From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 4745E48063 for ; Thu, 8 Feb 2024 15:50:58 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F06F568D145; Thu, 8 Feb 2024 17:50:55 +0200 (EET) Received: from EUR03-AM7-obe.outbound.protection.outlook.com (mail-am7eur03olkn2016.outbound.protection.outlook.com [40.92.59.16]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id DA9E068CA4C for ; Thu, 8 Feb 2024 17:50:49 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CngaHoDir5/WV+jHGkrNiS+jMFOI/UUFIoKuwPIDEP+TnBHA1YFIlaN0thszJKIkDpd3nUyApkI7OXG2MDGacc3L5fmTKHr5MDrQIPyk+CW23FIaJc61ptL/eFl3KKDV+6rRsSfZo4aixo3Z+4do+cbzCAJRal47ak80rrSEgZuEbMfqzKSVC2CUfBkZ1F5bJy9jRsDhiHNTeG+LjaNps6C7/iezJJWtG5UybqGbf/HjWwMYK+ULQzseZwvF0DfIt2aqBdPNFCLlXX2EJe9+X1Q/2JhsUz8fm/mgi3fdYr09GvlkoDEWzzs632Mc2kw9FcYONth4JiOfc/eP6VAzIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nx1AA2uWGZ7xBaebvzVoSUs5/gwvSMJzSnq3YOPJjps=; b=ax+YbtpiUIhnKCrpdQHzvTZnhOnRVf1oLOrCbETW2djvGSgkb0M4P4NcyEVpgDddckd4Aiua3VsH4F/Hsxf7VcUq6RfcX9+No5lV1QMdWRROm7+0LoMpJ1rlKHzVgCAchy+bL4h0ra1dIe4ovl56UKhQJqUWdmowwfdoxaPzW797PZqZzhiVrhaWN7tbzBi2wLU6XvzgCvmAtOR/B+9qrXM2v2DG47SurSbiNdMsM2gZDZ0K1gqaHNSQqnhDv4oz1xDNnx2pV6/3K2OVPBdL940lsgui3jjBdPu7skGuGR7FiKIKhm1b63epcK0u7ZkfdUOxdXXRXUBpfdeOP1VyGw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nx1AA2uWGZ7xBaebvzVoSUs5/gwvSMJzSnq3YOPJjps=; b=UAMYNnpLV2CdbhsrQzp+NbPQ2XwjRVgXpNy63LODDSzluoao0NtUZITu2MLLzwItUyUoO7cVDIltCyaVz69YlSGW8NBnGkqF6ltZZ/+1yZzmIGHUgivWqdLBQhTCfhU4nnhW4h2hwwPb2Jec0pgv7oC9TRpli7+JaG7KHXIzd78Ny/T7PXP/VQvwS32PzMQ777f0D1TrfBX1/oxWwMgxsPgl3t7NGTgohtR9xQOXmNWm86ugd34c+YPfNIgby6uWuj1JRbIFh3drmEDSgBf9TY1Q2veP5751Eht6PfKf14IsC5mjxPfuxz+co1+EF6Vp/wspOhZYTiA8uwl7ww4AxA== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by DU2P250MB0271.EURP250.PROD.OUTLOOK.COM (2603:10a6:10:270::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.39; Thu, 8 Feb 2024 15:50:48 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d%5]) with mapi id 15.20.7249.039; Thu, 8 Feb 2024 15:50:48 +0000 Message-ID: Date: Thu, 8 Feb 2024 16:52:41 +0100 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: X-TMN: [0MOPwAfudVmlLMXlw4umviaaYZSKX/O1Or3JdDia7fQ=] X-ClientProxiedBy: ZR0P278CA0026.