From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 9C84E426E4 for ; Thu, 6 Jan 2022 09:52:15 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B844A68AAE6; Thu, 6 Jan 2022 11:52:13 +0200 (EET) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-oln040092069035.outbound.protection.outlook.com [40.92.69.35]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3EC8568A667 for ; Thu, 6 Jan 2022 11:52:07 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Hf1xJm2U6ZgrOzJ4Rko88tPSmRHlvyu82N9AZTLuL63aAindExNZzPF0eeyscbLprmu1ObBVe+r4R2SmGPT9Mmo8wWtgbCHaXAdRkcGKIGmiv7nPhJoaCja6RPxlBeKh2puxgzkAzil9uD/9tpIUvGNPr6QUW3eIB8/x99QgR2/fW7jMarc0SE18SptZSIP6eUxWJxR5kmMpILSDsegjg/EdMfvGe9OqlGkk+XF3gEsBfooR9rwFhfx605LtYAjp/8zsjV72f0pECgih7eH6K0jaqvun/0IEyllMraMxbCf0k52t6oD+w4KXcnQ8MJXQPhMygzYz6xEFZNiWCPwqdA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=11ocihV0GGyUaM+HghqwlBCFwVuzQ0fQ3GX1hwfzF98=; b=UTMmDwxnhPvmU0f4+af3zg/gXeXmxcGBSbhhQH+gY08Do6dsLsL6lcXcGPXQTe0QdL7dDX6SyC0EJ1SgBYrutSVMpBqzXdQDwJeP/GvwuVx0ZAtYqkGobmFDblcM9yFajFkgXXVWUMAAvbdUvfhr5OhzawM2TAvuqZbvC/H7QRW9iMCpUb02UC3IslcVgNzCbZL99To2ns7Sno5OiuY3xy5ALpJf8Js67NGsEOCp87UsixSfDmsMNvVQwZqnuLFPAHQGfah20wMkzolO9rJPHOgPyF7PRCypS4SMxiMXN0YJddvmt6i7QcWTAgeaKJ387WW877trVN941EF+yxyCsQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=11ocihV0GGyUaM+HghqwlBCFwVuzQ0fQ3GX1hwfzF98=; b=BqGBJ7ocTyqGvNTfNLMcFAkmBmDD/IVeF3zTWiI5DtQv1ggJn4V0qUS7E+XYVNIxxlXt4phfHN7YxlJ+alUz49pU2fkEOHf2SIZwnl6eHBMRaaxZJRLkh+i8b6ljTYAAqXZ8poQjjkAP69zyrTh20U4Y60elGXHpMTs4DTTWlVSQVXYWURpP88EmTrAXIS59r8yFVsUr8nJ+of4Y5mbhp/gNBos1QjowjoJibU+FRWMKFyVsUVPwgt60kabpvZEvQPCAEkQ4IWLhiIbpopsN1XaBtdkIPni7wCljbcbG/p3Lfh/kInAi6eDmXnAx4l5E+b98C4Z9y5e9H8q5SCwSQg== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by AM7PR03MB6402.eurprd03.prod.outlook.com (2603:10a6:20b:1b7::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.7; Thu, 6 Jan 2022 09:52:06 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::19fc:be9f:2c9c:53f5]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::19fc:be9f:2c9c:53f5%9]) with mapi id 15.20.4867.009; Thu, 6 Jan 2022 09:52:06 +0000 Message-ID: Date: Thu, 6 Jan 2022 10:52:04 +0100 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20220106084203.27906-1-michael@niedermayer.cc> From: Andreas Rheinhardt In-Reply-To: <20220106084203.27906-1-michael@niedermayer.cc> X-TMN: [h+GLzIeXqwN0KvbKm2Y+CDyIuBatp+6F] X-ClientProxiedBy: AS9PR0301CA0057.eurprd03.prod.outlook.com (2603:10a6:20b:469::11) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <5f8dc2c9-9a92-9558-5a5d-fc99f2fa9f0a@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: aa82e5b9-17f3-4290-2a96-08d9d0fa328b X-MS-TrafficTypeDiagnostic: AM7PR03MB6402:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: pjiWGZUXdMHt2Y21GMwNe9ukUDd2OnIBX2yiib827GMWkX1qrki8h6sonF5FGWY+JxSuyVLNb6r0WfWwX4T9RZ5+/NwgyxqwwT54EK9VQlw4mf/6pxcMQ7Rs3Ao5r/xg5bnwilvkAEnAu1jt5dZYuopde38J2iA11IiMzrwwLvgas+ZU4YCeJ8uludkT+FFum1uNlxQpzGMPU3dSwJAPk1k3/7VVSda2TTeE/pHyCpFxMxGDSCzPRXErlR1kFUJy+roKGAm5F8EV82kbAHX6K1mUGgVqE+moc3FUKa1rkxcHgfGgXls13mkgO4MCdRM9Y0BTnL2AfD4Qke50wHZha2BLB9WHUeqM7FAOJuuUXr3o8KnrwwoN5q5TLQlUi4fdfL0Xtr1AosTu1YA+B01bdvngyvf1C22r1q7oj3uoasXGL7I0cidN1lhQeig+/a3yVyY3fYAQw+g+CIkWnBdZQB6UgGNMnsnxz2lrzyUPR1MMHyB4IrS84NR4q+MPmmveh2twMNIrejtExRSMmwmedGuItMl8CIB73CgaPQkH1YqBhAa7h/CoBrLrEvVintcqTSyG+QX0S08cGiO2wEPzf8Ylw3pID9m/PyGxMmgdjyNJ8H/VOxOKWGzctv5hseQm X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?c01TUkM0L0tjNnpZNFZ6ZDJVSkhybVEwK25STGt0V1ZSSU1ad2pTdGZXYWZR?