From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id E5A6C47777 for ; Sun, 22 Oct 2023 12:58:47 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1A7CB68C9B8; Sun, 22 Oct 2023 15:58:44 +0300 (EEST) Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05olkn2103.outbound.protection.outlook.com [40.92.89.103]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9D0B168B3A9 for ; Sun, 22 Oct 2023 15:58:37 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EMbjaHD/jsIk5hYxwR3f8M1XlhKcoxSR7AjuY8eT5wqA9j+apDF3ppPpx3YME2hODEVyjFYZDU6Z17KexmarJbJPagUCln0ErlL+BZU5ByB6qFe90+JljfBP216llTVsSx/4JUEleyqsjoqLJlZHVavLHN9Xny1fYh39K6acLjgxJU4pI2C4Ha/m2EVEPV1BqfJB+w5aU6c3eEaAGt5896wDGjZGCJx9GHWaC/477hJZabZnmqAOP/c1F7ocRxtLK93Y617P0oNtE9cc22w3Aw30YxPejryPwgZcCVtixOjuD+rZoln4eST7oDsTWu5+ETAYkXryJIWmXyxd9EXipg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=kMh31aA+8s2iUE2doofbC6ap1dg48HAOBH8R6sw1+RE=; b=j86K5nRgmzPTjW8p4ZRepepkUkMFF6/QpxsnWqqTU+mXmpy62uVLDbuJaR99Ko1NCDeUXfWP+rJBiRhlF29k7q6iBceEmKciaola513fFMHZ1SGuN35J04lEWXgf8hwmEGBJEsIQrVT07AiOhqKdXjqvSAEKfAyQVk1BEF1a37GGWFpunFB4g0uvXVMswBPcrv4Z3O8vGD9a0BfwTQJfcIDTxqmJaDNQc8zDF9rVjurpyADvpXtVOvuxLHKayot76hiakxS7BAl/Qig/F9ytpXQOJBndzh6+Ow78kHbAqNBntS4Z3hHz+Pc8ZW45CiPzzhOPwiXuF3PoVUxufRQQ5g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kMh31aA+8s2iUE2doofbC6ap1dg48HAOBH8R6sw1+RE=; b=SKY5Y88GeV4GVEZPFwUeB3RYCMUM8bWxXR2soC7/Pqu/qx7ypzpKujrWVT7rbW9qJ6PxuvkRpR3vpxZbAGK7Cu4XpmYwli9jBei7ZcuWwL/JGtrYBTFh91HlXlvd5i7etp7tZ6CO9cUxOB8n8ZvVqmtEOx/4rM2F4PEzBCXUu1JV3NL7GHfQjpFPnNwteMnazc31ou005NYKgLGJRdYixtMaskFBlIROnlapkcs/f+ymO/pxiBlYFwOQ4PBJQo8W9W4z8JY+V3iKn5RVidnC2+HrHpwEBIzEvVXsIuihWXlZf9fSOxsfusC4RyPWWeOc1RqLqD6bbDjsRDXzBvCokA== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AM8P250MB0198.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:325::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.31; Sun, 22 Oct 2023 12:58:35 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::f59c:9cff:a42d:bde]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::f59c:9cff:a42d:bde%3]) with mapi id 15.20.6907.030; Sun, 22 Oct 2023 12:58:35 +0000 Message-ID: Date: Sun, 22 Oct 2023 14:59:52 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: X-TMN: [AmS6KADuZMrDLhqlh7E1YmCVPGJ0ItT93GhejNVimVE=] X-ClientProxiedBy: ZR2P278CA0073.