From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 58D1C4A859 for ; Mon, 17 Jun 2024 05:27:30 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5700768D6BB; Mon, 17 Jun 2024 08:27:27 +0300 (EEST) Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02olkn2109.outbound.protection.outlook.com [40.92.50.109]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EC0C368D677 for ; Mon, 17 Jun 2024 08:27:19 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=klnV9LKgTBlMm7PbmrqR3jLJtKbN02bARion8c+FfRxCam6GiUA0VUIHH+JMtBLQZTov3hjofAjuadsG98kt1vykRyejuEjj00ndKVrkoeXwGC6PJZj9BfFEPqpmbHPc+jUd6BOEfconL9ZHhdoY7XWaQqth50s9PgkAPDXKWcPGgviaJHR0xkoFCFGFIOQ9IeCodTT8UXeQgqdQDHk/PbI23/7qmjll4HLIc781Wbzh7KUOgpKsSPWl6h7Opq+o2KtHOGEqm1kykpy7pcwEcmZCP5SsiYF/dkeuGAYXR2x3gSN7KUhAljr3WqBPHggD+bctzKp0/WU5hmYK9fRQiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=W24nKqW+98bFPbe0ue5mxhmm/rkD/p3bMaJU7ScD7oo=; b=cwcDM+ys+lZtAtM/HdQIfySD9pTOxJMm8xiL29EZgbGtFM5YCY1Jdo21cG8g8Yi+oQDDvEanCxuVgwWAnGoMGigG5gSIsm6c4o2QAfPsZlgquYDh7hZMsPNTgdj8oLIdRmurCZqW2wJITnxvK4S+cjbMttrDzQRHtKZUbgzQSlqr5SqGo4vzqwcvzYTLdTqZcLpFVWu/KiBr5k7gs0YTfVeIUPJV5F8kYULT9HlkoLG7qNnoRIzVWx7+NQy3CVf3tTw7hA2L+9wwtnkvwLMUMnJHfO7LJcdmQ3qkPo0R8Oal/qXWxTuUHzc4gymG7BnVZ1ourWE0hDbQlj1Zg7dK8w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=W24nKqW+98bFPbe0ue5mxhmm/rkD/p3bMaJU7ScD7oo=; b=CfIEW2+3aCyXrrpT+knkfICXVEggIzdNp0Ya18SDOVCE3zaJSCFaAUqgV87ujPYIUINwNHhV7w9+ln/NnVEQLEGRzzU0PxAgIEHP/L2+v7eaQdjPzbttGgad+8o9bNdbTUdVO9WX/4My1MFO5Ys+UUyFcVIKewokIbYFVWOZPhtrECEtsw+Msx5aEcX2jgJ7Nq+DqcwqM9kgaWnkM7a0ioxvdI8MTFkJmcEn/WNPP75IoiMdEBfzA+RZuMnnwJGLsQW05tbNZ4CxR6BB9XHvA9In+ih0F+1b+Sl69FLQyN1KRnAa/GN7YLtwZyhlzMtw7vk1jfaZmjLbsALpHE9W5Q== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AS1P250MB0581.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:4af::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7677.28; Mon, 17 Jun 2024 05:27:18 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::384d:40d4:ecb7:1c9]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::384d:40d4:ecb7:1c9%4]) with mapi id 15.20.7677.029; Mon, 17 Jun 2024 05:27:18 +0000 Message-ID: Date: Mon, 17 Jun 2024 07:27:16 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240616230831.912377-1-michael@niedermayer.cc> <20240616230831.912377-2-michael@niedermayer.cc> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240616230831.912377-2-michael@niedermayer.cc> X-TMN: [Yke8gHyajGgkHYrcB5cBtsVSf7zJJuAQrmDzfnJudzA=] X-ClientProxiedBy: ZR0P278CA0194.