From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id BD2D14DD35 for ; Tue, 6 Jan 2026 02:10:05 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'9HsA07/whxhXgMnpYiJtO2dIHH1HQuLSv+IcJBFfb1w=', expected b'A/jScONKOQ5vHRWVSQ5hSwjlgd/A62+4zNhtIm9qd0s=')) header.d=gmail.com header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1767665364; h=mime-version : date : message-id : to : content-type : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : from; bh=sXDcALYeIyqlzZmh6HqvMSc/smxCbIvQF077fLZRqLk=; b=s2akG8Fo7DMfO1kbaUdFsvjsnpr1Zy69CAVhWEDhPHq4AD+pynjq5N3EAeYRW0XVmSLQS P8/QueAfieEecNYvEWw36hH23kpbiafVi56KZrYv5ooD5Gn0WNe4fV8OibRNXEJj9p3e+Dz dgerIO5t2QyBkDk1rcP7AKBa7n2Bd8xzcT6vTCOznULKKNz4gkQCqHZayOTao0P2/Dw81HX ipDmZ/hRN+Cxbb/eYwOQxxiLA56YwJqJKqT+8t7Uu6FDqEq6bIfRr1lbQT+E8mVvHQ0L+2T 0KC6bK0qEEUy9BUkU/qmr80uwCe9qHGyYLE4h1eKfXF+bJnbkNCdCsCZtj1g== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id F3900690A81; Tue, 6 Jan 2026 04:09:23 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1767665347; b=TkrYo9onrEw9ot/HJvEvw0xte5lNG76QiylDIl0csY9TXxO/0mtRrJmM4JhCKJL15MI1o Sxg8kdeXHZRW9uT0T2DXeRxJBG18ESGJphALs/wAOFHTLsPSnMXJM4wLdc9P1l9eDO+HAYi 2dwOPhjJ5GGH1Jw4O1EjKwV7CEsRif5sI0xikgDLbG7KRIHNbfGcC+PagXZ7xfD3Ks8ogds UzUCcIlaEiBOYc35lTE2MVxn1VwAFXpDXz5p/enyzc5DQzLFtXyfxLeU1VDc1JCxgfsEgq2 b+kO4ZrNwiCyoocO62f7aCeJ1xPdS3BaWpZoZaDjB3ZG9yf/Gz3RGhhwsatg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1767665347; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=UzkZi/e15qUpPEGLAlqHL6sxCvE6Fvao0MSJciFpn28=; b=Ub7iUdRYZSQ3ksRJIX06JNxjtV7einzyLkzYo6yVU1aWdXz8r9ZLXlC2hy1AYPsEISlnx O0YVKzDKmMb0b1ZbBfAAewm0b5z2n9Z3Dy3zh0VKFO7gAdzdSe0+GLzO399atcAtR3vhv3y zvcI9vzJwUyI+d7AgXWx5TDWV41YfRCRuBfENWW4D9P24BJYI55gVSA1VBpI4vbCVN+x10v DTJkulGeH1fwhJuth+Qbdrcn9KEouLnFt40+bJfZyjuMEkhijfKF+Ni1pRVn5HloD8JKzCM b7vhzJdoNZT7gOQ3fLVT8jkpHs8XFuhXZC/iTJDsZ27HWioMKwgwAiOC7gdg== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=fail header.d=gmail.com; arc=none; dmarc=fail header.from=gmail.com policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=fail header.d=gmail.com; arc=none (Message is not ARC signed); dmarc=fail (Used From Domain Record) header.from=gmail.com policy.dmarc=quarantine Received: from mail-yw1-f177.google.com (mail-yw1-f177.google.com [209.85.128.177]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 29F4968EED1 for ; Sat, 3 Jan 2026 18:21:03 +0200 (EET) Received: by mail-yw1-f177.google.com with SMTP id 00721157ae682-78fb6c7874cso118702577b3.0 for ; Sat, 03 Jan 2026 08:21:03 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1767457261; x=1768062061; darn=ffmpeg.