From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 5B6B04B6FC for ; Fri, 24 Oct 2025 22:04:07 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'+3wQ/8wn7FH34FBtIxrNE4B4C8xuo/d1A4GAT53FHf4=', expected b'DBcz+Z4LWMXSmj9gh+nsej31s00PmCQqIJY5uASkVFQ=')) header.d=googlemail.com header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1761343433; h=mime-version : references : in-reply-to : date : message-id : to : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=bD3jSL9wybBruAgnHgn32zstySLyjxWxVtGjyK6IYBE=; b=mbk4nLoN2F3qPIUQDYcSkIZh0CJ9DKjvlgJLx1bs4/OsKH7AUHy42ltPa4rVGCAlefiHp Dz8IvSTZzVSHLPAvXWVOGYO90PExfja4Nq4Lu4ZDnSULjKxfKNC1JMBsm8Ww4lgyPVv921T ZTGQ5oG3ng/omPRKvExd0Z1I50k+0NHkHOXeL0IK4i1wQjNrRVYUT47HsHX4BtMELjm7tsA YQmecnPw+NeseXgmRZqLr7OswPrBFDMeF0D1XckfHUo3NdGP7w0STxzZjJ7YUtF72ZPg7L6 xPW8D6FWhq7ahj6NPNkKZwqydjsLEvz3vI//VQki0tCGaRuPL2nnRre5M2OA== Received: from [172.19.0.2] (unknown [172.19.0.2]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 7F95668F66F; Sat, 25 Oct 2025 01:03:53 +0300 (EEST) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1761343430; b=NQKiKOHqn2Rpj78/AhozcFRWsoxiVCqlhMJlFZdE4/K3H+Hg6NCbqqvYlLubxDbkhPffN lGfv9HiEJPF4JGBTof1UGuBj0H1k5xYkF3yFYk8+Da1FyeTnUuONqNqVP0uOR33NUSU3/XR DC/V31/m/Ajk3MuIVcwN1AaBSMINbxrnmVOd8rkp7vAi9RdMAcLoYmKCAhbqr8rSJqtru6D ARofIF3ZKL97vbZWyvNzPJCafVOP6Xn3HcNLH30MsQG/OfFJC0ec4Caxj5rjl7C08Z0Jplo pSMcWukBOzmOP5OjKAtu31Ekl463RO1gbgPpmb150VdvYJKXmG+Ea7kiqRvA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1761343430; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=+3wQ/8wn7FH34FBtIxrNE4B4C8xuo/d1A4GAT53FHf4=; b=KzGfJAj+XzUOq+fqBNpoUcxd2R4uEdALBSpdnbp1FhB20YCB49Ncrb/dIahrYRDCreTIG j58mriAqSHvreS8KofwZBjwLyL8DFsS1lxCdY0pGP99s7f1L1rBh4H4X0mNkXuQes+Qh5l8 JUvlkOPaS0CrrzUJQ46mUM/LFRXsUWnft6W8V0slrm1xQAZBT3TcCw7sCwWzBjH1a8NjIxV AbDWtCfjyqb0gvm3og9omA29rCs19z20rHA5ueUNdFVHBNpuCt5RQgNRCX2POIIMiq6Pffx UCqDvemL+TS3XXuPVFrONIPIUSW2zVVoA/4M6c0l4qgAULXEGBy+YyaUenlw== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=googlemail.com; arc=none; dmarc=pass header.from=googlemail.com policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=googlemail.com; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=googlemail.com policy.dmarc=quarantine Received: from mail-yw1-f175.google.com (mail-yw1-f175.google.com [209.85.128.175]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 3A3E168F61E for ; Sat, 25 Oct 2025 01:03:38 +0300 (EEST) Received: by mail-yw1-f175.google.com with SMTP id 00721157ae682-7849f01e56eso29998067b3.0 for ; Fri, 24 Oct 2025 15:03:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1761343416; x=1761948216; darn=ffmpeg.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=DBcz+Z4LWMXSmj9gh+nsej31s00PmCQqIJY5uASkVFQ=; b=LQOuL4+s1crfppAMb+oRN6tZl0+/JKo0L/plNfO1jxqPrAb2Rw9YGb2+krnSTfROei eIDJm6jrBEVdMQ10Gl7p8e+Woluql4QrMGw45cD0ftie+QyiuJFsl6e69RbjQcw2L6wy 6xIeMEwIBbO7NpZizczUQMyyy9p4CT1Z+CJVpguNBmz1FPn6LdhN9NpsXHNnuvnpJhgs O49Maeg/5p7uBQ+cfIHWrSfyRAAKy0GrRv2C8PpxU23QtrWl9yYuFiXhk4FaOcGV9gZT Exg1pwvHUjBrS4mhdsIGheY7gN6UYhacdxSqnGV9cMCSSCSOpw6fFYny4+z2ckFR1v8a unvw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1761343416; x=1761948216; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=DBcz+Z4LWMXSmj9gh+nsej31s00PmCQqIJY5uASkVFQ=; b=QELZYzxtrygvuMKIqk6wCHFnDlG6QD0GKXXfpOAik6L9ltWA4AGbE10IERVyTSXZgx mtMwVulAu2CZiV+kFYnHvGKSUOy+MBi/JDCJ3jTN8zztbv51/kYngNeyYNaJjMDYz/ag