From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
by master.gitmailbox.com (Postfix) with ESMTPS id 2CBC44CEC2
for <ffmpegdev@gitmailbox.com>; Tue, 15 Apr 2025 01:38:12 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B71DE687CEF;
Tue, 15 Apr 2025 04:38:07 +0300 (EEST)
Received: from NAM12-MW2-obe.outbound.protection.outlook.com
(mail-mw2nam12olkn2054.outbound.protection.outlook.com [40.92.23.54])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id ADF4E687C85
for <ffmpeg-devel@ffmpeg.org>; Tue, 15 Apr 2025 04:38:00 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=pcuITuWmh9D+0bgXR3ddNhHKA+2fHvZ4/7gw0T1dXKd6wKsMb9Uwup01QLkq+Su+bIsteTlUxx0eGdfgrdbXemihJuG4h5ELAZtyPa6RXoZUmSZDbyWK1qahbfLNoWd4F+r5vf4dfmMZ84Z0l3hjxAs67COpN3E5+3dQM5i4dt58T5PcXoFxPP/6Ebqjj8OJ1gcIySmgJMs9qTe7H5v571KFNdhbDk96g+JwwFTLG6TQv7kjoHkQFJ2IwIyEOR5e7EANYhjy2wyNwf/rdBxDUScQBoQC85oyrx5nbka6HcvrHayqJUzu6ouR18aM0r2kSdVM7t7PRmbBfY7Apfy9Rg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=UxccgAVGT45uF7n7bpgmB5kZDa1NJOTOQDDGNAGor9c=;
b=uZt3FpZSRpbK0xcECX65b4fpStobhAJl09zPNvplPpkNphrcnyNrc/hn3gQXzgDwXcbgXNWkaUBh1GA0t3QKthex/fUAFbEDxtlTGhIEm11VnmX6RLYuja+RZhDauNDV9MCJ3CbaXB3y24bixHL8tdsmRKL9RJPz+qMELXcEVr3nyFM9rdcHwJamggGbDa2v++a9mygq6i41QDz6ANyjtAWBA5+oCJTDrNpPKbtIx1B9xQ/47gszmWMoiMQdn7WPmo0uK7K7G7mkUHjLqFzqgcdAXWXTpQwZIrMYQERQWhogv+kF64r03q1TC7mpR3VWcFhuxAAc4Mq7vu6xFJH4Dw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=UxccgAVGT45uF7n7bpgmB5kZDa1NJOTOQDDGNAGor9c=;
b=rapc//KODS37kydF277O/Vs0LmvPBEGSwBYOcgNyBDAdp6ER0P9CQlEIrrzzEw78tHG7QctaGNvynBsWtRSRcVb+dgMfc6uPYnLwhTmDuK5S9rzAY4DY6na3gydQxbY3+yP3yIosS1AIDqahFh1xX9y2OZFhRkWZRPJJmNo4BrCvgEtse90qdp54C4Kzwc5QMbGrWO4F0oCIEPYST1+OhnDmhnjUJxaw+e4YRIPhkBlydtjfOrRHPjEBYvObMmUa1U6NWVY/HFBD+Ijo31hFUbo8WACEhwh+sMeJzfen6CmHgmqTqSpH2TkfMGQRPMOV/YxenFqcKl7bXv/mGj3VAw==
Received: from DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM (2603:10b6:8:b::20) by
IA3P223MB1671.NAMP223.PROD.OUTLOOK.COM (2603:10b6:208:581::16) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.8632.29; Tue, 15 Apr 2025 01:37:56 +0000
Received: from DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM
([fe80::bf09:8e9:b07f:98a7]) by DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM
([fe80::bf09:8e9:b07f:98a7%4]) with mapi id 15.20.8632.030; Tue, 15 Apr 2025
01:37:56 +0000
From: "softworkz ." <softworkz-at-hotmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Thread-Topic: [FFmpeg-devel] [PATCH 2/2] avformat/id3v2: Check that
decode_str() did advance
Thread-Index: AQHbqzD6b8QhS9IB3U2xSLilkCUpvrOfQsxwgASOQgCAACQ9oA==
Date: Tue, 15 Apr 2025 01:37:56 +0000