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:44::21) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <438362c7-a83c-4489-b37e-fa57b570a7d5@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AS1P250MB0581:EE_ X-MS-Office365-Filtering-Correlation-Id: fe7dacae-fcb6-4c70-6a42-08dc8e8e27b4 X-Microsoft-Antispam: BCL:0; ARA:14566002|461199025|1602099009|4302099010|440099025|3412199022; X-Microsoft-Antispam-Message-Info: 7dQVHBv96j2AcrqLBak9NnlwmfN7tewLwObrDDNgP3YiCEq4w26/Aj15+aYR9vM7xymF5XMNEGmKssOkXCUdyjkmGhcEjk4zboGx2KcaWzbUmB2I6ms8oDUZXbtphjCBogEfLN6zweLHWnL4fiLuGnvNqrR+N8CM8VSXmrynaxRY9s8zUlXLdSSXaLTZzDvPcmRrbQ/bMycnOr2wAnxfIeB3dWuuKP6CRm92fsBLFaxqrsknu5HZvc2uFHm0dfWxqB36bWHuvxvQevCBIt2HuFm0Y/hgl7i9B5Q1jNSEx4GNYKRzjaXTvqG9MRFqIaagWErpZieODNGQX9wop2HNToLJoJDySFftwCkFGOcjz0QvuKItIXc0wHiA6z8LD2Un/7ZUbGsmupzU3ZS9PkEppcOfsHbDIqOu2qQO60TJbGTJjn4RsvOsSid5FTAHFSDJy5V6lMJliqdTKoUmPicoU1NSbVuwtA4t+PVGSR1/nJADmn3+i1YUY5+8YRH+yE3V6snP2wOQNPOcsenuVtCjcmYw+++4ItMEOkOXed+wyGSWGbj3YY6g8j8JqL41LU2rYDI37aX8Cr33jPAN3syJrc0T/ZwyLnzZm0BrDbIF5ZgaLAi3d6rshJ5vgNVCraeVyb0A6+8FlcdpSz+TmnfjfbJ4pQCJxXFxv57lWHw7Px1mYJukXeKHmWsmfpTWm7Xz X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?b0pJYWo5TVg4eDFYYmQySEVUbnlnZndCVmdKUlBiUElNcXhpUWhGWjZncWx2?= =?utf-8?B?U01YNEpHOUdPNjFWK09HKzJPd3lZVlI4aWtaMVFoZ1JQYTV1YUZXUTdRa1J3?= =?utf-8?B?Q1dFSVlyVlFJend5cHdiY1MybE9zdW5XOHg1QmV2RUNva0JiaTRQYURUN05F?= =?utf-8?B?TWx6SjJFSGF5Z3NMbk5nMTVCMmMyemgvMURYanJwcmhiQzRRTjVIZU9Wd0di?= =?utf-8?B?UDlmalAzOUZHRUYxZXhCSXk4cFpqZGExS09WN1lURG1idGR6bDBiVXJjUDJK?= =?utf-8?B?d0JYeHlhMTlIWHEzWWNVTHoyZzgwSytyVWJ4THFPTkl0Ylg2dit5RGVSZE9B?= =?utf-8?B?SHhvcXdWeUZXTUZCbjJMS3ZwYnoxSnlYU3JrUjVRVHRZOFJpa0JTQnJSM1l2?= =?utf-8?B?NVlrQ2o3YWlMaXloNTNaL2ZCdWVJc0R2cnk5RUIwSlVoTmUxVXpJbXVjdmpq?= =?utf-8?B?YmtkdjR6SkJRZjdvNXdQNEJGdUQvL0xUZTdieHp5M0M1Q0hXSmd3b3dEdG42?= =?utf-8?B?MVNhQklEVHdFUDBuNnhKeVZldkNKTkF3ZVlJSW9mSU9QZlJ4UjlpQmdxMW5w?= =?utf-8?B?TENyY3VaMXl2Q05nbGVBZWNqSGR6cHBETXhTQWhwOS9WUG10R3hNZUY5YmRL?= =?utf-8?B?SnpnaFN6S3hicDFnbytWL3crdlVadTRmWkZBVWxxbWxWQmlNSDlRM2lvTm1j?= =?utf-8?B?Nlp3Y1BxMjhhVlNiRncrMDArTGRFV1lPdnZvWU1qcFBLalNRcmlKSFJyU2Y4?= =?utf-8?B?bHNaRnJvNmZVTWRRbExIVXZEWWJISkJ5bTQ3eXM4TG4wRndNY1J0dmpnQ3Ny?= =?utf-8?B?Skp4Z1BCRHRHNXNxbHdZc08zcGMxMDEyT0tSVjhDVGJnRVMrR1ZPaFJHaCs3?