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:52::16) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <91079235-12f6-47af-bc40-3e5bd7269e56@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AM8P250MB0198:EE_ X-MS-Office365-Filtering-Correlation-Id: 79be5e7d-0880-4465-4712-08dbd2fe9a43 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: L0NUfAhtmzAZye41/I+qauI1zKByx4ZO924fE2taerjfMXaAUVOoeKr9Z3LAixW51o2f7RRXtEZBUOTcC4xRA84d02TQBMFKFh7In5wXet74+2QbGH/KNcO7lAd3pId24Xi84Pc4HWeN9vcXRJQRviV1+vQ82JDMermUfPFv07p9YTCSzOEEHCkzE4Z3r7CRhNB4ogCpADuGJ3y0+Ue0wZegPcm9bgpzAFuDSL7IoVWsfemYfwngW1inbtri/IO+0Y8T6ew22zN59KOlCHBRzvFIpGHZXdFEQ3d+4NA7iCsvDVdqDQQZIQPhH6WvYp10FGWdULqpjd4ZaDVoH5VLscYcpuPGz8fzPQ33oZC9lr420Z5vHFrZ2lEmceDGIRiSkb6V5WIgJ4SYdUWqBrjkQfeLPP3vgecZpSZHwHyYSNotJmxsor+yZW+PjlF+qKkWzhgMmd/9S0ICcdaHTc72IYzfBgAP73sIHjz5b/okRckUUMHKT+0Pl95rdoCXR7cJF8D5soOFABrQ/by4TgJxvelo0Wc/N6JcUa7XgFaom4ofHRye1I4p/j1gFPOnLjF5DWWFsTTqBZpGRkFy76gDLz3VYb2REpO6Q4RWnymgE94= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?WEtoQ3NSbU1odTB3b250OENUSDFFODBkdU5vUDc5MjZpQndVUVo3Nkt5K2ZU?= =?utf-8?B?K3MrQUN5YUxoMzFiUCtGNVZiRHFScW44eW95UHMxSStHcGloQ3RUdjFQVkda?= =?utf-8?B?VWdFNFcxUUVJMXB6aFNBbE41UVM3eVhOM3VSeFdKVGd1M2kwbUZ6TmQrejhC?= =?utf-8?B?Q1hBZ0RqeHFiTm10VUJFNkxOY096WDFOYnppVGRrWWo0SXVhSGhMTXZHOVNX?= =?utf-8?B?K1phSERoTTB6Skh0dlVnVFRJT0JWRHpFTzgvUXgwbDlLNjlLNXowVU9vSEVP?= =?utf-8?B?Vk80SE5nRVJMYlZKelVCTnY5RnhIQnpCQUZiMGpjc09xTC8zaCtab3dUZmNn?= =?utf-8?B?ZStsb01tdldGODB4Wm9RMkI0OUtjTXFjL0F6cm5oR3FCQUI4cDZmNFArbmRw?= =?utf-8?B?cTlQeUorYzVBK2tWZmRoZmt6YVJ3a1hDbjNwRTdGNjNmWGhUYmozR2RhaGlv?= =?utf-8?B?SzZTVDBVUDY4NVdxK2Y3T3oyeDZlUm5MTmVMWmpzbzB4QXFWUDZocTdSdDZH?= =?utf-8?B?bXhBSk11NERBV2NtQTR3bjErcVpHMEo2YWczcnB5SlRMVWRXWkg5OGpQSmRr?= =?utf-8?B?WTFablZ1WVdZT2phNlJoQzB4TmpBQkY5UUszdmV5N1dETVFxUk5pRXVpMTVq?= =?utf-8?B?cm1sUExNV2ozcHdFYk82QW03T0xaeHdWRktnNXBDZXdRdmFTL2VZUldpYnF2?= =?utf-8?B?SWg3L1lrWmZBbUIwM0Y0WEMrTVB4T29yb0Fnek1SRXk4TnVGOTV2V250Mll0?= =?utf-8?B?MW5vZUhGejFDbXdQRHZhUXpEVU5jcSt2aG9UNDdEOStsZVoxWHZSUlBGUEZl?= =?utf-8?B?dDgyUkVNekJPTnhnQVZxa0lvU3pJRVVnYVZTSSs4T1UzeWVRRkkwalc2R254?= =?utf-8?B?K0N4dDhQWXoxajFtY3ByNUlmaThXMUorYlorbDkvRmpXUE5FWXlQd0toTHZ0?= =?utf-8?B?TjAzVkhoWVBLTDVURE9rUC8wRk9Rb21YdmxhOWwwa2ZvcjZ2YzRLOTQ3V2VH?= =?utf-8?B?Sng3T3VaV21ZOS90UFF1UFhDV0FkR21ERkNwSnpuckYzS1FCWGwzdjVMaWNV?= =?utf-8?B?OHRITE8wUjgxZVZkeWRHdVczQlhWTldUMlViVUFJTUNWYTBqL1piY29MajBj?= =?utf-8?B?SU9NRnNGK0FGb1hXellYdUdGM3hldGlXUmozMTJPRE5uWXkvMVczZUV1VHRQ?= =?utf-8?B?R2JqaVZxOFBsaUVnekwrT09qZXJPMGNxL1BDaGhDczdJZlN4TDBhQXc1eklF?= =?utf-8?B?OXJ2MVVsYWFVeWI5UG1ZdWkyVTNhbmE1TTI0V3lpQlhWNjBpYi9ucFBYWlNJ?= =?utf-8?B?SDk0eEZNNkRuOE1FZGNKRllBNlNwUWM0RlZ6VnBBbk8weWJFbXArUXU0MHFn?= =?utf-8?B?SkZncVcwY2JFRWRPWVA1QURtWmpGS2J0ZHFHcmFIOHpZcmVtOXVldXJGZzFi?= =?utf-8?B?OWhCTkVCL3BEcFR1R09XbWc5QWVYOWxYOHpmTzVldkYwRWoxMWgxSkdWdC9F?= =?utf-8?B?LzBzRnlvQWJCQ2x2VG95RW9TYWtoSUNnQ0l0bDA0eldibWVyYzEzbVVnTFlZ?