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:1c::13) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <0ad81124-4819-4c31-b1e1-f682b7d60f83@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|DU2P250MB0271:EE_ X-MS-Office365-Filtering-Correlation-Id: d7e692a4-2572-4f0a-2b32-08dc28bdb7f0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UumxiDeSyJpzpfSI5gcELccbH55qkiUA6LM3BtWfKtsEZ8+XuaiBJ1rpRRo+gtgQL4lXs4q8RSkrd8SxgGwuke/mTap88xXnhQyiwt2tM2v9vb4TG/8hdV+qPzv6GyzU7ywHBRlhPz1tZ5I56xUpJAQeTS//Bj3gg5kcBn20Ipv0y3ZPPFZ3sO/MnFGNeoaWQSc9eyf9okVi+NUYew0pnIpnGFdcantCxaDCfqTudyhU9roQjczrZcXA+5aL0Qi1FqguTjLV15xQ8HQyO0GLdY7CR6LUgUU7iQCdRtX9dSCKhM/Vd6DZVfHAQNnp4g8KHVE7Inm6eK0GEO91sP4mcIt9LoNzdq2zbpWREcNV0w2JCo5H4qMOWK7E9S1YqP8aLt8QLIWm6Vq8qr0v9dBGEK95ZIc4jVa9NBhlLLkjKMKMjZ0obnWDO/T6n/n+ILMPcRoHDayjUBXIUaSmcZY1V65P/jm2H/GRcro/9SnBJT0mG91dIUNlVtNGz62zJAe6qPp5QmXtH8GKdlmMpyiu+/QZGnaJpoMWwOaOYPnvgnsMJCrOtZL5jNGAi34LgGwdPc8L7bOyfuqnBkmaggBBBeek3DLap14hDWWHCWo8m9c= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?dnZaSkQvM0R0UWpUQU1pSkR4WVRHME5IT1FNTkN6RkV5RWlNL1NHRTFmbkVB?= =?utf-8?B?UEtud01nTEl4Y0xMVEZGWmp0TTZqTFlZakp6NSs5WDF5K1VzQVYxMm0wQWdG?= =?utf-8?B?c3YvTWpjZkplcUxDdG5zN1BaUnMraTJxbHFxNDJyMG1wZW5vekRjblNWSUk2?= =?utf-8?B?R2pTRCtxR294S0x3MTlFK0NOOGNQNGpaMGxGcEVKa29PQXN4MCt1dmFkK0NM?= =?utf-8?B?NVAyRFM3TnJHZDNja2NUMkVRdmxYR0RHVnpxd29LcVJqeUFBbytieDdWZlR1?= =?utf-8?B?NDBaQ0hZeDhkenlYci9JQXYwd2ZLRzFaUjZtUCtpVHhwR0NNRUpGNjR5dlpq?= =?utf-8?B?eEtDaGpnMzlKZVBFUmxuaVZNcHp0SkNNNWJiZDk3WUFSaG80dDMvU25RWHg3?= =?utf-8?B?LzczK0djejZrM2Q5Y3N2YU5USUFRbjFLNWRTK0loQUVsQ0Q0dTZQakdML29P?= =?utf-8?B?dVgvK1BjamxFVWxKOS9RUEpza2hEdWhwVk9QVDk3K2wzb2NGTkZSc3JuWWg3?= =?utf-8?B?Z2F6TDNVMHBjS0tuaDZhNkVxbzB6UmY4dTJYWTluVTNudEJjNXhNTldIRFFn?= =?utf-8?B?bGpJNkc0NVBRaWk0OHNEQXZmZEoxZldQSzZETlJsOGJPcW9naWp1dDFQVm1C?= =?utf-8?B?NDIwdmk1bS81eFUzT2tkOEpBWHBEd056aXNCeElrREdhMm9rT0xxaVowcjdD?= =?utf-8?B?UnVxZm0rWXpvNHRaNkZsa0pMa3B5a0xEclhISEx3dG9CNmFNMmpuKzQzYUFD?= =?utf-8?B?SlRyanoxbGZpdytPRmZIeUE3QlJKRVp1aGtOS2xaeGdwMXExRFdRckdMY2lJ?= =?utf-8?B?by9GaFBsQ3dFUUVVL0l3VTc5Z1hBcFJsVmRuWURQMnpyWXpzRG1rbDFhaTlo?= =?utf-8?B?NG1IMDI1bm96dHVDTnpiMW11eVRBTWx4bHkvN05uTXV6eU4vdlZlY3pMMEtI?= =?utf-8?B?aVRYYXNuWkEwdXRhL3BJNTdoT0tFeGhqbU4yOW9YNml6eC9uaVZ4WjhVMTln?= =?utf-8?B?SW5sVzFsWmNWQnlreUw0bmc0UXRZM1dIRWFKbUJTZWRReEo0WDJQaEFKcXZv?= =?utf-8?B?enFMaUE3anQ2c0tJaFFSL2d5aDlSeUcrV3NGK2lwQzNxQmZ2dWRzWUZVYS9j?= =?utf-8?B?aXBjUCtSRTlzaURkeHVxWmtlU3VLVDhaTm9oM2NVbFFGbi9jaVh3MWM0Uyt1?= =?utf-8?B?VEdmQWxLYzVXQ21IS1lnNGxkL0lEL3BVbEVWTWJDa3Y3VW9kZ0M3dFc5RTJM?= =?utf-8?B?ckFPNWROSVRnMVR0bVNPTzZnSS9HS29CZkJweUg4V1kzRVE3M2Z4aFhKVHRj?= =?utf-8?B?NnNmeE5GdWl0VGQ0aU44d25RZnBhNU9TRlg0VEd1WTNZTHhDL0prME56WEl2?