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=A/jScONKOQ5vHRWVSQ5hSwjlgd/A62+4zNhtIm9qd0s=; b=lsHckAxPRlPBBbYMDxvdtkTkbysBifi8qTKYogebOyxBa+Yl7UpUCu9htH8j9u2Ivw FFZkm/88r9kTzy70yU0cgHqkhSGdJ0jqMuFykoPl9lbvACaHB1tlGVaBfQQlImixdBAY 7zVEfY6bY4UYW+8DqDPSrybThL0mydY3NQnENdvvhY+Q0LmKOCnoGzyfWPq10YHaKR4a xzIQsYgMeurSXVXdDTx1Z1veoftcUVswYesgdpNb219Ik2UjPq9XEs74i6vp9clIkqGb uGQDHu1+VjUONKWb+fXX57Kfx5FFGMEYM7YuPkyJNyZUYzPZoMQcFJvlzGlysL5XAC67 C2/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1767457261; x=1768062061; h=to:subject:message-id:date:from:mime-version:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=A/jScONKOQ5vHRWVSQ5hSwjlgd/A62+4zNhtIm9qd0s=; b=DuMupWuqEcYqt4nLkhziBmooxAOC+a509zj6exkAOyij0puJ8wsauemRw0v92+7AtO MZWDlis5DxHG9tzp8VfQSPF2+2L8zZHFzPiAPmdqBdVqf4MorOenbsaxw9UN/KauIZBa iFRbHbUxOJtF2cG4tUnLcqL+Szb9c35r66oWtTmx01dznEpjebp3qh80LWhGTVh8dkH3 PU3CJr+cebTa3TCPwHHnm7Jw5auIkVjWd1KyTodEcQkhr64RdlOmrE9+OrFGUshY7agh gKpcJfnZDIho/PWVgXXfD2ZmaVK8F+E5Jbn26OKb4MzdOa++bSnUK7AzAqV/0yBwAeUi c0Hg== X-Gm-Message-State: AOJu0YwFMUiG80tHhpCrMPhQee3x9OY2UqCc5FUwNOsj9IDXIWgRSsAN q3iyuxf1T8UBYypQpJDtxHI2ehEBo3llwbgG4S8SrDLtxm5hWOg2mMXm9FaE4yLT7mLjqa4DDLW spkW7J4vuLME8rKbqLhgUVebEyO8JZ630Rc3R X-Gm-Gg: AY/fxX5T+o4q33THQc7F0x/e+ckMEDK4ME4Q0rKawmgL6e/I4UJy9onzyiHs17KYR1B WRk9ErSRs1pdX6sXMIg4jBDiMt0NMH8FzDwXxmFkX+Bx+7/RZXdFozsaIrxLUOwDjOy0VVS5Eu0 oGGBRv/n/SB+ZpFb2BM3U0lhOMmLu5vH9AIzSfopqWYIo6Je82Ql8mknPRtsUA6ycn6tEUu6DKA iZZysAR/B2XMAtyLsbKoIn6TMsXcvNcXDEJMqkHitIk3zvxT8XxFLV962ZaBv7T9Z+f5TiL6jKu X/gg2BLy0k0N7YVP4rOmlOwhZZE+grtgnkyDPkQ= X-Google-Smtp-Source: AGHT+IFb9hmMXw6Id6C0bbPH/pkA4O744RnBEzF21YiuiP5fL3p54e5EuJJv8T8L7qhZkXWJY72h+VasG/G4Qx/ndj8= X-Received: by 2002:a05:690c:c533:b0:78d:6716:229 with SMTP id 00721157ae682-78fb405d282mr319645337b3.48.1767457261009; Sat, 03 Jan 2026 08:21:01 -0800 (PST) MIME-Version: 1.0 Date: Sat, 3 Jan 2026 17:20:49 +0100 X-Gm-Features: AQt7F2oRWZaWBKYpyEG6XQZ-VwTosXCmFc0QtZUxsCIoX1lrQ_WVF03snvmlolw Message-ID: To: ffmpeg-devel@ffmpeg.org Content-Type: multipart/mixed; boundary="00000000000033158306477e363c" X-MailFrom: SRS0=/TDB=7I=gmail.com=monsterbat02@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation Message-ID-Hash: NHXAE4SXPRGU354XCTFGUGBXDZ7ZEANC X-Message-ID-Hash: NHXAE4SXPRGU354XCTFGUGBXDZ7ZEANC X-Mailman-Approved-At: Tue, 06 Jan 2026 02:09:00 +0000 X-Content-Filtered-By: Mailman/MimeDel 3.3.10 X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PATCH] tools/zmqsend: fix integer overflow check List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Baptiste Bd via ffmpeg-devel Cc: Baptiste Bd Archived-At: List-Archive: List-Post: --00000000000033158306477e363c Content-Type: text/plain; charset="UTF-8" >>From 8286eb98a6f40fc1e69507213073486ef06d3a5d Mon Sep 17 00:00:00 2001 From: OxBat Date: Sat, 3 Jan 2026 17:10:07 +0100 Subject: [PATCH] tools/zmqsend: fix integer overflow on 32-bit systems in tools/zmqsend.c --- tools/zmqsend.