From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 62FE1493CE for ; Fri, 9 Feb 2024 11:40:01 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A24A968D142; Fri, 9 Feb 2024 13:39:59 +0200 (EET) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04olkn2011.outbound.protection.outlook.com [40.92.74.11]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CB64C68D0F5 for ; Fri, 9 Feb 2024 13:39:52 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Aw4bZoIGMCrQtez0U0jvSE4FjKdy85Qj2w0vkdKMoXeGH29Drb6YeRc6kDrzgd71y2zVYW8iPYr//SL2uMuWNpZdb3m+/ZCOGgPmlD0c9labTxTmdvNt1HihE7h6lERyAlqWHEJpLXRZGYRg3VQ1TkzQvWGeMUgLZew+KPSlOb9U9ndn/u0RcQSPNupUcIz901yU+wP+FUNIII5fsuDXqicfKXxMsSg8SFyQzC+PqYB6t6NremU20MoTXj1DzFEulWvh9U5JysgfWaHrPHPyjvmPB4VqO+r9Ebf2vX7KBLrCb0PwjL7j909Ur1lXovxIneIb3UXv3F7YgYCukXa8Tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9r5mXeNPNiaLoz2u11hv+AScBJfPsdQTkOHC2gJYB3E=; b=OICanM2HLmF0xzphUciUAtUFvlYsWNteGVOmhuvRA/4VG44E57ICvlTlv5NOBliRone4Z8xUvOG3Pf9irzThNRaJcmZ1tRTKEJTFYUiQEnabpn6ltyLCD+s+4qd6/cpJirDgQSvvmgtGebCY+ZHqusqFdOPS36qs9tJ6nZAHJD6taNig4ekA0Q9al/3Q5R8to4BM47huuz2FZK8JroU2LQXMhbZ5yadYJ6NB2VhV3vl6NpzQjdJkRDWHWxpjoxhx8ZX5JkvsvZy90huK0/sAKjT6S8xUikXC2XuTucNY2kIAtfaTb8+8uWn3Xq8PAlKY1Bx0U8+TN5Sxctm48PhRlQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9r5mXeNPNiaLoz2u11hv+AScBJfPsdQTkOHC2gJYB3E=; b=WozG8wHmbt083q/dOtFNWgODFdeudApHbzGO7duxKfJJhH0I7l5ysx/rx5FfIhYrJwv9kifgW1IcjTKMl6rHjoE/Fy1brUIyyitY0JOLtUA8K/BElFAUVPmPj83ZBONSKsUnAahXCl/DYyAQqoop4FIX9lsuumpnacwEW3tMBkD99g41RURe0987ihBX7DQkGJXHGtPsmMp/3QNaU8LwNvYN7MSyMY6DO51doTn2rzTh9BrFz4Xudy1/UviuGezsnESr2Geq7yp2TdSw9B9X5N7p9WM2Ce00b7R/N6yBgetLEsHLuODDCJQNq41WJQ9+fgpeQNb7kxhsh5Xu2aC2QQ== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by PR3P250MB0099.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:172::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.27; Fri, 9 Feb 2024 11:39:50 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d%5]) with mapi id 15.20.7249.039; Fri, 9 Feb 2024 11:39:50 +0000 Message-ID: Date: Fri, 9 Feb 2024 12:41:44 +0100 User-Agent: Mozilla Thunderbird Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: From: Andreas Rheinhardt In-Reply-To: X-TMN: [4k/+5fvoIRWjFFgI/bYf08/PSXKKm61UwUKb2B7JlfQ=] X-ClientProxiedBy: ZR0P278CA0010.