= =?utf-8?B?a3BwV0dXN2FsS3JBa1NGSER5c2FhYVQvR05CU1gwcXZUbDJIQUNobDBTNW9a?= =?utf-8?B?bGExT3IrSEl1SkhpcCtUOGZIQXJFZHJmeHhDZkxJV3ZjYXA3ZmZveXZwaXdH?= =?utf-8?Q?VBzTZ0067MspWvl5iwhJ?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 79be5e7d-0880-4465-4712-08dbd2fe9a43 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Oct 2023 12:58:35.7560 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8P250MB0198 Subject: Re: [FFmpeg-devel] [PATCH] avcodec/cbs_h266: fix SPS VUI extension data leak X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Nuo Mi: > Fixes: VUI extension leak > Fixes: 63004/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_METADATA_fuzzer-4928832253329408 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > --- > libavcodec/cbs_h2645.c | 10 +++++++++- > 1 file changed, 9 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/cbs_h2645.c b/libavcodec/cbs_h2645.c > index 470f60b95f..ef631a11fe 100644 > --- a/libavcodec/cbs_h2645.c > +++ b/libavcodec/cbs_h2645.c > @@ -1979,6 +1979,13 @@ static const CodedBitstreamUnitTypeDescriptor cbs_h265_unit_types[] = { > CBS_UNIT_TYPE_END_OF_LIST > }; > > +static void cbs_h266_free_sps(FFRefStructOpaque unused, void *content) > +{ > + H266RawSPS *sps = (H266RawSPS*)content; > + av_buffer_unref(&sps->extension_data.data_ref); > + av_buffer_unref(&sps->vui.extension_data.data_ref); > +} > + > static void cbs_h266_free_sei(FFRefStructOpaque unused, void *content) > { > H266RawSEI *sei = content; > @@ -1989,7 +1996,6 @@ static const CodedBitstreamUnitTypeDescriptor cbs_h266_unit_types[] = { > CBS_UNIT_TYPE_INTERNAL_REF(VVC_DCI_NUT, H266RawDCI, extension_data.data), > CBS_UNIT_TYPE_INTERNAL_REF(VVC_OPI_NUT, H266RawOPI, extension_data.data), > CBS_UNIT_TYPE_INTERNAL_REF(VVC_VPS_NUT, H266RawVPS, extension_data.data), > - CBS_UNIT_TYPE_INTERNAL_REF(VVC_SPS_NUT, H266RawSPS, extension_data.data), > CBS_UNIT_TYPE_INTERNAL_REF(VVC_PPS_NUT, H266RawPPS, extension_data.data), > CBS_UNIT_TYPE_INTERNAL_REF(VVC_PREFIX_APS_NUT, H266RawAPS, extension_data.data), > CBS_UNIT_TYPE_INTERNAL_REF(VVC_SUFFIX_APS_NUT, H266RawAPS, extension_data.data), > @@ -2003,6 +2009,8 @@ static const CodedBitstreamUnitTypeDescriptor cbs_h266_unit_types[] = { > CBS_UNIT_RANGE_INTERNAL_REF(VVC_IDR_W_RADL, VVC_GDR_NUT, > H266RawSlice, data), > > + CBS_UNIT_TYPE_COMPLEX(VVC_SPS_NUT, H266RawSPS, cbs_h266_free_sps), > + > CBS_UNIT_TYPES_COMPLEX((VVC_PREFIX_SEI_NUT, VVC_SUFFIX_SEI_NUT), > H266RawSEI, cbs_h266_free_sei), > This should be a CBS_UNIT_TYPE_INTERNAL_REF(). - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".