From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id C0CAF44210 for ; Sun, 2 Oct 2022 17:16:36 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6903F68BB93; Sun, 2 Oct 2022 20:16:33 +0300 (EEST) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2078.outbound.protection.outlook.com [40.92.91.78]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 944EC68B7BF for ; Sun, 2 Oct 2022 20:16:26 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K35Q9aLtN14enst7P2H7dntdPdnBpBWE+h7E9izPRtxPLXxB7Ph7a2bgdN9EVORWr1yQ7JjNPr1a5CX/dt59exJRA32ODvwxCtsn17jpXQIHYIgUgFnqr60xbHYYx3mmgVS91zyPB408cNacSySPcRLKFPRipoMdI2KFCUpTiTH4G97VkyuuhXX5HOMxE1N9Uv2OPczYrMPqBwFZ18eu8q0G+gx1M2uPjzMnQVuBfEnYyH9nvMKeoh3oS7HSycAqs5qiiMpFMmUTBX6FVwSmBi/+WS8strufz8bAB7t/lzGY9FTxBPFBxvOBjhzsn24gb+puCK+Cjc0Pdy2+3st+pw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ocOJafp2UOlOxCIejA73sYfB0pPfNsfJqCO3hRUkOp0=; b=Efn+oXcjHPZ97p82oUTY6yt8zL5WZtWKQbjIL6e/vopBjgPty/B7mTSupeH20k9vJ29gPUX44TipaRN0Moj3Qm1x0b6pfzk8+ItyFPMMzAWoqJqUNT3x7BuMSe8RO5gVg6JdbXaLo8alZIsW61B6FFMgcsbIbEc3rsR6Wf6lyIRHckYw5fUkId8agVJld8hj25CKcznfaXjWttR/p2n3D1Y6uuitCeCemju/dlYG1MiQ3vnRotwrtc9GOeTuVbu13fXZ9t5d+KD79fK72BryYt6OdaeGhyA0Q4Wto1pU2ewmS46qr2vbtQDlpmRrfWu2Xmd9fa1lefAVbB8GBeWr0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ocOJafp2UOlOxCIejA73sYfB0pPfNsfJqCO3hRUkOp0=; b=lzwGZ2zc3uDzJX0PVghS2OvXwz2djtGRASTDYqSfD0InCR7ypMBDhSutr+vxSTI+5tkXHva1nPAzuIQjD87BGqQClFpdXmwhLBb8gMU+JwmqpcuZxB2Hf8FuXEQvIuItFJIQO4PEHrvOQhfjDVA6gFzzWHhrgZ2ldHowP540GRgvQq7Vu7w7nDel63nt8lcgQnC4Udevlsvy6EF/cQWWHR3pK5orcPjkgQM2q8RaXsPRloX7PsUeVMxbxdgf3AY0nllByfv9OqN8ebEQONw/RIN1JSuPYdx9hJOSH4PO9KAO6BR1sP9QGYcr1uqVzWhckVifsKtmr1+qis3X3Rudiw== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by GV1P250MB0788.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:9c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5654.25; Sun, 2 Oct 2022 17:16:24 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::68bd:2fc7:ac52:38f8]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::68bd:2fc7:ac52:38f8%9]) with mapi id 15.20.5676.023; Sun, 2 Oct 2022 17:16:24 +0000 Message-ID: Date: Sun, 2 Oct 2022 19:16:29 +0200 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: From: Andreas Rheinhardt In-Reply-To: X-TMN: [1OSrkSmDC3lhTsXNZ4o4l7a+opY3erVVze8glVvX7Wg=] X-ClientProxiedBy: ZR2P278CA0034.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:47::15) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <2009be6c-3d31-12a0-0091-dc9a482816b9@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|GV1P250MB0788:EE_ X-MS-Office365-Filtering-Correlation-Id: e25f59a0-5633-4c9f-c63c-08daa499d50b X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 0A9T6f9CVg0JngFKcCYyy2nV8Jw2aVANKd+SGNtpYxHXIJyLk3HDxPvWQS0lwhb/sxoxwhdl1v0Q4WuH83Udp5kqjSVACgxStoyd9oTLUb1v5CqAT7b0antMSuvqFfET4Ypc5FHuALzrfH03NUGDCJlMWnd13BtUl9hWTdljeoc7tdyeEorUbryPIehwX4soE06eHQgFFPkTq+vFURnk9dMhQgvv3DlhQcDKSOlSlABrFMjEOmtT4cUPsJO4PuVQEOrezvgYe55nd5V+rO7r13iEv8M3ty/eTWAJZ+0zOc/RyCZGBUBZ6BDUexgZ/Op7nekkNwibfsYxvqNsaGhevMcvVNHbCsYpPDrDB3TAGjcFLFSg5SU9l7SK0kji0JLuCp2HO+8zGWFnVDvzS6FENxGU+RDPaBVF1TcxjYsPuTnExQ7r2CYKY2lB4Hc06oCUbCSZ3gPEMirfMELLTKXY7ceJNBjWmwEhK4po1HMy07G0xjCgQF1tYZG8fb0ZZcuLXMa2aoUtHVIeS7yqC2nrbVCTN6kmvFofKxLgO9oQkoKv9mXockveh5UBw8hH7NnF0tXA9bnHnid5apYWDKbfBtQ0TAL6AvMvY0A8ISoKC2Ke41OSiY8IZmmzvuEXVn6TIQpZLsPgHXahYCzZ5HvNTSF761FUXhl/Nuv8RHrOc5t5RsRTI76hGRNLdsOKHuKf X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?STM4T00xdm9hSkgvOWJjUVQ4MFlZSVh6UU9xa29ZdnhoSGhRSDV1d3UvVWgx?