From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: <ffmpeg-devel-bounces@ffmpeg.org> Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 0CD0748819 for <ffmpegdev@gitmailbox.com>; Mon, 18 Dec 2023 11:58:02 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DC42268D2AA; Mon, 18 Dec 2023 13:57:59 +0200 (EET) Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CDE7168CF6C for <ffmpeg-devel@ffmpeg.org>; Mon, 18 Dec 2023 13:57:51 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1702900678; x=1734436678; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=dOuu86oYhtTFpU4LpN9SYnHBDo/zUHBHbqVHSscVZaM=; b=cmhEuVoMHIiA7pH/q3BCCf6Dsvqh5j313ptCFgmtuIWyDS4v9KSBJuzH 5AvVQAwvAjhLoZ3Q8ETtfzSLLi+ZVHHsAMYZtbt2aozOY4gILvWtljQB8 m6eKtng21q3WrJkUSHbwx62Q/88lr8inr8KZ8+U2puW/AQR2PBRh3nWKa 3P1TVbAwH5Y9UqutW3rfN3ERr8eUp8a7VTGvzStmyB4MBjSj0BENGqfNZ MrTJfOrnmnf+Wg8eBm9T2OO9dlG1dRvXmghKLXNt6cEWnpeiSoxovABbP wh/wrsedXyrBBo3OWFJPkxkxOAjr+mWBs5say4tKA0lvVV+I1sfYXBNzX A==; X-IronPort-AV: E=McAfee;i="6600,9927,10927"; a="2703079" X-IronPort-AV: E=Sophos;i="6.04,285,1695711600"; d="scan'208";a="2703079" Received: from fmsmga001.fm.intel.com ([10.253.24.23]) by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Dec 2023 03:57:49 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10927"; a="919244743" X-IronPort-AV: E=Sophos;i="6.04,285,1695711600"; d="scan'208";a="919244743" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by fmsmga001.fm.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 18 Dec 2023 03:57:48 -0800 Received: from fmsmsx603.amr.corp.intel.com (10.18.126.83) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 18 Dec 2023 03:57:48 -0800 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 18 Dec 2023 03:57:48 -0800 Received: from NAM12-MW2-obe.outbound.protection.outlook.com (104.47.66.40) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 18 Dec 2023 03:57:47 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=MoF8q4BuDdPeE+2duFxAiEJ0I9P/SGlRTb8dOSNjxjvffJ8+8jFyzMsk06fAjOwdoJm3fA824yM9f5wqGKrWMZdk3xWqpCXPvg9ALqWF3wHIS/doh4Q/fUGFvPzGWWMGtVS3COQf2rX4oHYqdNPG+rTxefajMSIAI9PdZoaF7fvwfe+6+O84fZETIKSsAsAhKk8eOiA9dp7BgLH0FcmxOiTHRFq8hCkFfl1hTOyK+NFmhj8cm2JEdy+sAIKwpAxWf70gQUWy3v/47uF3X6Xoh9WSrc0OUicUE5KJHfF+NdxHLUOWkl+f806HeWdz7/Kd0EWjwSZPLpd/KZ9Idr8rIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OI7uicAZZ0inB8LW65OG92sKau3QxLPk7V/lbc5T3jM=; b=VelkHwUP+570A4Gc5goxsMtQBtLfu22qzAKdYlItK/gm7wnRwUhFru+QgwePBanhw4pAxFenMpeKZH7F3CY5bp6GnJUrkcNHhhwzONhatH77wdSBm6tOTH51q1zvblUn7DM5B4gtALpVCDHXnAYAiCv6DGm0WJMLDllx1z7JvRfUGrpOxqeRM8LrwLL2HLQGwz/nQyi1NrxsCbJi82dElpXIMORaBZgaByJ8C0Hh5dUARDITRw+qndhOin1Q0AtWNq/su+9cTZ872WtGJgFsDIZ5F59Tb/pmKgH1+1fcx5PHv5HLPCp/5LCuNXxvKlbTS6i5EDHaAHu5+TEM+51iDg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from DM6PR11MB2681.namprd11.prod.outlook.com (2603:10b6:5:bd::33) by PH8PR11MB6928.namprd11.prod.outlook.com (2603:10b6:510:224::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7091.37; Mon, 18 Dec 2023 11:57:45 +0000 Received: from DM6PR11MB2681.namprd11.prod.outlook.com ([fe80::4bd2:f337:5920:3d8]) by DM6PR11MB2681.namprd11.prod.outlook.com ([fe80::4bd2:f337:5920:3d8%5]) with mapi id 15.20.7091.034; Mon, 18 Dec 2023 11:57:45 +0000 From: "Dai, Jianhui J" <jianhui.j.dai-at-intel.com@ffmpeg.org> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Thread-Topic: [FFmpeg-devel] [PATCH 2/4] avcodec/cbs_vp8: Do not use assert to check for end Thread-Index: AQHaMBnHDND/tlDFqU+2TXw2FXx3FLCu8PKw Date: Mon, 18 Dec 2023 11:57:45 +0000 Message-ID: <DM6PR11MB268160B2C46A1E751EBC4641B190A@DM6PR11MB2681.namprd11.prod.outlook.com> References: <20231216121619.19436-1-michael@niedermayer.cc> <20231216121619.19436-2-michael@niedermayer.cc> In-Reply-To: <20231216121619.19436-2-michael@niedermayer.cc> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: DM6PR11MB2681:EE_|PH8PR11MB6928:EE_ x-ms-office365-filtering-correlation-id: c0709da2-db8d-4b7a-e52e-08dbffc08c5a x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: kPkFX67EQngbqhSYoO8yxzJg7FDQ3sjEpyGSJrG/UO+oNAQ+zAkPf/Ipj0Q35de9EueB14Kh2b8zEDt09rg4qKqh5bMyk8XBAnI2E+Z8i9t71PmgVsomlSTC2kjjaUjDnO4A1sEp3zhJyQGC4w2qex7kznlHBedcJhpmyFvDc8PM79vjMfys2kJQxqWKj6K1OPw0O7kTFRa7+8n3EF7ypO61Po+nsQPu1fedVdKe1Up9pZ3eM7lTacraa+keUzR8+jRLsq180EOOj4811x8IMnggREVW4+T6xSyzLxA1IvB4J0I+TCwYAvl+oMg+Je1PAry2uJYQ4ySvYRvH/wVzLMiLQmazYFDIUSVnSiJpf2eBv2ByoiA4lA4k4NAP8ab2IH1qAEr73CsMrkLRm9NlivfdA/ZMO0so19EWoukBsFcL9f4BRTWq1amFhFVrKv3OgyXdf8I8/Nye+zXwnrk+IAP8Lhlf+zrZ+tNxijhpa4s9UWsY6Yl0lxPBY1EiWKLwMox7f0hW/MKUI2FJsrZxa4OZ+4yxUk18OPxqgfzj5sMHTnf2FP1/cPAzU/dHhGvRvu7OgYR+lOxBilVFFekqbfhs0Pmw070CAA0M97546YM= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB2681.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(136003)(376002)(396003)(366004)(346002)(39860400002)(230922051799003)(186009)(1800799012)(64100799003)(451199024)(52536014)(8936002)(8676002)(66899024)(82960400001)(122000001)(38100700002)(41300700001)(86362001)(33656002)(2906002)(38070700009)(5660300002)(478600001)(966005)(6506007)(7696005)(55016003)(26005)(53546011)(64756008)(66946007)(66556008)(66476007)(66446008)(76116006)(316002)(6916009)(83380400001)(9686003)(71200400001); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?0KeAAO/hW6BFcr4p2Tu/8PHkr0kD960qVMe+2yWDXyqg5kuFUS586+Sn/HEo?= =?us-ascii?Q?Axku+yeBE1NGF9jd4PPNPBAYfabBOHHmlMGdDqBtgvyiBdlgkVptnDmP8Ry7?= =?us-ascii?Q?ov6BBdLnHcmmjVLoSgq870USYg1yE7v1+YRsNqkJsULvReMSQQm8wbn21CiP?= =?us-ascii?Q?DtRY4wmDUtfEHC6WidRa093S0QVDZVnc4tIgNamAphlflXVHk0rXyC1HJCIi?= =?us-ascii?Q?TgJlu6Bn1S57hwnubRtFeAt6oJUigk5cyBQoIQAIFxk0U5HrAzPjdHU11FlQ?= =?us-ascii?Q?JOl6rEd9VwxGxp9W2YSKOSotgNnAIFijni1cf/tO+tbUYYw4159ab2g4lQun?= =?us-ascii?Q?cx0tfRnYxPQmhQm2snyqlMQg8n3OjTdwL2m3WnSWiA1JgOoKM/f37tOd5fRF?= =?us-ascii?Q?8zI6LktZaEkCEffuBgwWZLA6HDroSUI4zQ0hztGte5TKmkp3+iqPNfHbC3nn?= =?us-ascii?Q?lPMrT3lrjKXHxrY+AwhPscOKMcKkEv6e9MJmKOeUqrcG+rycAwTOF1zWdfx0?= =?us-ascii?Q?NoyXPFwTSdq1iQnOMLRQUaXr0U8z9XjBgLYqkU9DtyNok6Syubvs4YYb7xXq?= =?us-ascii?Q?V+LYW9iEdvp2rSvNmo4E1ePH+dRMOCwt8yzg+dsEiAPCcyIz20uAdtkdkO/2?= =?us-ascii?Q?QtMjNDW2UuBWG53GAQSZnARI7ehRRyQv2vGx79TsQsM64MTmbpjcyyCurkb8?= =?us-ascii?Q?t1Cw+Y9jFZOXxmxY2C1UV7pjj2tIiIkcSK8yhf2EpbDdwBM7bR19uVOu3kU7?= =?us-ascii?Q?d7gbk5125gk8cdeVNqaLggfUrCKuW0PKeGMMhhlX5unSUUfCh31RNPM+kCAZ?= =?us-ascii?Q?MiYIeJTCXj2d6puHX9wU8/j/0ldkQKLDXgWHrW395RrtTcnvB+/Op79oVPhg?= =?us-ascii?Q?hSQ9HgJGxjAwfIV74dbYd2xsDC1smjkRLlGLn+gbjSUoUWIT8LTt75TmpeCE?= =?us-ascii?Q?K8FFVxNbPczGqUsEtk5DXAScCUwnnBGGaR/ZTzsltJorI72U/4ShG1GXGZgL?= =?us-ascii?Q?B4ng6X773MxBcMCCccUCSyjnBIVra2apyNoicHZIvACpZZATX+ifzXYqjiMy?= =?us-ascii?Q?lwOmgiX0opf+nHl4YaJEPmDK8RS51ty+9sJ9AlOo6lxjGSq/mJMPEmVCPHhG?= =?us-ascii?Q?UOlkXIV08EhQDzJRtZwunwB9YiFknGFlUkOt3DxsWC6VYwXAACsM1Em2cc97?