From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 200BD4294B for ; Mon, 10 Jan 2022 09:17:51 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3514A68AEFF; Mon, 10 Jan 2022 11:17:49 +0200 (EET) Received: from EUR02-HE1-obe.outbound.protection.outlook.com (mail-oln040092068086.outbound.protection.outlook.com [40.92.68.86]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7217D68819D for ; Mon, 10 Jan 2022 11:17:43 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RD691josJWr6sth5MnovqPLQ8JJFVTkXi9DVxcOuT7BVfVkfG3Xmt8E9ZuE2k3he2e8gHF2/ROW7Iot2dlL4pfCNNOCbyzsZSHBw4p3on+ChqwsHt4LMcc6bVDbXFY3ZDyYmUnBwmjs03dNz1oY6kk3fdCpSkv9XNvEdiGBcmmkeUb+V+UxnW9lBesH0HTgGueL4mLIqRdXpG1BSRVN2ZKlB8eyCm9ctRsx5VAwmmvnUieWhf4u/nzwUuhzYVognOExNfdy48TMiVUUUts+BzSGDScpklazJx8vXmH/MHsgePmuYBo0IDq0O70ZWnh39IoiE2qjTYrgWW6SmquU/rg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ADM+TVe/uvzZFLevnOUk0F7/gxmTGujdBK3oJdENj8M=; b=ivatvyaJm7N09A1FN2ICzSleZPzSCoc8asHEWfwGJGfnw02+iXd+W2xO9tosgY7mWYp5wqeU3+gLUUvxshZncKgXggGJPULbgoK3Fwi4oYlgoNP6yuOA2FBiQGEXIFNhOGSqJRobS5TTUaON2TACeJgjAXbch5IKKb3Phq1ZlINe1yP+EFP1NCiZQfe0V+c/dl4Bb7RsATQF3pOnXAIXPzU3dLiWVID/iz6Gr4HbBFu8D/m9Rv0fSNlwLduy+WWlmW4dGfGqmdd5TfXZP5MtrotIcCsFcuAjN3v/OwmAhgRuiADbJGMxI8tSbGXpA65qUrrq21oXlhoI1mS6MGzKvQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ADM+TVe/uvzZFLevnOUk0F7/gxmTGujdBK3oJdENj8M=; b=GlIrHJlBw9XZ7PQPRqVSSg/uf9tV+O3Pj95kKxlHlU59wEb5yDwnQDFgkVxA/COVCE6iSi/edWfeotP2nmqNOMF0RwXKhhY2LeyUNkuMmTi3mAlF/cni0wfMQKnIPBNhxWle0Uu3coE4p7j31V/lLv8a4XyZd/uzf+Gnr6eiKDUTkJSqQPHcagR1Nh8/pkc0Hn0wc10CS4GYc8q3X7HJQo8RhYapSMrnBlEZufcgMOfAafAS7/voOqAxuguOdczqRm9utmeyMMIz3po+dahKobfCY9+ndf8mLEIzmIqJqaSbv9Vq4qVVC1bUbGCUvIJOAfR9v9Pb127OlbmlKuGSSQ== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by AM6PR03MB4296.eurprd03.prod.outlook.com (2603:10a6:20b:3::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.11; Mon, 10 Jan 2022 09:17:42 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::19fc:be9f:2c9c:53f5]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::19fc:be9f:2c9c:53f5%9]) with mapi id 15.20.4867.012; Mon, 10 Jan 2022 09:17:42 +0000 Message-ID: Date: Mon, 10 Jan 2022 10:17:39 +0100 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20220107165111.9929-1-michael@niedermayer.cc> From: Andreas Rheinhardt In-Reply-To: <20220107165111.9929-1-michael@niedermayer.cc> X-TMN: [/JgDmCHpi9t+GOm+vj53K/XwkyBgauFi] X-ClientProxiedBy: AM3PR04CA0145.eurprd04.prod.outlook.com (2603:10a6:207::29) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 1e7bd183-439d-48d9-7a24-08d9d41a0de9 X-MS-TrafficTypeDiagnostic: AM6PR03MB4296:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: /+229mWzrVSt03qg7m3qzL0FUNAQG26JWYNRdms/4ABk8j6JDe0zsHmmpLkBzHMicAZLUQveIQ8oNgdbTiaFOe8/o80VzWkyzsotCZcmja456LyHY4y13e/97GMnsKfPnSR8Va2I1RC8cwVDmZXYvQGYp1UyhSHE8ltukLIBQfDGCO+zJU+v/HOWTaq8LnANsz49fYe2YEL59lvv7UfgZ/WBOsVukt2c9Y3AyCIlt7lYarV/LIXMifK+6lPhizN8iIEDJpmy9mrXEZ+yOHnVxREZPrc7X+Vi6EYQnRnVOyiZ68B9TovipJ4MP6jXbsjG7BAueNtz1efhf3v/jdE8Lodyi417O1AlUbyWvkGgP5PPYwtBfXsybjKhe23dgAQ/uEVMaQGAuxIqUP+z7kF3/pBVb7Zjw4Iz1li/T7KoXMKSs2nmoh1K4+AXUiUP8v/FK+k2QcIhskaxFKCes8SDdl6t+EHD6uHNmOl1GoW+qAw7+v6NYkhcrCmTordzGQS+XNuDE5KiyHR8rzNLFw5qveSoDlAkZbE9LVq/47r6+Qs7Ssh7+mFbbP1GX3R6CO3L4QlBAtcSp3/TpXtaOnELwVHjqfoc5TIS78NAIc03mu9lLYYAFJjod8DGhvyLRIRH X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZFJYVHBjLzFmalVRME5yRVFtT3pYZ0xUOE1rcDFNaXVncVRQVjd4OWpBM0pQ?