Message-ID: <DM8P223MB03650AB4340A4553BAA76A1CBAB22@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM>
References: <20250411222719.2779176-1-michael@niedermayer.cc>
<20250411222719.2779176-2-michael@niedermayer.cc>
<DM8P223MB0365A90C10FBC9EF6512F9E1BAB12@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM>
<20250414231950.GN4991@pb2>
In-Reply-To: <20250414231950.GN4991@pb2>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM8P223MB0365:EE_|IA3P223MB1671:EE_
x-ms-office365-filtering-correlation-id: 4e1e9cd4-2cb2-4970-9b7f-08dd7bbe25a4
x-microsoft-antispam: BCL:0;
ARA:14566002|8062599003|19110799003|8060799006|15080799006|7092599003|461199028|12121999004|4302099013|10035399004|440099028|41001999003|3412199025|102099032|1602099012;
x-microsoft-antispam-message-info: =?us-ascii?Q?QQE9o/F/FBNxOu9iEZzRFofpd7pSwejRdYUzuK9sweG+QmURDoOXA3BYUbGD?=
=?us-ascii?Q?tul1nj59NDrOaSQGq3/3AVl/EzizwIPhGYjkAOGxcxfGMqU9TJmfexAanfqs?=
=?us-ascii?Q?rYZffts46J7Kg2tUuY3vT9J+MnZFExSw6J7HnYF0GjcZLPnvZrocUieEVQpA?=
=?us-ascii?Q?RwEQPK7TJrV/XlCFk+pRN8qUTuV4G64YTDIXLhHR+90xwFQm3unbxhhHcKnn?=
=?us-ascii?Q?e1FnCxUS/sYciVzbUbRWSccUgVBUNSiI4JJGlpViO+a70/6xVEUfkqE6387P?=
=?us-ascii?Q?/GgZWH+1LQAIVbhWsJOp0Mq6VqI6G5Qt6wB6FzfaUeqoZGFuJdd78rOoINFy?=
=?us-ascii?Q?Wn9YvzNAakAaXghNo9D0topflxtQqiGewRa/LNDuyrmlivPVrF1ATm/70XlK?=
=?us-ascii?Q?6exo0Rs+aMnF63sOga24fYN9TNoSZ8XL/Q9koNtD6Y/SFOHtHTzKViDH8Z75?=
=?us-ascii?Q?ONio/lls1N6IaWjJ6dLdJI2k7HwLj9IEb4QoNxhzZ8NNGGkfq9Ozh5m3X5oW?=
=?us-ascii?Q?1Lmxr+PEORELg9H2fOZ5ryLjAGDyHPyEZ4IJqOLD0jjPhTU3hRjrFYBQc9gp?=
=?us-ascii?Q?zv6xIERsY+0Y8maOM3cL6fX3jLBYgKAAKYxY0IbJCl5YTD5g6kemnGpt3kTH?=
=?us-ascii?Q?FFM/2cFwDap+MU2TYZoNwO8SwwXf9PdIE9ryRaPHGtUZOf4h0DVBpY1wKVnc?=
=?us-ascii?Q?W+2OY2PWB0WMVKH/4kBi5HrnxgyYcbeze/QnvhahBbP+2MwePGEw3sBNJFDy?=
=?us-ascii?Q?Z9ySZYd8sFnUrHZCWIWQ9fH91P/p2TK8pAJpn23QYt+zSsdogC7Gg1ezQFV6?=
=?us-ascii?Q?8nkxb3Y/+Rdm6rtlNKGPcu25JS4hJpDQopX/JYcbc+AxlUYVKA+eMdL3z6Sh?=
=?us-ascii?Q?Qge+yhnIRuQv86xP7A3wHUKkqZzqGKnwqGglKjQflY7kQGcBbw6NC6PYjpZV?=
=?us-ascii?Q?LolpgRh9neilYz5AzzCefb0PYOfn8RMLw053hRKKU784XaXXrsoYgK1yBnIJ?=
=?us-ascii?Q?PxQ64Q6tM9BUE86exkWSExQ1ogrmqlwg92NKukTcVboabJ+OK7iZvSZMRrTl?=
=?us-ascii?Q?sTpwsS98aspDjF4+am0Zg64XLEw5Xsk0XtpIEvFTQgLvizYhYjNWdchUuLfL?=
=?us-ascii?Q?B8ISzIizzNCmMwnMafRGSjrRJtm/pzVgdyDQbKnGscd2Id87+BalKMrSQnM6?=
=?us-ascii?Q?trqVIamH+0dh8AKVLpaViY40EbciDQTiEWny2jX6Wr4QFDa87vlQmCNNslH7?=
=?us-ascii?Q?AZFN8qd3/Sd/7dwCsVrnwDPYNv8cMoF4SZuBpZiRbAiGHpq3Y6FcuNDUGOHd?=
=?us-ascii?Q?cHA=3D?=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?2UjwNhaCEuSYce1u8FpZ1LkvomVreaqwNpMAS7kY4Bp5CYzRl16+YfYMhPgV?=
