From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id B25474613A for ; Fri, 2 Feb 2024 23:20:51 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AA8FC68BDD5; Sat, 3 Feb 2024 01:20:49 +0200 (EET) Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02olkn2058.outbound.protection.outlook.com [40.92.48.58]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7F86468BDD5 for ; Sat, 3 Feb 2024 01:20:43 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Wm37s+gM/3+GBV9qGsK7deWAIP8Ts9XA+pcYpOVSEDW0qUg7iMvjKAST9I8q6yVoC2wUPOqcFhVSZbKTc1Vbp17Wn1Dz1JlqTapyTIZIHAg73RFiCscBEO7V5G2ntCsnSy0A0nGscv5V1O0G3+5J4KKQnuZqqUy1a+bF5Rypkz5z0VfikyPApz5fRRQfvQ5thVXXm40UBSQrCHJeUZg/Xc3hrtJTNQifcxE4X0LKjCXSsm1qNsbPfAr+CK4eifvStux14MMMj337B6KtF4KEWCX0FQI8yBp/qGH2do633yhGpy6o5ryuRN+OKeM73j3GaGJVE2zMQIuyWokOiMk6nw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zi5qGWKa7/EhNvAqu7cOxFr5Mt+SvcDxq37Nv4+WMAo=; b=VnAospimJTtHEt5bppXeJIklkmax6fqC1lsWP892a962KCNuX6POk+CY12UbDFNrb7IN+6Lh33BxIZHsWhL/zekUgjFOS21efes8PrMKlu+hjsWLrI5/u6IFw/4gsxAoJ/7OslH3qST6sEhJKVZRFwA+8cdEWe1/Q7/2Phyh6y8Ygi22rF7+f5R2jJ9v8DAzx9sNvZA93G4XQ9EvhgCFis2N/BOP+rhxO77h9L63LNRWUxge4qDymNVmNWbE8PODgoUofoSAZWlXqYC/x84mi/maYABhBsbkYqGEclzCuEQjxALzur3wGSfl+WTvwsvTfZUsVaeLd4MbBzuQaYImfg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zi5qGWKa7/EhNvAqu7cOxFr5Mt+SvcDxq37Nv4+WMAo=; b=Zkn3w+cVeIn2qPETZYg4+ofmEJtvUc4eCM5/ZEXpJrV8MuEvnrp/2yeXDKJlTZcojOgCByvh0vQzgi2GdQQKxcNVn8j7HwlRIvM4HyUYcd54zwBrlVhcP9SqjWskObVfg+PzNa+oNAjaQ36XDZP9GrCT/0NjQ8EK7jTfsoI4duQjmL+S2bgzpOgSXFSSgIjL0j9sMe3WNKICI2qD4gWcgNwictBRBDYHQADXkCmOgsGS8frV5zbRxxGvGi6okGuWaXGZ9UXvPfZfbtpqeWoTr6NNCJ9arFDUrTsW46EDjHSMfK1ci4hOWqJnHmsUlSwTa7tJmjImOCmD7p113NS86Q== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AS8P250MB0345.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:37c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.27; Fri, 2 Feb 2024 23:20:40 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d%5]) with mapi id 15.20.7202.031; Fri, 2 Feb 2024 23:20:40 +0000 Message-ID: Date: Sat, 3 Feb 2024 00:22:32 +0100 User-Agent: Mozilla Thunderbird Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: From: Andreas Rheinhardt In-Reply-To: X-TMN: [v6ShwE8pVKCN4bZ1zd0/8tbDymYDQjb5GqwWBJq1cjk=] X-ClientProxiedBy: ZR2P278CA0003.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:50::6) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <8acd92f9-3100-494d-8974-37c81ad536e1@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AS8P250MB0345:EE_ X-MS-Office365-Filtering-Correlation-Id: 39ca4fbc-a116-4717-1a0e-08dc24459190 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Ggt4HPUiavT9q/C3Z9EzhwBwN5nV7+iMUDCFG4zrqyW6eym/zSOx6dB1m08RCOZ87pSA1RwVdNDfrC8i4owJdsXnY86SytL2arQluPye0a0t4PHDqdpdp3YwQG9IWKeNo/rQK71yR27VJgJ7sUiriactueSQce5EqocmxEowt8AnlHpx83tg3quQakm8xIPVCjWndwkWxLVphUor68qGfFFeTY8w9QZMs+GIG5PNvgKJGiX26m7s8q1+wYaZPD2zr/ClrI46NRkA0jZRyrHKuMnqZxF57B4/urY88cFrrNYf2K49Vs+exVuifE87BO81o8zTRQSS7Pi7HxlUGnsF/NCAjN6yoz9OVvMv0XZxOjxTXuxjmGm/h0cA/vYr9EMwwDd4Q45NRvGeTaJ/NHCqudfMvFHT0CJzW0vDV9CYNyxznSYClo+aVsYrR12w6Apdtn7+w8BQwEdJS682Oln2G8IkvuPxmmyeMBi6U7c4Z0cucgP5srF5iJbOwHImwmbkl/OpBc9XOIFopocvPCc7+8nYhA6T0QR+u/+HJc5qeIkZSMD+bei8cUs2jYpDpC0K X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?YWZPVmJNbmRqeHVuYjE0R1o3MHl3TVYyQldoaG1sN2Zad2hQR0F4OGlKdjVK?