= =?us-ascii?Q?LbmT5GpblOBNx0LzdVKlSiqIYvvwkibk1cdnNJpmqzfUNphowUg41SHVDoTO?= =?us-ascii?Q?c8orbRz3qy7EnMbaUE8vxuRiN+vuIIgoRkzyRblccawttD8sLHQxxI7mkWvt?= =?us-ascii?Q?NoUq3SuwCsmWaH/6jhv1ed9MVU6Vnu6vnRleBP/xdHF73di/FD4G9IqEzHV5?= =?us-ascii?Q?REscjIX1HeszCvt6wqzRgY3kHolbU5q8vCQ+WfWYJg5GZRtVl4dz/EcyYQnE?= =?us-ascii?Q?A2wYYdsMz5uATQDhZyn/+T9kfM1oZqbcmBL1GrV+JWRbZQIun7bm+O4L8Hks?= =?us-ascii?Q?zxUSnpCLJF9lwhF4fhx6i9oJb1sEt87tnAQ6zwDonPDRpKy+RD42zQhlo9Vm?= =?us-ascii?Q?rbi6rwTYFFpaxxsKFYImfZ6/LdsY9kUaHlht7vvA?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB2681.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c0709da2-db8d-4b7a-e52e-08dbffc08c5a X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Dec 2023 11:57:45.6071 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: S0l+mL6rpuEolxLU/a0Y/S+EwXhoNTnXbus+Hx24MyFtTjJK2otgiPo3TRjdOBVbwWBVGH8vQuaHl8ivTPG2Sg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH8PR11MB6928 X-OriginatorOrg: intel.com Subject: Re: [FFmpeg-devel] [PATCH 2/4] avcodec/cbs_vp8: Do not use assert to check for end X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org> List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>, <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe> List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel> List-Post: <mailto:ffmpeg-devel@ffmpeg.org> List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help> List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>, <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe> Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org> Archived-At: <https://master.gitmailbox.com/ffmpegdev/DM6PR11MB268160B2C46A1E751EBC4641B190A@DM6PR11MB2681.namprd11.prod.outlook.com/> List-Archive: <https://master.gitmailbox.com/ffmpegdev/> List-Post: <mailto:ffmpegdev@gitmailbox.com> > -----Original Message----- > From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of Michael > Niedermayer > Sent: Saturday, December 16, 2023 8:16 PM > To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> > Subject: [FFmpeg-devel] [PATCH 2/4] avcodec/cbs_vp8: Do not use assert to > check for end > > Fixes: abort() > Fixes: 64232/clusterfuzz-testcase-minimized- > ffmpeg_BSF_TRACE_HEADERS_fuzzer-5417957987319808 > > Found-by: continuous fuzzing process https://github.com/google/oss- > fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/cbs_vp8.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/cbs_vp8.c b/libavcodec/cbs_vp8.c index > 01d4b9cefef..b76cde98517 100644 > --- a/libavcodec/cbs_vp8.c > +++ b/libavcodec/cbs_vp8.c > @@ -329,7 +329,9 @@ static int cbs_vp8_read_unit(CodedBitstreamContext > *ctx, > > pos = get_bits_count(&gbc); > pos /= 8; > - av_assert0(pos <= unit->data_size); > + > + if (pos > unit->data_size) > + return AVERROR_INVALIDDATA; > This is a potentially fatal error caused by the parser overreading past the expected data. This should not occur after the fix GetBitContext setup patch was applied. BTW, the VP8 compressed header does not guarantee 8-bit alignment according to the SPEC. It could be better to check the bit pos. ``` pos = get_bits_count(&gbc); av_assert0(pos <= unit->data_size * 8); ``` > frame->data_ref = av_buffer_ref(unit->data_ref); > if (!frame->data_ref) > -- > 2.17.1 > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with > subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".