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:16::20) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <53d64d3a-a47f-45a9-9398-5107d722bb91@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|PR3P250MB0099:EE_ X-MS-Office365-Filtering-Correlation-Id: d23076f2-5d87-4afe-d2c3-08dc2963d372 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: lF3Rjr8E5gn2SmBlpAyhGlWg/uYe+2m4h6p5wKVJYXgb/H6fxNMqVOCiD5p3+lmycxU+cRTICSBKFGZ9vwAor0A18vkqUA4alvx1ug9t4tkcUwrduYFwgkLjeOSwx8qHdH5tZXzvshU6uQPvzrz5pkHS4OA52EMglLIKXy94uwYb04YKPd2bpr0kg/6JxjQON8AQt1ZwOKSXsCr2eA4hyNOuVBAMQH7xKtwhRDoU9Qrfucu7S1ZWYRWJx2d2l5s2FQb0e1k+Ck2OPHiXUyTVFYPgK/KTzMYirFeN4WoOwruNxv1oUdnbbCfr0wHB3gHo4cvuPOvEopBER12IDnKthmyjvnFeyTq6bauY3y9afS0Yk3w2cwG5CLu9Bs9w7c/fqRWIyVDlFTkbFUrT76At0PYH1VVydRGILZB709YHgRJgtvRI9RC6jSNkdltg1LwWZvnEIyj8KoJYAvt27pdec27iAUXNLYtJfIv/qGkXthK3RGrOU9VYENwEEP6wSUwaNp405wBDYbVRnjtH5aZvPq7LjaoTobaIxuX2Gaz7GMV+RhXBbCk/MDsvrgSxQ87xsOR6sIlnE9Uy6jbpvSTMvkH7nqpEX0z61AcEYM16mWU= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?bml5aXNHdnF3a1VZOFRtVFRFTTFSdlgxVmVUb3I0a3BEYjdwWkxUNi9ZRFFC?= =?utf-8?B?andQcEZ1TDBHRkx4YmpFZkJIbTlEYkVZRktEZUdhejhjalh5QW9lb0doK3Nw?= =?utf-8?B?TExMa1J5dEkwbnV6VkptaVVLTXBGeFZvcVk0TFBoNlVLL01TQUkvcVlVcy9Z?= =?utf-8?B?Rks3MUZxbG94MDJpaE5Bc2RuZVl1Kyt1ZWs2bHZybzVWamZaQWhCNTJNVzNX?= =?utf-8?B?cjNheWl6Mmo1OG9EbFJkUTNvZnVYdm5FZ2RxWWpHMGdLVWQxcVlQMlZwMWxt?= =?utf-8?B?dFpXd2x1UmRpdkVJb1F1cU9ueTFQUVd1SUdYRnFVVmhyczFrbUI3TnlEZC8r?= =?utf-8?B?RW13dWhKU0d2VDU0RzdNR2J3ZHAzMFdDVzdQQlRGd2xqQTdLRjJFNDFnc1ZZ?= =?utf-8?B?TlV6dE1VYkNnYTVhYi8rak5WRG05cFRmejhUVFNoU3RHK2QweGszSjNTbWk1?= =?utf-8?B?eFlRK1NjT1NhQTdmUi9Xa01OTjVqZzlxLytacXZUZHdQWmhJZ2pQcy9qeUxO?= =?utf-8?B?NnpFdUQ5dGVhZVNMYnA1SDBuaU85OUZTRGVVb0tqOWc1V2hXR3NlYlhVODlj?= =?utf-8?B?aWJUQTNBZjBGN1dIS3R3K1VQUlRBaVRvM2dxVTNxamZWWXlHOUdjcVBUVkdI?= =?utf-8?B?RlpuRFMwemZVV1VLNmkwU3prNUpzb3ZpVE5vUVF4QjlXaktMc2VpY0F5MmI2?= =?utf-8?B?a3BHTlhWc3pFTjBZSDdUcVFxYkQ3T0c2RVczS3dWM0ZHZ2E4VXN2RnJCa2tC?= =?utf-8?B?OUdnVWJPSXFjSDVtcFpNbERQRmdiRlVOWVdaN3h4bWpQMDljZHIrRGN2Vnp4?= =?utf-8?B?ZGUvSDMvQmd0ZkZZY2s0NHl3QmUzb1daRkk2QWRzbjhVTG1yRmlVamRtQzY0?= =?utf-8?B?SERONkd6ZURwQ29MUEc5MUtyMC9maW5rY2ZCOGFQSU5FKzRwbVNFK1VoNW5j?= =?utf-8?B?L2N4Y2VRbFIzT29nOWJNS2dWWmpobE5QZ1dTRitNUEpsdzRxKytlYVdlcXoz?= =?utf-8?B?TGxQOHBIaGlZQmd2YUZpSWpUYy92RGpJcUNNRjdrdU53VHFITHUyYmVlQzUy?