From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
by master.gitmailbox.com (Postfix) with ESMTPS id 0FE314CC3D
for <ffmpegdev@gitmailbox.com>; Sat, 12 Apr 2025 01:50:07 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4527568C566;
Sat, 12 Apr 2025 04:50:04 +0300 (EEST)
Received: from NAM12-BN8-obe.outbound.protection.outlook.com
(mail-bn8nam12olkn2059.outbound.protection.outlook.com [40.92.21.59])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 56CD868C4F5
for <ffmpeg-devel@ffmpeg.org>; Sat, 12 Apr 2025 04:49:57 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=mvbh0VFmNxuNI5ApDi7XNpaU3kIWVsav2vN8LgfTbRGHMxGf618DhyzPwko9pbaRzxBVqx9adZvajN1s6PTUxUPRyGj/WMDZ1wfMxvDsL4wBbZ0y30d5C0DDnjzmKRcjsnJECktriwI/wOUpuKIMrscP1jQi5Ywq7W9oEUW8y2B/GiQMEsyYbz0+1z7yi/bYNnxDZKgEzr94a6+ZkyYRMj16ToHKgYFPeS0LWPBeo8U4ZFse5jbdKQIMQmPhSL2VmChw6ycOdiMPpFJcLrhhxJsqWlLZ8ZWh12ET6wRSz/JAF633BcJtFjp2m48ZxgBHKnZfbKgCDL2rj0bs3I+T/g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=b0T1t9aMQqMbH7nqJCXCJxz6AklUkvE7Fq62W8TimpQ=;
b=eImP8xtK9sJxNn0BsUGZm+VUu97uvi8XnMmdRWwcS8bnv3j08PkwqU1A4thvTSqN6dXN9RmzlraYGchwv1ZtkPcicmk6MCPgDsyJGdpx/7M0jkSiG81e6gndo/nKFztREJe6tNNyW/xjiES4HVt+k9HPl5RYdI6rYbCvmYjQscduvGq+y5tT+JiKjEio7V2HtrjFzkzEyNIGVxQ9XpVjmcSMaTTtWLi3enATqqehodsnIBt0ziZnTEofZTqRqzP/uFSCe2eJMytD64bLkGaiITgHsgfysI8+W3QWuTQYxdbSiulylSZDTzQyEBT7dwEPzthFa48RbAIronADSObdTw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=b0T1t9aMQqMbH7nqJCXCJxz6AklUkvE7Fq62W8TimpQ=;
b=tBIpUoygcn8SVCiNPYTJJDGoDs7zEVWwAFYXROopEADX5pk8I1KFpniwymMwdxMeGDSYLJgGjlF6b9rFCyS+2ZiIztQfX1GdlyMhlr2h0DPnGIIT1p4taDixbpI8trUDZmE+qHkac+w3dBaCq3TeeCLEsyVcXS5N1BPuZALjAJp3UPKEp+tHA9YqoXhte3ztoXHQxMwz2ARoKelo60krVJ0wGU3NhS1fSwTCRtecWTmGIAySVWeRCCsWil4oeoZoUC5Lyd1oPQSr4gKFLIvd5+4buMN9AIc3UiQpQuW41h3ItiovMZ3ft2ZdUobpjZV061jGMAzMDSu7XBLw4iGfSg==
Received: from DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM (2603:10b6:8:b::20) by
PH3PPF741EA5E89.NAMP223.PROD.OUTLOOK.COM (2603:10b6:518:1::525) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8606.33; Sat, 12 Apr
2025 01:49:54 +0000
Received: from DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM
([fe80::bf09:8e9:b07f:98a7]) by DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM
([fe80::bf09:8e9:b07f:98a7%4]) with mapi id 15.20.8606.033; Sat, 12 Apr 2025
01:49:54 +0000
From: "softworkz ." <softworkz-at-hotmail.com@ffmpeg.org>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Thread-Topic: [FFmpeg-devel] [PATCH 2/2] avformat/id3v2: Check that
decode_str() did advance
Thread-Index: AQHbqzD6b8QhS9IB3U2xSLilkCUpvrOfQsxw
Date: Sat, 12 Apr 2025 01:49:53 +0000
Message-ID: <DM8P223MB0365A90C10FBC9EF6512F9E1BAB12@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM>
References: <20250411222719.2779176-1-michael@niedermayer.cc>
<20250411222719.2779176-2-michael@niedermayer.cc>
In-Reply-To: <20250411222719.2779176-2-michael@niedermayer.cc>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM8P223MB0365:EE_|PH3PPF741EA5E89:EE_