= =?utf-8?B?ZnozOVB1TUlkK044cjErOWNxaDQwSk5xdU53bnVPWmdCWW9PZzFBQUxkbVc1?= =?utf-8?B?OEJCaHVXSmdSeU1UVjNHMURhV1ZrNFBHWXRwS0t2YXk5RHI3dDNmTUpUSlNN?= =?utf-8?B?dDk1aDY0VXpvNUU3SWh1amJHTXNjYjdwbklkd0RHa0VHQ2oxOS9ocUY4MEpx?= =?utf-8?B?cGoreVNVb2kvK1dnUCtraklpeUFsM3p3ZEZ4MzdoQ2ozQ21HZlltU09YYUNW?= =?utf-8?B?NmhQMnhKZUhqdDFFdnEwa2N3dkFwbFdzWm9JVWNvOFlhd2NxQkI4b1V5TjVt?= =?utf-8?B?Q1E0Tk5pZEY4bWZoVU10TnpGVDhkaE1US0JMcGJpbDkyMDdOQi9YRzBpS3NY?= =?utf-8?B?blM5WUFXYXI4REFaT04reUZ6dmdVY2lFQTU4d2s5czN6VWwyb05IaUw0VExy?= =?utf-8?B?M25neG5qRWJoSmNrckRoNnZlZ1NFMWl3TWxaWndIWU13ejNDdXZWNGlTdWNx?= =?utf-8?B?NjZTUXdHRmZjL0lvb1VabldJNUtBS3k3Wm8xM2VnQ0N5U045RzlLS055M0Z6?= =?utf-8?B?U0xnbFJEdHhmajlvTVFBcGpobXkySmRFWDhldDdVdFlzcWxDb3c0TW9hZVJC?= =?utf-8?B?MDBodjh0TWV4MjI2cEVkV0VRK0gwMnByeXJoYXlCQjBUS2pacm15VnlQYVVR?= =?utf-8?B?WmxvN0RNc1h4ei96Tlg5Q1VtMHpqNjRHVllGZUt1M0dIWnIwYWxpdXRuWFRI?= =?utf-8?B?UXhrSHRMU0g5SUpCOGRKTmRGZkcvNys5RHJORjR5QnZkVkxzQlJ4OVc2U2hn?= =?utf-8?B?QkU4djh0Qk1TM3BTNGlyZXh3THVFaUwrMTdPZVNJVWhhWWx4eFZCcVB3PT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: fe7dacae-fcb6-4c70-6a42-08dc8e8e27b4 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Jun 2024 05:27:18.4393 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS1P250MB0581 Subject: Re: [FFmpeg-devel] [PATCH 2/9] avcodec/mpeg4audio: Check that there is enough space for the first 3 elements in ff_mpeg4audio_get_config_gb() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: out of array access > Fixes: 68863/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-4833546039525376 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/mpeg4audio.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/libavcodec/mpeg4audio.c b/libavcodec/mpeg4audio.c > index fbd2a8f811a..ae18944f0d5 100644 > --- a/libavcodec/mpeg4audio.c > +++ b/libavcodec/mpeg4audio.c > @@ -94,6 +94,10 @@ int ff_mpeg4audio_get_config_gb(MPEG4AudioConfig *c, GetBitContext *gb, > { > int specific_config_bitindex, ret; > int start_bit_index = get_bits_count(gb); > + > + if (get_bits_left(gb) < 5+4+4) > + return AVERROR_INVALIDDATA; > + > c->object_type = get_object_type(gb); > c->sample_rate = get_sample_rate(gb, &c->sampling_index); > c->chan_config = get_bits(gb, 4); This is not a proper fix. The real bug seems to be that avpriv_mpeg4audio_get_config2() relies on the buffer to be padded, but iamf_parse.c does not add padding. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".