= =?utf-8?B?aVdjZXBWZGNlMExsR2V2cWd2RW0vS3NLT1ZqTXV6ZkwyRHFMc2NoUk4wbSsx?= =?utf-8?B?MVYxTTZySG1nZEdMelE3WHFobGhCMmhhOUJoUHlDeHM4T09JM3k4cDNPSXpv?= =?utf-8?B?SlN3bjR0YTBRdEpDZTFGTS9KS3N4VGxtbU1hMm4wT0tKR3lQcXBvM2k1RDZF?= =?utf-8?B?bTdmeU9mVTYvRmFpcGMyMzRiNWVybnBFK2lNM1pCMzVnQU1LbjBURHVRN2JH?= =?utf-8?B?VUZpSW5DYWNFbk15VHJCQkpzMFZ1dFZnOWJDTDVEOEZQZVhOOTdPZ0NySTQw?= =?utf-8?B?L01hRjEzbUFpaHdMOE8yTXU3eXdqaFBDbHVVdEw5RjAreWlaWGFIN1ZkWnZP?= =?utf-8?B?blVRbXArSmlJVGlQcXVtckxWeHVmUDNTSUQxUC9UckFiTXVoaWUra3ZRMmJF?= =?utf-8?B?cE1mRVdDK2t5T21FUURRYmM2am9ST2Y5N1E4ZmwvdVQ1WG1BZTBydyt6b1Mv?= =?utf-8?B?dnA5QnlSeHNWZ1NybS8yVXl5WFRtQ2VCaVMyNnlrdkhwdUpacDVxZE9LNkt5?= =?utf-8?B?VVNKc3d1MTMyTk5FR1drWVBTTTQwWjdhVHl4SXNkY3VBcHpLMzJDUXdPQ3Fy?= =?utf-8?B?OXJWSENrcVVZZS9Cc1F0Y01BSVpKS01Qc2UySHpUanZGSXZYQmJPLzYyTTVn?= =?utf-8?B?S0ZDQVp6elAySUtDcjFmUGxWTnozMmtWWjgvUmovTU1QcmFPT1d3ZzFvcVZs?= =?utf-8?B?MVZTZ21pMUNrOFcwV3hIem1xWG9nNllZMFVUTUF1WFluWm9VdXNoOEQrNmtO?= =?utf-8?B?dDZwMkFUMjVObVdHZGdVbjNKSUJUUTVZLzBDeTFjL01Xd01BWW5sS3cycGZn?= =?utf-8?B?UXlidy82NGg5aExVTDB1VTAwa09ZWTFnaDQ3WWdyaTJlNVMybE8vcHlrRlFP?= =?utf-8?B?QVYwNUpjeWIrdUtmVTVZUU02bXZQOTU0Y3cyL1pzUHJLT3R3S2RDaFl4bFUy?= =?utf-8?B?ZzVBc3d4WmUwcWtqQVIxSGRxaERMT2I5MWJiM3c3emlkcm5oUHV0V1F2bStM?= =?utf-8?B?NVlrOTRINDZTZlVDUDVJUmVJWFlXMVNGMDRnTUlVMG1YdmUzZVFKdTcwbi9O?= =?utf-8?B?M2JOTXNQSHdscFMzRUNWZlFzNVROZHlvV3AxbEpTYy9SWHdpSmNjVFFnODY4?= =?utf-8?B?RnZBNEkzR2MwTUNvdGdMNDIrelMvUEF0L1hBbnlXNTROWEhyL1A4Wjl5aG9k?= =?utf-8?B?VTlVOUhmWmQ5SGJjZFo5Yk9lcUNBTzFZcnQ2a0pEeFphSGIydz09?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: aa82e5b9-17f3-4290-2a96-08d9d0fa328b X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jan 2022 09:52:06.0518 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM7PR03MB6402 Subject: Re: [FFmpeg-devel] [PATCH] avformat/rawvideodec: check packet size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: division by zero > Fixes: 43347/clusterfuzz-testcase-minimized-ffmpeg_dem_V210X_fuzzer-5846911637127168 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavformat/rawvideodec.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/rawvideodec.c b/libavformat/rawvideodec.c > index 68547fc50ff..7581ba2c7d2 100644 > --- a/libavformat/rawvideodec.c > +++ b/libavformat/rawvideodec.c > @@ -100,6 +100,8 @@ static int rawvideo_read_header(AVFormatContext *ctx) > if (packet_size < 0) > return packet_size; > } > + if (packet_size == 0) > + return AVERROR_INVALIDDATA; > > st->codecpar->format = pix_fmt; > ctx->packet_size = packet_size; > 1. I agree with Lance that AVERROR(EINVAL) is the proper error code; after all, the dimensions are based upon options and not read from the input. 2. The dimensions were checked by av_image_check_size() before 41f213c3bf629d549400e935e7f123e6cfa959ab. 3. The same can happen with bitpacked. Your check should also catch this. 4. But I don't see anything that actually ensures that the multiplications do not overflow. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".