=?us-ascii?Q?+eBEzVpIlDC0YubDzRFl8HZ9Nioe3kQxWl6oWReVu86sEKUjl5hEruLOa5JR?=
=?us-ascii?Q?536APG5T5I5UT1sNwDrJWLfNXDFuKjbZN2FZsc2OyFo2DvzBEn+Znnv7uSIG?=
=?us-ascii?Q?3YvZiA5bb4pcgFd03pvzE0GqWS1x0qSjFDGWaOd/e2Y8lSgga/6594kxHVZv?=
=?us-ascii?Q?NtgICbLYAlwQWKc2XoNiyy5A7yGRHX1gyyWKnYopRvCSmpcaseRb+FmHFRp0?=
=?us-ascii?Q?zRhm4rb/YxGjxxLwYXPRoj2ANDTwC26Q1pS12p6ulFKS6Nn99omdBq2YXFFe?=
=?us-ascii?Q?dupBPHiXu1mjzu8pWDBmstLpo3bSbmEz+tG9cDrHJwrL2eD5NbfpvOp4WjPJ?=
=?us-ascii?Q?aafnRw+IqYS8gNJxOri8SJddL1gYWiRkCLGeQtBbRRSvi74g18hkgbJRS8xd?=
=?us-ascii?Q?Idk4Yl+G61OBBSnU2ton+WjJJpqtquClP3jEj5aQuQf5K+CYSAsvi1dW26RH?=
=?us-ascii?Q?YtedPvQ/bgP/BiY7YyFdIwoSFwsYETDdvZM+H5+gfcGfysdBP5Jr2+4hGCz0?=
=?us-ascii?Q?fcCBVndAbM5ws3/0Tf6kuxfILAd+o08vg+Gq7JZTNDfphsTzUUE3V0NTYdjc?=
=?us-ascii?Q?jYZoEcGG2cfoG2eTGKarbx1CPa/mEjTPIMewVWvalDdxeQDQ1tYUPHYf7DJD?=
=?us-ascii?Q?JlH98bF6Ql+VkFw2PojScBbOUdogYD1TQTKGadRru3G+LAtO1XlRYDGk0KSD?=
=?us-ascii?Q?fMEJf/dlmLMQo/hDK7EY078o7OYYpLlNAg1mcZJ28DeMDAM7NAVeOb9o/Keb?=
=?us-ascii?Q?aVoKnTESj4JLLGafgWBl8dEy3Xhc5QE/6Jtu8CQxfG5xZ0054diNhNI680gz?=
=?us-ascii?Q?Oc7itJ+p5wqFiNItNxOd2+zx/jEEh1VMbublnOCYY2CkuPArKwfeWAnp6W0Q?=
=?us-ascii?Q?RG0SsF2jCY2Rw1OJgC2MKAXuspfHt3UEBXlAY/9QNuDeNZWvSQAcyCUanOtP?=
=?us-ascii?Q?JTy2cb4dn41SHqQUpjM4r2Jjy3j8842UF5sfYiLprATJ+JPUdsBPBcN05lHX?=
=?us-ascii?Q?L2h8Zljc61DTUBycNHZoASVuugywZWNCmTRpV07Qy9yjm8D5cb1xJH4l22Q8?=
=?us-ascii?Q?YWUDI2UW/5JQeK097Khh0YT5JBzKVncQO1v9VK/7hakLQR5xtBLcpTqBgIMq?=
=?us-ascii?Q?k6jBbDBpXxQRh1RQlm0Qfii/gEY92sqEHGolJXJyvX8jW5qmHWMMsYLZWec?=
=?us-ascii?Q?=3D?=
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-92255.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 4e1e9cd4-2cb2-4970-9b7f-08dd7bbe25a4
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Apr 2025 01:37:56.1935 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA3P223MB1671
Subject: Re: [FFmpeg-devel] [PATCH 2/2] avformat/id3v2: Check that
decode_str() did advance
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/DM8P223MB03650AB4340A4553BAA76A1CBAB22@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>
> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> Michael Niedermayer
> Sent: Dienstag, 15. April 2025 01:20
> To: FFmpeg development discussions and patches <ffmpeg-
> devel@ffmpeg.org>
> Subject: Re: [FFmpeg-devel] [PATCH 2/2] avformat/id3v2: Check that
> decode_str() did advance
>
> On Sat, Apr 12, 2025 at 01:49:53AM +0000, softworkz . wrote:
> >
> >
> > > -----Original Message-----
> > > From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> > > Michael Niedermayer
> > > Sent: Samstag, 12. April 2025 00:27