x-ms-office365-filtering-correlation-id: 94daab11-c668-44f2-4a52-08dd79645236
x-microsoft-antispam: BCL:0;
ARA:14566002|8062599003|8060799006|7092599003|15080799006|19110799003|461199028|12121999004|102099032|10035399004|4302099013|440099028|3412199025|41001999003|1602099012;
x-microsoft-antispam-message-info: =?us-ascii?Q?qnrc5qfSP/ywCwtMFMtNuwdxXbtf/TXs/NCMcrBYK2QOZjp2Kk8OWEuhX9Rr?=
=?us-ascii?Q?TAbFy2X2DHQLx+yZjFQUToikaruduDnv0easZvzGs+yV4mwArwEn+/PFaFpi?=
=?us-ascii?Q?ow0G1ZcEBUjT1E4hZLHahkh6WA/Bb4VVKRuGoH+k4K7VJpaN+/pcQCjjIAj5?=
=?us-ascii?Q?qJcE3HFXi6h5Cir20K/NeZINpvI18FURzKwk6PTYeOgYQmc8fgihu9sILXVK?=
=?us-ascii?Q?2mEb4/lGw8QZUQvJMRBo6eDTFVoIN4lEFKxtkY5iwFlWtRcgatp5MC14wvvd?=
=?us-ascii?Q?j7Fzb6Apx9412z12w2z9j/PF4YgzG+BhmWdD/HfTNm9rwDOZYYtb39+nBcT8?=
=?us-ascii?Q?z5ioaXb6hgb+wjuBzSUMVgmfFth5U668TUgO9bTT0zCcR6TMy3reEEHJ/1H0?=
=?us-ascii?Q?0GH7JyBcyKOdXHhZhYD4zGkcgjG8pVXG2WThq0vBJf4FhEM1FCKgM32d95QF?=
=?us-ascii?Q?i0pJQFJx97uVWi16gnlMzIU2fTC8yryOaETlR35BYPKEzaRfeeSK+MQq9UCf?=
=?us-ascii?Q?YIWkXSiKXRiPOvqaPZyezY7OvgpT66ySi5bNhMjq0Efrz8urIEsgRqKC2/gm?=
=?us-ascii?Q?s0fO7izOYUK99kSAK+3NFGDh8HwQ1YIhW0C9V6tsJ9oOoZpy/+3rvrW+J3Xk?=
=?us-ascii?Q?AqYU4oZc+yjkO4j3YZgzP/RSGEI0Acab1SKDjwnVwNcl2b3KO+aeGquD+8Dt?=
=?us-ascii?Q?m0ghD0jI0QDdXdbMi7A5KHN43BEvsnk+8it9dtOJABleYqpeZLmLEFGrZdRH?=
=?us-ascii?Q?LxDRugFUhvtoPGGhWOX/Qd5fT2g0sflHa+WIsELKx1HXm4PlShgN4Ib5JrsD?=
=?us-ascii?Q?3eNRu+cS7Z0aPhlaXx9IoDSLLvjvFdCY1Wq57GP+ocsO2sTcoVvmQ9CdkQz9?=
=?us-ascii?Q?v+Rm3S/9YgCK2FuJAqscAgxf23khmZsT+VElJGMuhJxA0U9+cygJ9KeitO60?=
=?us-ascii?Q?nWgsZviEAcOhjDdHRfK1pQb6+SYAY59iIJsaNqUqrgwNcWQkDkQ5sSY8kRGp?=
=?us-ascii?Q?7Ev170dMvBEJGcyuvkMsKeRdhVkiLWhA56bA/S8JXuxVqPgOd6jkLarmns4R?=
=?us-ascii?Q?M62ZIR0NoEEHKeb/UkYSWmYdSkHdrM2Uqi/0P5dg/3yU3+JEON2wwool2Fuk?=
=?us-ascii?Q?cQiC5NC3bXS2+lhD4yfSUlOLU2il5xvHS+SzpDWoJ6w4ICae+/j7KdF36mQq?=
=?us-ascii?Q?fITJcVaVLYia+rP55TxC6BYe02QX3kHIdR2ue471exBHQz96g9ORRNjWYg1J?=
=?us-ascii?Q?EXD4Vw/pEHsPCOewoMnQGj88+6UplZhmMytndvnHyUp6mN08AIhJq7zwXqn6?=
=?us-ascii?Q?xMc=3D?=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?BYV07TI6AvU1j2d6NnbjbP0XwMWq1JVvZ5dVFDoRHpfERZA670CTY2zsAKsV?=
=?us-ascii?Q?khMK8iZ6yU+e3b9q38/myPy57YjV69Voo8T3jtJ3HtgVzcFYUW0+5jcN7snn?=
=?us-ascii?Q?+xCLnwIvwSdUCDHyzOO6vRVnWrulpExBQ3JtUv4f01dhPkjjEEe7lLADj1VP?=
=?us-ascii?Q?fR3G85fncPMk+Gv6OQdX0PuJU84Fqqwe0Hu+iL4cplmBIbnWqOz3J/0Icptt?=
=?us-ascii?Q?cgFNqTLGfjIEQo8FAA6dbawjp86HgwytgKH/ZhSzIT/1iy6x6Hlw6KB5zTFZ?=
=?us-ascii?Q?6/jnAsuasTmhqCS4ejwbVCkWQ767bC13mcDZkVMZJpjv1+NlYrOflO+3Zcmn?=
=?us-ascii?Q?nuo0B0mgIhBIZIPSY1c2PR8Lyijlkux2WB2DBZaQ+UJEBhbnLeyRtuc/msP1?=
=?us-ascii?Q?7cBLHBhntXpy5l8x473da2VvGXT5z7bqJpZ6UO1kEmTyS28IlvNeT28NLYci?=
=?us-ascii?Q?CKHGzy1Zpx5Y8SvvMHmMYXZSD8q2cwUn/08/4sWoAtmBCp8yLeJEHgusgQGl?=
=?us-ascii?Q?jIsXLuV1gUzUODhC6ADGx34Csm+2r/erHriwmEQhZFPP3ZfChT9CySq79sHQ?=
=?us-ascii?Q?HGbG4Q02ErVjQdblJOaworT9dOkKLGNwTROidTLuVsLaotmZKpJV6DTmmfRZ?=