GOGcqig/w04dB5GYZd/8FqlM2o5WrzvV17lxOBW1x1YOuGOBsDiLpOIbuqr8VDWrFe9T Vrl7K+5Xtqp+of6YUV5PbuOAoqA4Jr7CWkO/qQJ7Sel86kEG74BI9o1pbs+zMEut92Oo Eb2WOvA25lWRVTIPskidKnOV+lc+wsslwtSGF11DToM05ORkrJH1FhdUCqvjZfgSMQ5h jM0g== X-Gm-Message-State: AOJu0YyeFKkq6V99NDLVnYtMIp1dHCVAdN9NzbZDJz4jEyxcoxD9BJg/ O+b9S8HHv/RWD4GBHHKo7rG252N4kiiBndSpUNF0e/Qor1G1p55QQ+K8Y1d1d+nqE2GkgwujoC+ 4ZDmxfLU6Ll9hMxiamDlMYObPl/s0Oj3eWK4f X-Gm-Gg: ASbGncupeysBRRD4roAvPeW2rmjaSxdM3HsMjGvu4ylfwNIxIKFfh/V1Aha15GKEMG8 MWfHVfTliKApaJrvI2eJY8lNmFk+OMKTN9xezcsOKpd24tAApXzAXmRoFBmKJmQFDYzGp0kPJly 8L7rBXH3aDF7TbOjzfhITBYVsxEdpRxAB5Ee4oOde67dloXW4gRbMynG/jo+7vJPEuZuCTWX/4O VX30EHMZu7H7Q0ZeIE9ffntXttify6qNwpoMgj8L6s6SGvUhfLxZMDIG+swB4cTraZR0kye5QMr nVYcTKJ4boiZGhEN X-Google-Smtp-Source: AGHT+IG3HEpiOwW29qct2L7jNAvZ4tbJYNhwLr4AVexytcKy+tzQa8oE2wLpndpvt5phmTfc3HrbYFnZL+XAid5CTN0= X-Received: by 2002:a05:690c:17:b0:785:e624:9ed3 with SMTP id 00721157ae682-785e6249effmr23128417b3.10.1761343416387; Fri, 24 Oct 2025 15:03:36 -0700 (PDT) MIME-Version: 1.0 References: <176133193030.25.2306743551918367776@7d278768979e> In-Reply-To: <176133193030.25.2306743551918367776@7d278768979e> Date: Fri, 24 Oct 2025 18:03:26 -0400 X-Gm-Features: AS18NWCPXy4YcvyfTd29z7Dc7e6sYr5hBuDjeombSU9OatkBVpBaCPcdW-4wtnw Message-ID: To: FFmpeg development discussions and patches Message-ID-Hash: CKDKIBLXIC5WDQWGC5DT2HIZYHE7D2A5 X-Message-ID-Hash: CKDKIBLXIC5WDQWGC5DT2HIZYHE7D2A5 X-MailFrom: SRS0=Y7LF=5B=googlemail.com=kieran618@ffmpeg.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Content-Filtered-By: Mailman/MimeDel 3.3.10 X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] Re: [PATCH] avformat/rtpenc_h264_hevc: Check space for nal_length_size in ff_rtp_send_h264_hevc() (PR #20746) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Kieran Kunhya via ffmpeg-devel Cc: michaelni , Kieran Kunhya Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: On Fri, 24 Oct 2025, 14:52 michaelni via ffmpeg-devel, < ffmpeg-devel@ffmpeg.org> wrote: > PR #20746 opened by michaelni > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20746 > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20746.patch > > Fixes: memcpy with negative size > Fixes: momo_trip-poc/input > > Reported-by: Momoko Shiraishi > Signed-off-by: Michael Niedermayer > > > >From 3924caed9dd6345bcfa5ce09e9dbc8d5403a7525 Mon Sep 17 00:00:00 2001 > From: Michael Niedermayer > Date: Fri, 24 Oct 2025 20:29:23 +0200 > Subject: [PATCH] avformat/rtpenc_h264_hevc: Check space for > nal_length_size in > ff_rtp_send_h264_hevc() > > Fixes: memcpy with negative size > Fixes: momo_trip-poc/input > > Reported-by: Momoko Shiraishi > Signed-off-by: Michael Niedermayer > --- > libavformat/rtpenc_h264_hevc.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/rtpenc_h264_hevc.c > b/libavformat/rtpenc_h264_hevc.c > index 4d222dca75..ea19cb0627 100644 > --- a/libavformat/rtpenc_h264_hevc.c > +++ b/libavformat/rtpenc_h264_hevc.c > @@ -196,6 +196,8 @@ void ff_rtp_send_h264_hevc(AVFormatContext *s1, const > uint8_t *buf1, int size) > r1 = ff_nal_mp4_find_startcode(r, end, s->nal_length_size); > if (!r1) > r1 = end; > + if (r1 - r < s->nal_length_size) > + break; > r += s->nal_length_size; > } else { > while (!*(r++)); > -- > 2.49.1 > Is this not a bug in ff_nal_mp4_find_startcode? If not, please add a comment as to the reason this condition happens. Kieran > _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org