= =?utf-8?B?NXowNTJvU09JUElVSlVXQk9ZNTArcjdEU2txZzQzejZkcDF6a0ZEaUhqT3lQ?= =?utf-8?B?bWZKZWQ1SXpwL2oydy9DNEFKaVU3ZS9DMUtZaFpNWWV3aElIQm9LcW5pbXdp?= =?utf-8?B?elpSZHZhY0JXQVFlSXVwOFAxNmI0OERDdHV6bkVMejNBV1cxVVBoS2NrMHcy?= =?utf-8?B?eGZuMStCY3VJSmVKMjR3cXhEb3IwOXNOOTc3WkpmR25yMlNqZXprR2VyZG9v?= =?utf-8?B?d2w5YzBVNUVWN1d0R0dKUHRhR2VRRVpOK0xWaG0rT1BPbCszSTl2ck9xQXRh?= =?utf-8?B?cC9wN1VlUzZaN1h5NUp4TnZZdktwdlJ1SVRFb0J4c2czWFJmNkdhdCsrWmJ3?= =?utf-8?B?ckJ3R0lYV3ZURUJDb3dWZ3VHV2xWWlZLUUliMm91M05TeEMxbWR6V0dSOFMx?= =?utf-8?B?ZkhSeDRlV3N4amZrMm94Nk5GdU5wVEZoNVFVY0I1S1FGR3dHN3BrK3dRaGZR?= =?utf-8?B?bE9HVUNlcnFROVhLR3VTUUtxcFRwVjd5ZXg0SmdyQWVEd3BxemZXL0J6eDdx?= =?utf-8?B?dXdjcW1QL080eFVXNkl0VCt0S0h5M0VpWm8zdUxNNnhBRUxjQWo0VjVUQmd4?= =?utf-8?B?NEMvNU5NaENJOVUrcWhCMnZDNVVVLzN6aEhoR0IwdVFQVmtZWHg3U2FEaEpH?= =?utf-8?B?Y0lRcFkzUXBCbnYvc1BhNUV3MW50VUM3ek5idzlJb0J1N3B2ZFA5dnJJeUNG?= =?utf-8?B?RW1PWlJLTWcxY0YvUUZkbUF6ZUJJeGFUS2pWcjRaNkNNeGZmaldzaDZzNjV6?= =?utf-8?B?TFZpczl5TDVQNW1ZL25QejBuemhEK2VqTk1RckYvaHBPdmxjT3JqcUVyUW9D?= =?utf-8?B?Zk5sTHYzQzZJT3lpRXJOS1FIWFhnNVQ3eHdlUzhuZzVyTG5qdm5kNEtJcUxH?= =?utf-8?B?VVQ1eGw3Uk93YVJKQWtsTDZUdnlPcWMvQzFlK3BaaDExOUQrUFJMWTc5d2Iv?= =?utf-8?B?VWZXVkY0dHBxSDg4dnJraFlYVUFBTHhDendIdHZpRXhPUWY2THFlOEpZRG1L?= =?utf-8?B?ZGRIMVZoY1hGRWMvaUJPVmFwajRua1I5MklKWXdkQkJuQnVVODNVM1ZUZzlG?= =?utf-8?B?K0ZFNEdIeWdjTjFiVmQxaXZ0VHA3d0tLeFFPWHBjWTF3OWV6S1V1dmxEekVU?= =?utf-8?B?NVY0UGJLdUVXQksrdVJYTUhsaDJucmR6R0l0REJjS1NZYkE0NC9pWDdQQklj?= =?utf-8?B?dE9Rc1ZVYjZWTWhTM24wbnphbEYzdlp3VGlPYUIrdUxhTm8vQVpaU2VsQjFu?= =?utf-8?B?cGhEcUVHRDNWYmhRSVkyM3JkcWJMSzBST0JvUHJXVDU0NE5pV0NyajMxaE9u?= =?utf-8?B?WWlaSkVvdHM5WTR1WGFOajh6TkZZWDFUWDZhUzJsdnVBcW1SMTNrSkJROWZZ?= =?utf-8?B?c0lOdEtMeElIQzRYSTB3Z0pvTkpiYjdsV1RKL3kzRkgxc29HSE9xSVpiK1Ur?= =?utf-8?B?Q0JMQkU2aHd0QWYyeml6ZE9FZHFaU1g5amwvYm5aVUZTdE10aUNZKzJIWW16?= =?utf-8?B?SU1VK3RZMHpuOTFFQ21BL0xwZlNwNUdGL1UzZ0hVYjkwYzJYOVkwbmRobWNp?= =?utf-8?B?NHJ3ZDQvU1JqSTM3SGY2Y1ZFZ2t3eVpiOHI5U1pITmpxdSsyQ3ovU044UDB3?= =?utf-8?Q?kBLDbYDEcjUyFmga6H7c?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 39ca4fbc-a116-4717-1a0e-08dc24459190 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Feb 2024 23:20:40.3944 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P250MB0345 Subject: Re: [FFmpeg-devel] [PATCH] [mov] Avoid OOM for invalid STCO / CO64 constructions. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Dale Curtis: > + // Clamp allocation size for `chunk_offsets` -- don't throw an error for an > + // invalid count since the EOF path doesn't throw either. > + entries = > + FFMIN(entries, FFMIN(atom.size - 8, avio_size(pb) - avio_tell(pb)) / > + (atom.type == MKTAG('s', 't', 'c', 'o') ? 4 : 8)); > + This may call avio_size() and avio_tell() multiple times. Furthermore, is it even certain that avio_size() returns a sane value? - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".