From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 8C01B45D41 for ; Thu, 2 May 2024 06:58:32 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 343AB68D798; Thu, 2 May 2024 09:58:27 +0300 (EEST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-he1eur04olkn2107.outbound.protection.outlook.com [40.92.73.107]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 98D3268D74B for ; Thu, 2 May 2024 09:58:20 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hNtDdvfEN2IVXeYUnuta9oHv/anQ2VITs9/OmgLvXJYOrbgpuHvglbogKaJ4xJ+pV6/OmhK5bkt22/YTFozmRV5vVx6584545PaADFg+Gy3aaZptiuBoEg+13Hlo1pT7s/sN2DqBAu/1iVRbkilQ79OByiTN0pMqBdxgbg4qBP5qkNcGqjvgXH2vclnBqIhkESBmJmvtrI/9VGlBK2oRGxAzWJEO/br6j3/taafTx5cpngYkEEhQT0Dh8F/bxUsj/BHc75WBsPryHXP2j42lXQcAnZdITrZMftLx5LZha0CMByMPS7NbrQCfD+HpaymOf1aMZyemqfzlaKM1szFGBg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gisx03AI5hIlvZvmT+0dANL6Yj8WHnCFqOf5BSaYfNM=; b=HnV+pLSNXmXAvn6IJvZ+1MktiXU9z0ogMGyFumZFJnyX9PPvNe/YPuEyaIca8eUaAoby64r2Ur4LZo4LydOM4AlXYiIng3a74HsX9M4+aNvcD4Yp71YP7uwf/9uXzhQsnpN7N+Vhtxil6eBwrfMtTjNZYyCGMwK8Hv5fM1kXvlbEVKTXbbqxh0KIb5YJ7pZMa+7PDVkdaALFyUA+7boNIlIIXiCIvFESkFBY5yEGlDJoqTbUWdBXnM2Eq3unTaDATOtZ17qLWpFP5JFTBdfpvXLg5SXIB60zG7bZ5NC7mRQIEdRfIfXwspRDrtyo+SW4NhGyj8PWcUFrVQUFiitAmg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gisx03AI5hIlvZvmT+0dANL6Yj8WHnCFqOf5BSaYfNM=; b=PQRUpK9ey87fMFaeAgT8lmL4I2oSwvPWzsEQyYxPCbUTglR/BWqYKGgm8mD2XMNbOuLIEapdM6ApzDRtDT2BzXqs01Gxb0qivPdUNlpES3C2ZKEB/XbNo8N32+z/czAukR6Rm3CJZRtuWLx7aWTVQX2GTWSIPWwkURUpGp0SJUwkfmEqbvHit8GRqmVUtaQh3qubx9D8FByEwLUEPNuJf1TjyywsVo8lschLkS+IDDiA/Mzw6VUPtJ162jb3S6YZyBGK/XwkNCZMNwW5xilGIc44U3D+Fj//fEKAlEMm7wqu0TNITbCxZsEqfNWZK4q+JRZ+vc5bAI1qrDeysws32A== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by PR3P250MB0152.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:17e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7544.29; Thu, 2 May 2024 06:58:18 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::1f29:8206:b8c3:45bb]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::1f29:8206:b8c3:45bb%3]) with mapi id 15.20.7519.031; Thu, 2 May 2024 06:58:18 +0000 Message-ID: Date: Thu, 2 May 2024 08:58:17 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240502004150.3627661-1-michael@niedermayer.cc> <20240502004150.3627661-7-michael@niedermayer.cc> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240502004150.3627661-7-michael@niedermayer.cc> X-TMN: [946o45Ecp/fCel21/U0e/grU9cYLl2nY43hWQf5aD1c=] X-ClientProxiedBy: FR3P281CA0174.