= =?utf-8?B?YTNJQ0V4NTh0QlVUR0V6TWJTd25aY0pYSytJRUR2dlFUQjRnc1d4ZEpRWUlF?= =?utf-8?B?VE54MXlkeTlLVllDd242MEMzOWtZR09WQW0yNzFkY3lmSStESkxLR29VeHVq?= =?utf-8?B?bVFXaHdUbWJFQ3NBV2dYRzAvQVk3UFFYT0d5Mzkwa2ZyRERTT1VZd3VSakRq?= =?utf-8?B?Q1NCR0k0RWFMNnJ3QVNBd0NVVXlwOXlRSWhyaUxBQ0VOc0ZJYWJrNW9oTlJI?= =?utf-8?B?aVl5WkFhWVZoaHc1N2pNM1QrNEhIa0tWRGF0NHUzRWsyWVFRUDRIeTdHVEJL?= =?utf-8?Q?aY//C3PT2sNOvfoVyFK/?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d7e692a4-2572-4f0a-2b32-08dc28bdb7f0 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2024 15:50:48.1576 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU2P250MB0271 Subject: Re: [FFmpeg-devel] [PATCH] avcodec/vvc_mp4toannexb: check the return of bytestream2_get_buffer X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Nuo Mi: > Fixes: fuzzer timeout > Fixes: 65253/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_MP4TOANNEXB_fuzzer-4972412487467008 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/bsf/vvc_mp4toannexb.c | 12 ++++++++---- > 1 file changed, 8 insertions(+), 4 deletions(-) > > diff --git a/libavcodec/bsf/vvc_mp4toannexb.c b/libavcodec/bsf/vvc_mp4toannexb.c > index 25c3726918..a15c1eef5b 100644 > --- a/libavcodec/bsf/vvc_mp4toannexb.c > +++ b/libavcodec/bsf/vvc_mp4toannexb.c > @@ -168,8 +168,10 @@ static int vvc_extradata_to_annexb(AVBSFContext *ctx) > goto fail; > > AV_WB32(new_extradata + new_extradata_size, 1); // add the startcode > - bytestream2_get_buffer(&gb, new_extradata + new_extradata_size + 4, > - nalu_len); > + if (bytestream2_get_buffer(&gb, new_extradata + new_extradata_size + 4, nalu_len) != nalu_len) { > + ret = AVERROR_INVALIDDATA; > + goto fail; > + } > new_extradata_size += 4 + nalu_len; > memset(new_extradata + new_extradata_size, 0, > AV_INPUT_BUFFER_PADDING_SIZE); > @@ -298,8 +300,10 @@ static int vvc_mp4toannexb_filter(AVBSFContext *ctx, AVPacket *out) > if (extra_size) > memcpy(out->data + prev_size, ctx->par_out->extradata, extra_size); > AV_WB32(out->data + prev_size + extra_size, 1); > - bytestream2_get_buffer(&gb, out->data + prev_size + 4 + extra_size, > - nalu_size); > + if (bytestream2_get_buffer(&gb, out->data + prev_size + 4 + extra_size, nalu_size) != nalu_size) { > + ret = AVERROR_INVALIDDATA; > + goto fail; > + } > } > > ret = av_packet_copy_props(out, in); It is better to check that there is enough input before growing the packet/the extradata. This also allows to use unchecked reads lateron. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".