From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 28ECC403F0 for ; Mon, 20 Dec 2021 19:57:30 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id ABBDD68AFFA; Mon, 20 Dec 2021 21:57:28 +0200 (EET) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-oln040092075050.outbound.protection.outlook.com [40.92.75.50]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 492C668AF6E for ; Mon, 20 Dec 2021 21:57:22 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=nzJED3ZO9XAwtROTqWAyAElbS8PQ1mS0tTeiQXI7whvtkxvv3d7TXv9rQAgI/Iq2iqC6PgQvYoGaut7FjjhJ4q9r0EyByyIQYdCOmZC69ztMuhcwp+vY09ePqN4DkQ1GACqtBjhK7hvj5ZsyXs0fvtqYZ4DfNeDDPI8hoBd4izCgbCWk4fPifJKsXoK5e1rrKebXzmfitBgbJ78UcWvK3hAY3xFiYjqXK4Kc44owF8vzs16Tdkrx7zlMT35btFMdUK7O2slXzU14hKDSXOYW2eKuPz2xqbicztLSSk3PLsrTkkhN/hxF1o+U7mIlMxqQEF4Y2UF0k9IUPMwYDi5QMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=RTXDHxGWSLPARlEqO3uo8U7fLK+4GzKsA6T03InNgqw=; b=PwD7dTo4h1GSUtes+jg005LbwvZRknsMazCWWoD9yfigzxsHuRugRZwmlN8KMpujWPhxe94nwSsbV4Tt+N8p7DEZ8kWRNTwf2//Cjvfp7dP3P9R97dFOybHbL9Nxzyxj/IQDvvTLM1196ibePKP3RsdfMKSEt68iR3eNiO9dPePo97a3IEfPtwHiXNG6lxELTzwES2H/TjmWYtbKkRPiQoAZNQuCxWXhao5Pca6QGFL5AIKCL1JGgpzZ+yZU2e33t4c04jNUvwRt7TsWpxfc5c4PXgbkqKzoT5OvqN00Brms+yboaraLrdCL+SSVWNEr9vLXUvVNFcHKpKJf3O/L+g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=RTXDHxGWSLPARlEqO3uo8U7fLK+4GzKsA6T03InNgqw=; b=KwsSAyiYmgTqHfeQpDnBW+QD3pBWE73Sb7qIP6FAUYNJMiD8oem9Bu7C4IQtTr++DBoYrHHf+KKgngXT1MpgQ/mYppa/S9tVdloO9SVc61ixhPA7DgJks/znGjxB076GxEWwXGB4CtYfaJMvTuEwgxH4KzmgiS3fc54dPaX4Wl5mqBJNaXyixS9/64WwyczMfiXYGEgGXdbNF4fWNg6mpHTWLh3kuyYJMuhBLCI2evTS5c2bYiDbHkfahCmpvuqGV+l40Ft06Twul5t0fSJrb0C73xQg4WAkMNNJVQSbdSLRUtqhrhgd6hyVfRXh8A7jnKuAtT4DxRSYfWKa/Y6EwQ== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by AS8PR03MB6695.eurprd03.prod.outlook.com (2603:10a6:20b:29e::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4801.17; Mon, 20 Dec 2021 19:57:21 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::f0dc:92f5:6bc2:45ca]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::f0dc:92f5:6bc2:45ca%6]) with mapi id 15.20.4801.020; Mon, 20 Dec 2021 19:57:20 +0000 Message-ID: Date: Mon, 20 Dec 2021 20:57:20 +0100 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20211220195310.5633-1-ffmpeg@gyani.pro> From: Andreas Rheinhardt In-Reply-To: <20211220195310.5633-1-ffmpeg@gyani.pro> X-TMN: [VSq8t2AN5daXtch02SLKlP3JQCj7oQcS] X-ClientProxiedBy: AM0PR03CA0052.eurprd03.prod.outlook.com (2603:10a6:208::29) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <2265feaa-7d9c-b783-ee89-d35819a9032d@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: cae80ffd-426b-4f6c-b0cd-08d9c3f2eeea X-MS-TrafficTypeDiagnostic: AS8PR03MB6695:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: n3WUGulZRjWZdep3stME7l6j1wo9oyfW8weWyWMlfr9eTaQ3i51GS3Zrku58MvWIZ7KJftVGfATs+M7xFwXi+vRQB0rinpchU2Qt43v8V1KGsOvSndfZnE14cC9CWYrOG7ED0E5snUWfZJ+jJ5YwtN1ycLv67mDEtGbVae7AOYNO111LQXlVb6t0Te5xlh/wAisJYG5RSBeqSKTWPkwMobzur6+ixgnb6pPQRN7gj1221LkSJTeOdoyFNAmOjYTMXvI4RrVZmjzdcqY/USflVO3r93fooY4bDrt5QULhshJMiWoxSgd404+9kZprYagpE1Omkfj08vwEiTWZg0EiSvqks0NBYjv6Qj2aeTEazRE+O0+aUEfVvl2Z3Vm7A7mFFb/UcnQy/UnzvSk+FsqY93Q7BQn1CBML7wBRGSiBQUtnwEOL9r+f0rC1Al8ZR3z8tiFfBPrtNRsfvdIRRHN1dtEQO7notJafvX/7tQfaEcG9bXsBw1it0GKOYzz8RXwv9kTgJvfBIXB+58h6xB3wyynvQpS93dIO88F1bSHFCXyPiUzDcBt1JmUIfN692Lp5siq4q7ybsmyQCfUwxRTAzg== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?MXoxUDZOQUk0NHNUQzFlRGFKTVZ2VDBvT0xJM0IvenBnWGtxN2RVNk41VjdF?