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:a0::17) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <6905013a-5dff-470c-baca-e6129aaa345c@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|PR3P250MB0152:EE_ X-MS-Office365-Filtering-Correlation-Id: 3e95076f-2fbf-492a-8c2f-08dc6a753f0f X-Microsoft-Antispam: BCL:0;ARA:14566002|461199019|440099019|3412199016; X-Microsoft-Antispam-Message-Info: kr6S6uYF7S/AmHO0ClEmdNjiiSEZL69dkMi/A3xwJX2Z2ErDQ30XsSDGfC1CyIepv4GZvfrS1WUag/gfFbnEF8Gm5y1BxNuvsmS44+u6zfQvzDWh0kAqa71iIK7wZMkUG5s7iPuqGq1RGt4DDQ5+6LMqtCL3VPF6wZVhBejW4zeEfqRW1OX8E3rE3J5CZTnmsFHadrxlTzNHlaQjCvm7BJfh9pTL/XdGqFSaU3B9jx+zartoo2onJQjD1KYy5egTL0CUZrMtAY4Wx9IV9/DHpQFbmElr/ftPh27LyckMvvIStezAg23pYnw3WvEiVzAkGqzn+NntH4qvXOzoL/Ts4cXXmySIf2qrU1+Ru1JwT5aohLg9+bUsLJipRd8RjqdoAztuls69BTMJLD5mGgfIvsQFAlWZXrd2OzGVbDQJn50+ofij63Nc/aQgPnK1ibeka9JnvY94Y1qRHQKZ7qobrbrMckRbGqQchhUzzyLz1/5SvNeqP9X8vyH1TKh+5MaGcZByNu6s9aG9GXYWmDnqTYdV5lZ4mF66DyAtBLuicP0RkMHoM4t5ifL1P9dTrf9v X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RFZDMkNOQThTK3dvUDQ4b01zQzN1SVV0QWd5REk2L3NLYWd4dStXaHVQVHBG?= =?utf-8?B?V2ptK1lGbHFaKzNtVUFuMzJUTS91Y0tqaHNpYnVFR1E4S1hVNWw1UGhiRDRM?= =?utf-8?B?Nk9qVklOOEtJUjBFMGxITm4vWmFPcDVBZTN4bTFqYWFWaXVWdjZaZEVJSkww?= =?utf-8?B?VlRCdUNCQU9ka1dIblVwWlM5SDUzTXd4NGNFUUZzOUxyMnFUNFZoUys1UXFm?= =?utf-8?B?dndFN0hlbWE0ZUl6c1VsZ1lpOVdQU0JNeXRnS2lEQmk2bmVSYUo3QnJoQmNq?= =?utf-8?B?cEpZWUM3N1RjWDUrb2ZqSWltOFBsK3hhT1VpdHBBcmFURVdaVXVFL0dpcE5m?= =?utf-8?B?QzBoVm9YSis1RENUa1doY0xJRjVseENpeUdaNEREZzc3SERYOEtqM3pLV2hS?= =?utf-8?B?TVJyZytZY29QaENiTld0L2FyUmFwWk9YNGJrUCtxd3p6dkttS3g2aGVKTVRt?= =?utf-8?B?Ukc4UDlWNUVKb2NNTklvak1waXJpK1lMZVVNdVNuUUxEeU03aS9hcmYrNExM?= =?utf-8?B?MGNPbVF2SFZxaUtER0FZVEZyd2t6cXVEeWxqQktpbmgrbFhLZTBGQ3BvcVZx?= =?utf-8?B?L1ZtNkxTcFlLQzVYVmxBYXN6M3ZTUXo5MXNad2JFUHZaaS9WQ3MveXhQZzMx?= =?utf-8?B?V3JWa2NRTjFNOFZRSkV3MVBkcjZ1Z2xXNEsvalQvTWtLaTcrZENqU3MvbkQ2?= =?utf-8?B?TFlETHZKTHJDaG4ySllNSi9PUnBoUFZ6VTZMZkdhcjEzTmdoalJ1dEl2emRD?= =?utf-8?B?VWZXSGNNL0NMK3Q5ZnhGNnB5VENxM1VBRm1BTUtRODNmKzlyZy9vM2NQRTRh?= =?utf-8?B?ZjluZUpvTEJtZmYrL2l2OG5iTlQ5S1d6S29SN3RMSlFVYXlZWWg4RUlxMGZL?= =?utf-8?B?WGJvNGtCdTFFQXBSNy9mWjNucXZTUHYySnBrZzVyVzB2RTlGQXc3bDdSK0tt?= =?utf-8?B?aHMxeDhicUovaW10aW1pUyswbDlxYklYNG14bXUwdXNVTFBFRTNwQ20ybkYy?= =?utf-8?B?ZW1DekFZYVBoRDlsT0J0TTRXSEhrWDVSeTVRUkgralZwc3U3L01wdHRuOEhs?