> > > To: FFmpeg development discussions and patches <ffmpeg-
> devel@ffmpeg.org>
> > > Subject: [FFmpeg-devel] [PATCH 2/2] avformat/id3v2: Check that
> > > decode_str() did advance
> > >
> > > Fixes infinite loop with unknown encodings
> > >
> > > We could alternatively error out from decode_str() or consume all
> of
> > > taglen
> > > this would affect other callers though.
> > >
> > > Fixes: 409819224/clusterfuzz-testcase-minimized-
> ffmpeg_dem_H261_fuzzer-
> > > 6003527535362048
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > ---
> > > libavformat/id3v2.c | 3 +++
> > > 1 file changed, 3 insertions(+)
> > >
> > > diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
> > > index 90314583a74..e3f7f9e2a90 100644
> > > --- a/libavformat/id3v2.c
> > > +++ b/libavformat/id3v2.c
> > > @@ -341,10 +341,13 @@ static void read_ttag(AVFormatContext *s,
> > > AVIOContext *pb, int taglen,
> > > taglen--; /* account for encoding type byte */
> > >
> > > while (taglen > 1) {
> > > + int current_taglen = taglen;
> > > if (decode_str(s, pb, encoding, &dst, &taglen) < 0) {
> > > av_log(s, AV_LOG_ERROR, "Error reading frame %s,
> > > skipped\n", key);
> > > return;
> > > }
> > > + if (current_taglen == taglen)
> > > + return;
> > >
> > > count++;
> > >
> > > --
> > > 2.49.0
> > >
> > > _______________________________________________
> >
> > Hi Michael,
> >
> > this kind of conflicts with this patch that I had submitted
> recently:
> >
> >
> https://patchwork.ffmpeg.org/project/ffmpeg/patch/pull.54.ffstaging.FF
> mpeg.1740873449247.ffmpegagent@gmail.com/
> >
> >
> > I wonder whether my patch would still be prone to the issue your
> patch is addressing -
>
> This already conflicts with rcombs patch in git master, i think
> Applying: Fixes Trac ticket https://trac.ffmpeg.org/ticket/6949
> Using index info to reconstruct a base tree...
> M libavformat/id3v2.c
> Falling back to patching base and 3-way merge...
> Auto-merging libavformat/id3v2.c
> CONFLICT (content): Merge conflict in libavformat/id3v2.c
> error: Failed to merge in the changes.
> Patch failed at 0001 Fixes Trac ticket
> https://trac.ffmpeg.org/ticket/6949
>
>
> > do you have a test file perhaps?
>
> Will email you one, but the loop with a function that doesnt advance
> is an issue even if the specific file doesnt trigger it in a different
> implementation
Thanks a lot for the test file. I was able to reproduce the eternal loop
that you were intending to fix, but I noticed that after removing the
patches from rcombs, that endless loop doesn't happen in the first place.
Best,
sw
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".