From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 32E164C414
	for <ffmpegdev@gitmailbox.com>; Fri, 26 Jul 2024 22:11:04 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0D3DD68D634;
	Sat, 27 Jul 2024 01:11:02 +0300 (EEST)
Received: from mail-pf1-f172.google.com (mail-pf1-f172.google.com
 [209.85.210.172])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8CE5A68D0BD
 for <ffmpeg-devel@ffmpeg.org>; Sat, 27 Jul 2024 01:10:56 +0300 (EEST)
Received: by mail-pf1-f172.google.com with SMTP id
 d2e1a72fcca58-70d333d5890so1314840b3a.0
 for <ffmpeg-devel@ffmpeg.org>; Fri, 26 Jul 2024 15:10:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1722031854; x=1722636654; darn=ffmpeg.org;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id:from
 :to:cc:subject:date:message-id:reply-to;
 bh=eAaZN6R2JxO1vNr5rTABDcKnjJ2h8P8f7auMLeTaz9U=;
 b=ARmZ+nxdq0++BYGw3MLWmN3TBDVfK3ahWJgyOEFZYvrbTSYuiI4btaa4PWauQY77L5
 QBh4aSlmJwXtJn9ddjpWRdtdyWYb3ohLbipONueM7AMmrJQx3+o2jrJP6NdM7w6BAdCl
 vbyioqaYOwDJa9b7U26URGvzc2sQWpppI2WUl72o0dw+RXfmjSHTnV8E0fsTvW/cPEm7
 IhuQPw3WJ4LosT0/gxZ85WvmcBRp4E6/T3bcZkz8I2nDrDoI0+YWmRdjGwno6JHoWVle
 Y7yofxgLu0NKMmtNPR0AGxX5cql8jxH3VsIaY/RWwW5eGKRwMFrFZugPXtH8K+Y/QrPX
 NXFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722031854; x=1722636654;
 h=content-transfer-encoding:in-reply-to:from:content-language
 :references:to:subject:user-agent:mime-version:date:message-id
 :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
 bh=eAaZN6R2JxO1vNr5rTABDcKnjJ2h8P8f7auMLeTaz9U=;
 b=PxMPjGxfSLgteEhrk43tY+OJdiHO+GxQ7eRlKzPHLSb3Hc1jm0Ba2hSjhD4T8nN2Vh
 Lhq/+Dmw+DpKXjRZjG2tfDH/pfaadI0bgl0N5qUcAEVjDgi1k3fAsqnX7+k1f+NqqzOB
 863XC3d+AEWKOyA+jWbZ0UEpTNnP6O9sr1Kc89hGUHzn2UEwqe+5bjyAnyIjYEPFlYDw
 yGxGoxj5mhHD+eWmhYGMonjGU+4f2Nz+z9IKoblJL8UnhbL1qsRxD1T4SUxkJBdz/WeW
 mnAyDIfVc7VuudKmArrOx3jvozqUdkUGVpyexSk57GQLBtAkQZ0UNX955O8gpYvl2Lmi
 u+lA==
X-Gm-Message-State: AOJu0YzZqp1+KuXyXeMstvl0fZF9RAW2bOjunLzqPokgODUCMnZa2KRs
 yBmHvp1HFXmVPIjfo6gpRm1+OSQ9vDhMMZdXKYVjNkNDEdWALYkxpUUIZA==
X-Google-Smtp-Source: AGHT+IGn20uu/zECcDA+Gmr2if20Z+H+pGEOnw78elbuPNNa+jzdR0ip5aKK3lUoG0vL5xAE7eZTTA==
X-Received: by 2002:a05:6a20:a121:b0:1c0:bf35:ef61 with SMTP id
 adf61e73a8af0-1c4a117805fmr1243681637.2.1722031853490; 
 Fri, 26 Jul 2024 15:10:53 -0700 (PDT)
Received: from [192.168.0.12] ([190.194.167.233])
 by smtp.gmail.com with ESMTPSA id
 41be03b00d2f7-7a9f817da8bsm3270438a12.27.2024.07.26.15.10.52
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 26 Jul 2024 15:10:52 -0700 (PDT)
Message-ID: <6c07cd82-77c0-43cb-a9bc-8f123226c059@gmail.com>
Date: Fri, 26 Jul 2024 19:11:30 -0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: ffmpeg-devel@ffmpeg.org
References: <20240726210832.288597-1-michael@niedermayer.cc>
Content-Language: en-US
From: James Almer <jamrial@gmail.com>
In-Reply-To: <20240726210832.288597-1-michael@niedermayer.cc>
Subject: Re: [FFmpeg-devel] [PATCH 1/3] avformat/mov: Check sample_sizes
 before using it
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/6c07cd82-77c0-43cb-a9bc-8f123226c059@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On 7/26/2024 6:08 PM, Michael Niedermayer wrote:
> Fixes: NULL pointer dereference
> Fixes: 70569/clusterfuzz-testcase-minimized-ffmpeg_dem_MOV_fuzzer-5247918563459072
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>   libavformat/mov.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/libavformat/mov.c b/libavformat/mov.c
> index b74e43e2140..63db7d59a58 100644
> --- a/libavformat/mov.c
> +++ b/libavformat/mov.c
> @@ -10060,6 +10060,10 @@ static int mov_read_header(AVFormatContext *s)
>   
>               st = item->st;
>               sc = st->priv_data;
> +
> +            if (!sc->sample_sizes || !sc->sample_count)
> +                return AVERROR_INVALIDDATA;

Deja vu. Didn't you send something like this before?

Also, can i get the sample? As with other issues, we shouldn't reach 
this point if these were not allocated.

> +
>               st->codecpar->width  = item->width;
>               st->codecpar->height = item->height;
>   
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".