= =?utf-8?B?MVA3MVRyTW13N0Y0dEViVHZZblJWVmsra0dacG5oSFo5T25xb3hReVd4TXQ5?= =?utf-8?B?QzN6QzRmUXMrU3ZQN2Q1dmxvQU5XUXhPWEQ1OUh5MGQ5RHhlVGZtN2QxVG1a?= =?utf-8?B?WjhWV21BbmoxNkU5MGhQeHFMZ1h6blNpbUhhdHJaMEhsN0RzcTczcjJpb3Nr?= =?utf-8?B?VVk2YU8rb01VQmNHeWc3dkFnbjIySkIyNmZMbXV3STFNblFJZDQvbjlsVmRn?= =?utf-8?B?LzBPM3B2eWtibEdoVzhEakgwRFAvREk3MFdGNHFXMzdVajFBRnZIanQ1dSth?= =?utf-8?B?QTZoeTQ0ZXp3T2tkYUdFRGpnTnRxS2twbG1qQmZUc1Bhdnc0bStncTRjQWcz?= =?utf-8?B?aHlGamczaWE2OWhlTEtldFZwOWN0QTdEaTJtaVg5alR3bWswQ3lVWWJkbWRh?= =?utf-8?B?cW1XMG9WTGRoL2w0MkxtbHVlU1RQRVgwSnk2T0s3dHc0d0hLWUlLeXpOT2lJ?= =?utf-8?B?SmhyNldPdGN1WVZEUUtRWm1JY1Q2YU1KNXRVUjZBZVdQZ3I2eW5kY015Nm04?= =?utf-8?B?djIvemVKWHpOUkxEeTJoaDFBcXJybTBtUHozVGhxSEtodENyR2VSMEFVOCtv?= =?utf-8?B?WDcxOXEvU2NNNlZDQTZqc1ArZS96UUdDK1RpM1pUQUFLa0NkYVp3bzhnPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3e95076f-2fbf-492a-8c2f-08dc6a753f0f X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 May 2024 06:58:18.3886 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0152 Subject: Re: [FFmpeg-devel] [PATCH 7/7] avcodec/cbs_jpeg: Try to move the read entity to one side in a test X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: CID1439654 Untrusted pointer read > > Sponsored-by: Sovereign Tech Fund > Signed-off-by: Michael Niedermayer > --- > libavcodec/cbs_jpeg.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/cbs_jpeg.c b/libavcodec/cbs_jpeg.c > index b1b58dcd65e..406147c082c 100644 > --- a/libavcodec/cbs_jpeg.c > +++ b/libavcodec/cbs_jpeg.c > @@ -146,13 +146,13 @@ static int cbs_jpeg_split_fragment(CodedBitstreamContext *ctx, > } > } else { > i = start; > - if (i + 2 > frag->data_size) { > + if (i > frag->data_size - 2) { > av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid JPEG image: " > "truncated at %02x marker.\n", marker); > return AVERROR_INVALIDDATA; > } > length = AV_RB16(frag->data + i); > - if (i + length > frag->data_size) { > + if (length > frag->data_size - i) { > av_log(ctx->log_ctx, AV_LOG_ERROR, "Invalid JPEG image: " > "truncated at %02x marker segment.\n", marker); > return AVERROR_INVALIDDATA; You should always mention when you are not fixing bugs in our code, but rather intend to apply workaround for coverity crazyness (i.e. the requirement that reading values in non-native endianness needs to be sanitized). - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".