= =?utf-8?B?UmVHeGFYSmhjZzRHK0g4S0NHZFVBSUNZbkNobGMxcHVyYWRYN21yOVg4MSsr?= =?utf-8?B?NE9hcWl0cVI1QXYzRDluT0c4YWd2by9ZVnRwRUFtVy8rV3FDMFRmZ0hrTzBa?= =?utf-8?B?dHZ2ZmI3YXhWVi9vVE9vZVl3Z09qNk13NHpKYk54V0ZFTit6UWkveEIvMlFy?= =?utf-8?B?MTNEMG9HMlU4emM2K0hwSFJLZVFKWjNyME1ZQUo1anIxRkpYNmt5bjcrOG5k?= =?utf-8?B?TGpwa2RRMGg2Y2dncWJpeFJveFcxVzcxSjZVVG1vMm1DaSs5V1NZdHFzWDF5?= =?utf-8?B?VUtsTHF2RGMzQlZkbjI3VVE2cFBXbHZQMnNORlJiWWtwZ1R2UGM3NXYwV09T?= =?utf-8?B?cUVOMVdBa1F3c0R0K2o2QUtna3RhdktOR3V1cUVNcmRtSW90VVJlS2NCR1dS?= =?utf-8?B?MHV5U1pha0NOM3ZBdGVqeGY0ZUZ4VkRjQXBDeEE0YkI1TU93UlNNKzNOZkY3?= =?utf-8?B?U2U3KzJPMHUzeWZsU21XOUNya1Zod3l2VXhXRnNhZks5VzgzZmZLZGFxZkh3?= =?utf-8?B?eURJWGR1TmxBbFcwMFc0UktkMG1zUnVqYXB6RUI5Qmp2ZmxCS0l2SVZxRlM4?= =?utf-8?B?cnM2aUVFRVVYcmkvL1JXSnlMUEFzb3VhcnZOSFJYelV3VHVXQWswM3A0T2xR?= =?utf-8?B?U3VBbm5GWU1LRnkrVnpFcnpFVXJoL2ZyRDBXOTVhVUJHVmh3ZE9IZm9EK29L?= =?utf-8?B?MUhBekVKMG5wUDlCMDYxSE9vUFByZ0hIWCtEbWFlVWZtajBuVTJBdXJEMlZP?= =?utf-8?B?OGkvSmNzby9GSWovTDNscTAzcmJ2SEtqeERwS01Wb0dLUk9pWkNJQ2RBaHlC?= =?utf-8?B?b3NiT0ZtdmFPUUFheU8ycE5tdmFweTRVbGJBZVhocmRUVktoaXhRU3p2MmlL?= =?utf-8?B?OXhCQkdudFVSanhXR0VPenQ2NHBZMTJrcEpBMzg4L1Bmd1BKT3dPUXJ6d1Vk?= =?utf-8?B?bVVlcU5Ib2plM1pZS3JoNTQ5WkE1Wnc4NDlkM1cxRHdYMGppaHc1TkZIT01j?= =?utf-8?B?RkZnNWJnZHh5TWRLRmlBeUE4TmlYQ1JaYTJWNEVWSDF4M2FwRnZwRnJMRjFv?= =?utf-8?B?VGdrR1k0ZjVTc3U1VmdQbWI3emwwY3l3d3d4R0JBYm5DUWhWQWpLMzhXb3cx?= =?utf-8?B?dzlORys4R1YyMHZlVUM0MWY3V0pKMUhuV1psL1BEVW92UHhoTkVyUVVPbGNh?= =?utf-8?B?VjArUDdtbG5YQUN6TDZKY1BNaktFdFVaTDBVWER6ODY5QWw1UT09?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 1e7bd183-439d-48d9-7a24-08d9d41a0de9 X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2022 09:17:42.1497 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR03MB4296 Subject: Re: [FFmpeg-devel] [PATCH] avformat/rawvideodec: check packet size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: division by zero > Fixes: integer overflow > Fixes: 43347/clusterfuzz-testcase-minimized-ffmpeg_dem_V210X_fuzzer-5846911637127168 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavformat/rawvideodec.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/libavformat/rawvideodec.c b/libavformat/rawvideodec.c > index 68547fc50ff..387c4ba80f5 100644 > --- a/libavformat/rawvideodec.c > +++ b/libavformat/rawvideodec.c > @@ -42,6 +42,7 @@ static int rawvideo_read_header(AVFormatContext *ctx) > enum AVPixelFormat pix_fmt; > AVStream *st; > int packet_size; > + int ret; > > st = avformat_new_stream(ctx, NULL); > if (!st) > @@ -62,6 +63,10 @@ static int rawvideo_read_header(AVFormatContext *ctx) > > avpriv_set_pts_info(st, 64, s->framerate.den, s->framerate.num); > > + ret = av_image_check_size(s->width, s->height, 0, ctx); Looking at av_image_check_size() this seems to ensure that 8 * width *height fits in an int. So this should indeed fix all the overflows. > + if (ret < 0) > + return ret; > + > st->codecpar->width = s->width; > st->codecpar->height = s->height; > > @@ -100,6 +105,8 @@ static int rawvideo_read_header(AVFormatContext *ctx) > if (packet_size < 0) > return packet_size; > } > + if (packet_size == 0) > + return AVERROR(EINVAL); > > st->codecpar->format = pix_fmt; > ctx->packet_size = packet_size; > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".