= =?utf-8?B?TTNIbklCZW5yb21ZMDFZOEFucXV3cGJSWEwrWWI2bXQ0YXNQcjZ6YURLekFQ?= =?utf-8?B?NUMrYURGV3pqZW9lekhpTENHdFRJMXdFby9ObTFQRFNMeHEwUzQ4N1F4WUVL?= =?utf-8?B?ZWhWRUVIN3krRVhZNThhamphbGhOT2p3MElxSHhYbHd0ekltdGFvUk5SQ1lj?= =?utf-8?B?NEN6blVVVVRyeFFPMm5XR3FLVk90Umc0cHM4WXd1dDNwdXZGdFlxVkl4K2d0?= =?utf-8?B?K0kxYUhva052U3hoMGVmZlFreHJub282YlpLV2FSbUZURCtNMEc4aTIxd1J1?= =?utf-8?B?OXd6T1dzU1FiTjdwa3lPVnpvajlPMWVKMzNOejJNRTl0TllLN2lCK3RoOVor?= =?utf-8?B?aVFTcXNMYjk3Z0hwRlBSTDhKV2ZMWUQ4MFd4dTJPd2ZaQ3JWcGxvRnE1L3d1?= =?utf-8?B?U0NIQ1Zya0FDRHpTajdEL25UYng1eHJYRnJzUkQ1Rk9FTm1vSVBlckpneDFM?= =?utf-8?B?VVgzMVpJZDZKQTVuUUN0WEdDRHVnV2FsLzQ2TEFtdnBnL2pQb2VZUW5PYXNh?= =?utf-8?B?dHZxTitTZ0hjVzZyN1Z1a0FFWkw5OGhLdVFMazNWOG1CMlIrQjIxQW5DT2tB?= =?utf-8?B?MGlFd09sbUQ4YWlkSUJzUy9lSExZWDR2NzE0V05BcGp3RFhvamRtcmFkL3I5?= =?utf-8?B?OVlCTGgwY3hUQ1hPZTdPNVFvR2hLemZtekg3T05pZDc4ZW9ENGxRUjliN2I0?= =?utf-8?B?bHlVTWlsNmFFbGZnVW1pditnQTQycU1Ea3lsYzI5NDRScElPL3hGNjJlOEhs?= =?utf-8?B?b1RENGd3SUcwd1FmaXNLWHBWOUdRRTVBVVAvUFBQUWFYeFhnR2lmdmY1Nnh2?= =?utf-8?B?QWk3VktvUkJidndXZ0ppTElYdWJIK0lIbi9tNDQ1MmtRN0ovMWM1dXliaXh0?= =?utf-8?B?UmJpcVFpYnQ0UVdCMW1jd25ncEtSQmFTM2ltS25qbGZWMHZPZ2s1QUY5YnY4?= =?utf-8?B?VzZQVDhDcUhKN01HUnZVRnVmbFJVd0t4MjlxRlZ0Wkd2azlNcUZnbTFHa0Y2?= =?utf-8?B?RG9kWlkzREhwYkhndnFCYThCQ3h6VGREOTZSTnFQQ0lBVEZXc3JHNU8vbnd4?= =?utf-8?B?ZFRpNzlsWW1qcUU5NXdDdnpjaytMMDdVYk13bU5nT1JNQ1hOTTFQUERVN1Fw?= =?utf-8?B?UXI5cFgwVnE1NHNhVlBTZlZsbU42ekVTd0JPT3Zyb1NQeE4xQkc2ay9ZcTNG?= =?utf-8?B?YmtlRGpYckRBRHRrUkYwQTFkVklhcnloS0oyWU9iSUdCODZwZz09?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: cae80ffd-426b-4f6c-b0cd-08d9c3f2eeea X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Dec 2021 19:57:20.9526 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR03MB6695 Subject: Re: [FFmpeg-devel] [PATCH] avformat/mov: abort reading truncated stts X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Gyan Doshi: > Avoids overreading the box and ingesting absurd values into stts_data > --- > > Fixes prolonged demuxing for fuzzer-generated files in the loop added in > patch for max_stts_delta > > libavformat/mov.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavformat/mov.c b/libavformat/mov.c > index 2aed6e80ef..8d88119b29 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -2935,6 +2935,11 @@ static int mov_read_stts(MOVContext *c, AVIOContext *pb, MOVAtom atom) > avio_rb24(pb); /* flags */ > entries = avio_rb32(pb); > > + if (atom.size < 8 + entries*8) { This can overflow. > + av_log(c->fc, AV_LOG_ERROR, "Truncated STTS box for st %d.\n", c->fc->nb_streams-1); > + return AVERROR_INVALIDDATA; > + } > + > av_log(c->fc, AV_LOG_TRACE, "track[%u].stts.entries = %u\n", > c->fc->nb_streams-1, entries); > > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".