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/tools/zmqsend.c b/tools/zmqsend.c index dc5d426cc8..b2d66bb8bc 100644 --- a/tools/zmqsend.c +++ b/tools/zmqsend.c @@ -149,8 +149,16 @@ int main(int argc, char **argv) goto end; } - recv_buf_size = zmq_msg_size(&msg) + 1; +/* PATCH SECURITY: Fix integer overflow on 32-bit systems */ + size_t sz = zmq_msg_size(&msg); + if (sz == SIZE_MAX) { + av_log(NULL, AV_LOG_ERROR, "Message too large (overflow detected)\n"); + ret = 1; + goto end; + } + recv_buf_size = sz + 1; recv_buf = av_malloc(recv_buf_size); + if (!recv_buf) { av_log(NULL, AV_LOG_ERROR, "Could not allocate receiving message buffer\n"); @@ -158,6 +166,7 @@ int main(int argc, char **argv) ret = 1; goto end; } + memcpy(recv_buf, zmq_msg_data(&msg), recv_buf_size - 1); recv_buf[recv_buf_size-1] = 0; printf("%s\n", recv_buf); @@ -168,4 +177,4 @@ end: zmq_close(socket); zmq_ctx_destroy(zmq_ctx); return ret; -} +} \ No newline at end of file -- 2.52.0.windows.1 --00000000000033158306477e363c Content-Type: application/octet-stream; name="0001-tools-zmqsend-fix-integer-overflow-on-32-bit-systems.patch" Content-Disposition: attachment; filename="0001-tools-zmqsend-fix-integer-overflow-on-32-bit-systems.patch" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_mjyidefp0 RnJvbSA4Mjg2ZWI5OGE2ZjQwZmMxZTY5NTA3MjEzMDczNDg2ZWYwNmQzYTVkIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBPeEJhdCA8bW9uc3RlcmJhdDAyQGdtYWlsLmNvbT4KRGF0ZTog U2F0LCAzIEphbiAyMDI2IDE3OjEwOjA3ICswMTAwClN1YmplY3Q6IFtQQVRDSF0gdG9vbHMvem1x c2VuZDogZml4IGludGVnZXIgb3ZlcmZsb3cgb24gMzItYml0IHN5c3RlbXMgaW4KIHRvb2xzL3pt cXNlbmQuYwoKLS0tCiB0b29scy96bXFzZW5kLmMgfCAxMyArKysrKysrKysrKy0tCiAxIGZpbGUg Y2hhbmdlZCwgMTEgaW5zZXJ0aW9ucygrKSwgMiBkZWxldGlvbnMoLSkKCmRpZmYgLS1naXQgYS90 b29scy96bXFzZW5kLmMgYi90b29scy96bXFzZW5kLmMKaW5kZXggZGM1ZDQyNmNjOC4uYjJkNjZi YjhiYyAxMDA2NDQKLS0tIGEvdG9vbHMvem1xc2VuZC5jCisrKyBiL3Rvb2xzL3ptcXNlbmQuYwpA QCAtMTQ5LDggKzE0OSwxNiBAQCBpbnQgbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3YpCiAgICAg ICAgIGdvdG8gZW5kOwogICAgIH0KIAotICAgIHJlY3ZfYnVmX3NpemUgPSB6bXFfbXNnX3NpemUo Jm1zZykgKyAxOworLyogUEFUQ0ggU0VDVVJJVFk6IEZpeCBpbnRlZ2VyIG92ZXJmbG93IG9uIDMy LWJpdCBzeXN0ZW1zICovCisgICAgc2l6ZV90IHN6ID0gem1xX21zZ19zaXplKCZtc2cpOworICAg IGlmIChzeiA9PSBTSVpFX01BWCkgeworICAgICAgICBhdl9sb2coTlVMTCwgQVZfTE9HX0VSUk9S LCAiTWVzc2FnZSB0b28gbGFyZ2UgKG92ZXJmbG93IGRldGVjdGVkKVxuIik7CisgICAgICAgIHJl dCA9IDE7CisgICAgICAgIGdvdG8gZW5kOworICAgIH0KKyAgICByZWN2X2J1Zl9zaXplID0gc3og KyAxOwogICAgIHJlY3ZfYnVmID0gYXZfbWFsbG9jKHJlY3ZfYnVmX3NpemUpOworICAgIAogICAg IGlmICghcmVjdl9idWYpIHsKICAgICAgICAgYXZfbG9nKE5VTEwsIEFWX0xPR19FUlJPUiwKICAg ICAgICAgICAgICAgICJDb3VsZCBub3QgYWxsb2NhdGUgcmVjZWl2aW5nIG1lc3NhZ2UgYnVmZmVy XG4iKTsKQEAgLTE1OCw2ICsxNjYsNyBAQCBpbnQgbWFpbihpbnQgYXJnYywgY2hhciAqKmFyZ3Yp CiAgICAgICAgIHJldCA9IDE7CiAgICAgICAgIGdvdG8gZW5kOwogICAgIH0KKwogICAgIG1lbWNw eShyZWN2X2J1Ziwgem1xX21zZ19kYXRhKCZtc2cpLCByZWN2X2J1Zl9zaXplIC0gMSk7CiAgICAg cmVjdl9idWZbcmVjdl9idWZfc2l6ZS0xXSA9IDA7CiAgICAgcHJpbnRmKCIlc1xuIiwgcmVjdl9i dWYpOwpAQCAtMTY4LDQgKzE3Nyw0IEBAIGVuZDoKICAgICB6bXFfY2xvc2Uoc29ja2V0KTsKICAg ICB6bXFfY3R4X2Rlc3Ryb3koem1xX2N0eCk7CiAgICAgcmV0dXJuIHJldDsKLX0KK30KXCBObyBu ZXdsaW5lIGF0IGVuZCBvZiBmaWxlCi0tIAoyLjUyLjAud2luZG93cy4xCgo= --00000000000033158306477e363c Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org --00000000000033158306477e363c--