= =?utf-8?B?cmU1ZWhVME1NS2dLa1pYdmJQZnYwTTdwVDNvMTJwYzZ5bURMUDAxTjJCMGNN?= =?utf-8?B?U2dtaXNoYmlKZjFwSkhVNzJ5c2pUYkhvZTNNYjJtRUc3OXEvK1hwd3l6OVJY?= =?utf-8?B?Q0JhWkorUUkvNFNkYkpwSlFiT3FMUE1LbDNLSHR4UkFwR2ljaHBIRXIyU2R5?= =?utf-8?B?cUVZSXdYdmFmMkJyUFFNQjhRM3h6ekpKMEcrUUFGQXowUkZwSlJhWkJiOVZm?= =?utf-8?B?ZlFsQWhDaTFHNFRXS3RpMlMyVE5BTVpBQ0J6eVZDUVJ6Q2V6N0hxUDAxV0pI?= =?utf-8?B?YXF5RTBSUjViWEtLQlNIc002V1pJbG5FNm9BTmdTMm5pL0hiQ2lrdHhUQWpq?= =?utf-8?B?bmpib2w3cWorQlpuWHlpSDdRZWxhR0U1VzM4c0dFb0hrd1p5UVpQelpmZm53?= =?utf-8?B?bk4yb1p0UnZydjN6TkdlUnRJdHh1WE9uTkMrVkJrTWxyRFdyUUpaeGxXNWNi?= =?utf-8?B?c0d3eEFYTDdNeXhJODJoWWQwdjE0SmhLMFk1bFZlanR6R0l1Y0FTWHljWC9y?= =?utf-8?B?L2JNYVNuWDl1d0p2bUVlL0hORmdNenRHL0VyYXRJN1ZpRkl3RXk2ekVreG1I?= =?utf-8?B?SW50NDhTdjhBYUZQWk1CUm1MTVpWMFVCWk5MT21jTkhsdzJPeHpYajVnPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: d23076f2-5d87-4afe-d2c3-08dc2963d372 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2024 11:39:50.7906 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0099 Subject: Re: [FFmpeg-devel] [PATCH v2 1/2] avcodec/vvc_mp4toannexb: check bytes left for nalu_len X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Nuo Mi: > Fixes: fuzzer timeout > Fixes: 65253/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_MP4TOANNEXB_fuzzer-4972412487467008 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > Signed-off-by: Andreas Rheinhardt > --- > libavcodec/bsf/vvc_mp4toannexb.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/bsf/vvc_mp4toannexb.c b/libavcodec/bsf/vvc_mp4toannexb.c > index 25c3726918..36bdae8f49 100644 > --- a/libavcodec/bsf/vvc_mp4toannexb.c > +++ b/libavcodec/bsf/vvc_mp4toannexb.c > @@ -155,10 +155,11 @@ static int vvc_extradata_to_annexb(AVBSFContext *ctx) > } > > for (j = 0; j < cnt; j++) { > - int nalu_len = bytestream2_get_be16(&gb); > + const int nalu_len = bytestream2_get_be16(&gb); > > - if (4 + AV_INPUT_BUFFER_PADDING_SIZE + nalu_len > > - SIZE_MAX - new_extradata_size) { > + if (!nalu_len || > + nalu_len > bytestream2_get_bytes_left(&gb) || > + 4 + AV_INPUT_BUFFER_PADDING_SIZE + nalu_len > SIZE_MAX - new_extradata_size) { > ret = AVERROR_INVALIDDATA; > goto fail; > } What about growing the packet? - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".