=?us-ascii?Q?oSs63G87ysJLJCzWAfWcT0kblDY7QEn9D2rgjTB/HHQJatET4FzOjcSzgdg8?=
=?us-ascii?Q?PKIhkJXjJHq8lLHj+t7EIWIjcB7cDZck6H63HPHDvD+qp4HJRA3Vd0IcBaS3?=
=?us-ascii?Q?B6WeLISyzJBleod7jXxzuvIp37ocQquaZskX53kzvUAOMvFt9D06nP2rOor+?=
=?us-ascii?Q?S9OOXN/Tfjsya3smJvlFFeX94KJvmb200NG7lhX/eDVyMxid5k/MJ7P8LUwb?=
=?us-ascii?Q?IzSWfhHiI+z0ltK2UsJeBSOGpzoLBFdjqUXw/cOS999pQXgl8zHpuEns7s9h?=
=?us-ascii?Q?upYRzqGdFtP3sW2WxomOMjtXJQBhpPNLu/yG/fI6U3i1+MjRH7BzdN62IfUN?=
=?us-ascii?Q?a0TtaqOQjwIyVUd3dMinsJvl40oQQd8kPGG6A/LYW/2VHrQ7vAznlbPC62qw?=
=?us-ascii?Q?b0sh80qXg6mFrBn2wonctCKm/NA7LoyKlq2/WrPFsbP8cix0QaWCqrfbA1db?=
=?us-ascii?Q?He0w89QVFZqXlPfGapBea+1fpJYMd4Ye6eb+bG45DAMDofJL3wGsGiuJIgaT?=
=?us-ascii?Q?AI0tRnc6X6jb+87leAp1a7PXpNzJcfKi3W4Eg+6TqbvXvrixfgfKz/TUPRI?=
=?us-ascii?Q?=3D?=
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-92255.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 94daab11-c668-44f2-4a52-08dd79645236
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2025 01:49:53.9355 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH3PPF741EA5E89
Subject: Re: [FFmpeg-devel] [PATCH 2/2] avformat/id3v2: Check that
decode_str() did advance
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/DM8P223MB0365A90C10FBC9EF6512F9E1BAB12@DM8P223MB0365.NAMP223.PROD.OUTLOOK.COM/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>
> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> Michael Niedermayer
> Sent: Samstag, 12. April 2025 00:27
> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
> Subject: [FFmpeg-devel] [PATCH 2/2] avformat/id3v2: Check that
> decode_str() did advance
>
> Fixes infinite loop with unknown encodings
>
> We could alternatively error out from decode_str() or consume all of
> taglen
> this would affect other callers though.
>
> Fixes: 409819224/clusterfuzz-testcase-minimized-ffmpeg_dem_H261_fuzzer-
> 6003527535362048
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
> libavformat/id3v2.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libavformat/id3v2.c b/libavformat/id3v2.c
> index 90314583a74..e3f7f9e2a90 100644
> --- a/libavformat/id3v2.c
> +++ b/libavformat/id3v2.c
> @@ -341,10 +341,13 @@ static void read_ttag(AVFormatContext *s,
> AVIOContext *pb, int taglen,
> taglen--; /* account for encoding type byte */
>
> while (taglen > 1) {
> + int current_taglen = taglen;
> if (decode_str(s, pb, encoding, &dst, &taglen) < 0) {
> av_log(s, AV_LOG_ERROR, "Error reading frame %s,
> skipped\n", key);
> return;
> }
> + if (current_taglen == taglen)
> + return;
>
> count++;
>
> --
> 2.49.0
>
> _______________________________________________
Hi Michael,
this kind of conflicts with this patch that I had submitted recently:
https://patchwork.ffmpeg.org/project/ffmpeg/patch/pull.54.ffstaging.FFmpeg.1740873449247.ffmpegagent@gmail.com/
I wonder whether my patch would still be prone to the issue your patch is addressing - do you have a test file perhaps?
Thanks
sw
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".