypt:from:references:to :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=p2XxR4b91Z/3jGjFj6+wulTL13wFPY8YHWBeVYLHAqg=; b=RzhDc6UzqhUPd/jpi3M9suOx2FVhISr8TvVq+0nV/ZKi4e1d5aBxAyIXJdEozcUcDb P+h8e24DaYtlMvY7K5OFjLMetXjN961oGow/04RiCt+Ly7xR4cS8ZcvlPz+ahQPSYjWS BJInE9cxA+dIM1P+OOQOjtYqY4W5jpPf3RsgLOiQi85a82kg+mLiU6ZFwQZ9w3+M3xA9 nrt+HZW38VHukDQfnWapICPB2p9z/hwkqTEzx0e94x46IBk5baY5mkFnshfxDy6B0EW8 K/q3ByvKWQTk7SCtP+fGsHA1f4VEjzsexMOGB+jdTB4w+kTIqIDjRj9rN3kfxtEsen0x 9HSg== X-Gm-Message-State: AOJu0YxY8gukuEulF3mnXHmfmn5EKxpNy0oBWICe0VRkh3qK2Y16lX9d PWujEvh08ileMJLRV6lmBh++/QHlVmM= X-Google-Smtp-Source: AGHT+IGidSIsqoJiWwOHRIA4xE7NCyxqJpoIQJtWonbgsKcuAKSUWS3i+CXPUf0GvhfDVZg7kdBDWw== X-Received: by 2002:a0d:d54f:0:b0:59b:be67:84cb with SMTP id x76-20020a0dd54f000000b0059bbe6784cbmr13323894ywd.26.1696298173898; Mon, 02 Oct 2023 18:56:13 -0700 (PDT) Received: from [192.168.0.10] (host197.190-225-105.telecom.net.ar. [190.225.105.197]) by smtp.gmail.com with ESMTPSA id e8-20020a17090301c800b001c60c8d6b4asm130289plh.149.2023.10.02.18.56.12 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 02 Oct 2023 18:56:13 -0700 (PDT) Message-ID: <49117bf5-d5d5-490e-bcde-1fad16e0d02b@gmail.com> Date: Mon, 2 Oct 2023 22:56:20 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20230905212547.00596410A28@natalya.videolan.org> <20231002222344.GC2105706@pb2> From: James Almer Autocrypt: addr=jamrial@gmail.com; keydata= xsBNBFjZtqABCADLW+vdEoZaJZDsIO6geYFTOcn1unsEHefj9zn+3oTHlDFFzO47mzHsSfbK 9JE2xpOJEVnC8FAF5Sayi/pVwV+mtQUV3n5dgVeVBYF9GUQwOGFCpK8X54RRqhkgknbunOEE 0CtgAJgmpFmmmHgq02GvEspx1h/rh4apqwQR6QX4Favb+x9+i9ytVpwVcBX94vo2toyP7h/K BWfadQmb8ltgE1kshfg+SQs/H5bTV5Z1DuEASf02ZL/1qYB/sdTgWPLv9XMUHHsRFmMY8TMx wJSkP+Af3AiYQPJYz1B1D4tt98T/NoiVdin10zATakPjV8hXaobuRmxgakkUASXudydDABEB AAHNH0phbWVzIEFsbWVyIDxqYW1yaWFsQGdtYWlsLmNvbT7CwJIEEwEIADwCGwMGCwkIBwMC BhUIAgkKCwQWAgMBAh4BAheAFiEEd1EujP2UoWlX5pp6FGMBrXN2WeAFAmJoLUUCGQEACgkQ FGMBrXN2WeAFVQf9GtGhniRs1PzNUOgJktCnv6j4BbLieaIPYPEFXKDHOgjqQE2zVMYXnoXl Jam928ii902a8OY06r9ywn/R8ApD1/3NY/v64O71CY9scz5XyH2au8wIZ6HwFy3/f7sqjdGD uctY8Qs7rjT7NkoC5lmgMu2v2k03dGtM9AAf5AK5gU+H0EUw7vmKKiXzUqt5kvBuf4CEwXvH AQT1SMJ52rIlDWB7FQFyZeUbOAK2IgY/KNedfK6nsgd/eQVnlofPd2XoddE7kP6iys7jJefw DD3g3rZyDTq7in5dyk5glaNpWZpbHGBs+9SCYLnfQ8XvWqPFOD+gj0plamKANgOvavKTxM7A TQRY2bagAQgA69YtILj8kYxmqPr/M8+MXT7wVoOWVW9lvSmPquCELaDy/NIS7D06VC5EuE/6 JlJXZMTn37NLlyWhzwOgXuXw5w2tyoQQBuvqGiXJijuXwXH7HKdzrc6rpYtAqt5w05hzNrFS KrS0izG64VpWrfproy3BsL+8TBm9brLhhNPynVRqVukbbGzlATTzNQGZ14TTi2/dL6DkMQnM qn4jX9UEe4GdGQBP50bUJSSmeiIkyNLWA+znuN2PZEz930ZwNrF9GtDVw7mzcmpCZ7spldE2 tutbpy9D1bIqxyqBrYDSezyzL2adR1qgHyOTMCHg2AYNkrIQHrSyJxKTpZ1/hqOp8wARAQAB wsBfBBgBAgAJBQJY2bagAhsMAAoJEBRjAa1zdlnghekH/0Yb0iYJ74oID2f/Fj+AJKS2ekQF P2xOr8lpGzgp/+yWUvPtqbX0A33anBJdYwxaAC0NataX3tfZ+oJkzXqfmqhIHMPYHdZesJA2 Bk9hU/33mDl5s5U66/z0uelWzwKVHoQ2O6or4+qF3HJFSJLCe9uvWJ3zXf9F342Ftj73sfx+ 3xkw/IXsN1RqbYqDlzpoEQ99SIEfY/8Jjwnd3sIPfqkuyeaYfe6GJDqKawdCEP1oRRlbXEAp TJgYz8r3nPhGv9cdHNDCk44ISbsqVuxIEnLqi4fTPZaGupiQhT+srl268TTAp2TQW7+6Ce/b NPQorMquzS/LZoyALpmsYi/miMc= In-Reply-To: <20231002222344.GC2105706@pb2> Subject: Re: [FFmpeg-devel] [FFmpeg-cvslog] avcodec/hcadec: support decoding with extradata provided in first packet X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 10/2/2023 7:23 PM, Michael Niedermayer wrote: > Hi > > On Tue, Sep 05, 2023 at 09:25:45PM +0000, Paul B Mahol wrote: >> ffmpeg | branch: master | Paul B Mahol | Tue Sep 5 23:14:58 2023 +0200| [d464a687c9dd03246795d62151809167e8381932] | committer: Paul B Mahol >> >> avcodec/hcadec: support decoding with extradata provided in first packet > > I cannot find this patch on the mailing list > > Also this adds null pointer writes > The init_hca() function which previously was only called once and failure > ended all further processing now is called optionally per frame and its > failure does not stop further processing so half initialized contexts > can be created by an attacker > > Note, this sort of stuff delays the release > > thx Does the following fix it? > diff --git a/libavcodec/hcadec.c b/libavcodec/hcadec.c > index 6f277afb96..4e30d553de 100644 > --- a/libavcodec/hcadec.c > +++ b/libavcodec/hcadec.c > @@ -65,6 +65,7 @@ typedef struct HCAContext { > uint8_t stereo_band_count; > uint8_t bands_per_hfr_group; > > + // Set during init() and freed on close(). Untouched on flush() > av_tx_fn tx_fn; > AVTXContext *tx_ctx; > AVFloatDSPContext *fdsp; > @@ -196,6 +197,13 @@ static inline unsigned ceil2(unsigned a, unsigned b) > return (b > 0) ? (a / b + ((a % b) ? 1 : 0)) : 0; > } > > +static av_cold void decode_flush(AVCodecContext *avctx) > +{ > + HCAContext *c = avctx->priv_data; > + > + memset(c, 0, offsetof(HCAContext, tx_fn)); > +} > + > static int init_hca(AVCodecContext *avctx, const uint8_t *extradata, > const int extradata_size) > { > @@ -205,6 +213,8 @@ static int init_hca(AVCodecContext *avctx, const uint8_t *extradata, > unsigned b, chunk; > int version, ret; > > + decode_flush(avctx); > + > if (extradata_size < 36) > return AVERROR_INVALIDDATA; > > @@ -340,6 +350,9 @@ static int init_hca(AVCodecContext *avctx, const uint8_t *extradata, > return AVERROR_INVALIDDATA; > } > > + // Done last to signal init() finished > + c->crc_table = av_crc_get_table(AV_CRC_16_ANSI); > + > return 0; > } > > @@ -350,7 +363,6 @@ static av_cold int decode_init(AVCodecContext *avctx) > int ret; > > avctx->sample_fmt = AV_SAMPLE_FMT_FLTP; > - c->crc_table = av_crc_get_table(AV_CRC_16_ANSI); > > if (avctx->ch_layout.nb_channels <= 0 || avctx->ch_layout.nb_channels > FF_ARRAY_ELEMS(c->ch)) > return AVERROR(EINVAL); > @@ -534,6 +546,9 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *frame, > } > } > > + if (!c->crc_table) > + return AVERROR_INVALIDDATA; > + > if (c->key || c->subkey) { > uint8_t *data, *cipher = c->cipher; > > @@ -602,6 +617,7 @@ const FFCodec ff_hca_decoder = { > .priv_data_size = sizeof(HCAContext), > .init = decode_init, > FF_CODEC_DECODE_CB(decode_frame), > + .flush = decode_flush, > .close = decode_close, > .p.capabilities = AV_CODEC_CAP_DR1, > .caps_internal = FF_CODEC_CAP_INIT_CLEANUP, _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".