= =?utf-8?B?L29LNlZ6ckVFNjZDVXdwRzRLeHlsQzhWMXEvcnlCd3BqQ3haMUZ6MXBET29x?= =?utf-8?B?SU1PREZYeDVGdVUzYVFoRmlSMzB6RGRSYkh1VWJHZVpWdmlHZlE3L05JSDA5?= =?utf-8?B?a1YzbC9JN25rckJxd0ROZUptUE1xenJIQnFTaGMrUk5GcVdhTkUvR3RZZkNi?= =?utf-8?B?Tm9qVS9hbWthaG1WZXJLSlBXYVpUckZNb1MzOU1iTkdFUFU0Qk1GN3JnZU5F?= =?utf-8?B?Um82RjR0ZW10bG5WeHIzM1V6OURPcXV4VHBoNUo3QkZEdEJxSnJ6N3YxTTQ1?= =?utf-8?B?MllDUkd6cmRJd200WGxsTHJKa2ExQ0UxYU1QVU85MW5qMXBTUTVCTmF6Tm12?= =?utf-8?B?Z1pnempTQkNHWGZLMGZnTWp5U2p3NVN0U2FjcUZLckViRlNWdk5zVS9CaXg1?= =?utf-8?B?RjFyUzJ0QWlTMzY0Vk1YenpIRHpSTWJFVlNpUFFIbVcycEh2ZWw2WlBmMFpv?= =?utf-8?B?b2Q4YlVJVklKUmd3bFFMMEV2YU1ZTDVJV3hOOWFPRUNsbWIwZy9sR3Q0em1m?= =?utf-8?B?R3gwSlNIT2NObkpRejlIWXdrUTBVdUVpVmN2d3N0QW80aDhvdDFZeG02Vitl?= =?utf-8?B?RTBlTEZ2RTlxczE5Rm9WY3ZxQVkwZ2dmY1VsTWVvSWV1VHlCazJibEdTaTRz?= =?utf-8?B?NnJhYUM3UEtEVVdtL2wwZTVwUXVDUWY3aEg3UWtMOUo1MFBYdWVhOVAzS09q?= =?utf-8?B?WUpSZTRDWnp5alIvUDJ1UmJmS1ZTYlJYMEVnbi92bnVRZlhLR3kxYmhxcUZz?= =?utf-8?B?ZVN1MkMvQkdtRWRYbCs3NmI0WGk1SHl4Y1IySHQ2QkRVQzk5QzFtUTYvY0pv?= =?utf-8?B?WVFPWXpIcnl2ZSt4bGlVU1lzUUdxWFVZaEhHckFWQ3pVRzBmK2pnV0lkNkpq?= =?utf-8?B?QXY2NGdnVWlyZ1VveHl1Rkh5ZXBDM0tZMkQ4ejVyVnE1UnliZFYxUUgrR3Nq?= =?utf-8?B?eENVVE1Qd0FwQk9QaDFaVERGcDR5M3RSTUpVeUNrZnVwcDNTTVBhN1NKTm1X?= =?utf-8?B?WWx2VkFxZ2h1L3cyd3lrYzBFY1Q1VitEaGxwT3NlR2J1cGtyRHpjelltbnBw?= =?utf-8?B?dGZYOVZWMkFFVHBlMXJ4aFM2KzVCeVpnYVFsaUM1RExXNDdMVUg4eExmTE5V?= =?utf-8?B?MEUzZUxkYTc4Mi9JL0tISFRmNS9zTUJ3dG1weThERVRvb2lTR3RiYkNBQTlk?= =?utf-8?B?RExsaXEzK3g5cDh4SUxMNm5iM1ZhRnZWOWRWaDFUNjZEdWNzVjhkR0lYUjJP?= =?utf-8?B?Rm11eEd5VEtGY1R1dDhMdmRKLzUxZUM1cHlVZWY2N0F4SUcwRjY2NUpPS1Bp?= =?utf-8?B?eHl1T3poWFFEc241RmFuMFRIMVZseDVuTlBVaEh4SXVtZlJ3MzlEUXBxZExC?= =?utf-8?B?LzRWOCtqaHlQWFNteWsxM0dMSUNzcUNiSmxVY0dyOUdwVkZQU3FLVlhLVllN?= =?utf-8?B?cVNIenVZVklVcVVadllPQjFaMTQzdDhaV0FrbVBPeXVFMDFsNzJVUTVWcDlP?= =?utf-8?B?SS93Y0pYbEF3RVV0Z21KSllKb2E5UzZ2dytDOFp3SkZtaTE2Y2tLaG9JaUdD?= =?utf-8?B?R0wzcHdVK25DTnV0b3FzcXA0bldyYTNibmtkVVZqclNmNEtNQnpNWjJXb3l3?= =?utf-8?B?MmxXUjRLNUYzZ05wRTIwQXhUTkdKT3MwZVNjOTJhSGZXUGdGTGVIRWJocjRz?= =?utf-8?Q?NFCr6sqt7NTPhIq7UWL4VVsARzXkotWXcrLcOFZ?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e25f59a0-5633-4c9f-c63c-08daa499d50b X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Oct 2022 17:16:23.9647 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1P250MB0788 Subject: Re: [FFmpeg-devel] [PATCH 1/3] avcodec/wmavoice: Don't initialize GetBitContext with buf == NULL X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Andreas Rheinhardt: > Happens when flushing. This triggers NULL + 0 (which is UB) in > init_get_bits_xe (which previously errored out, but the return value > has not been checked) and in copy_bits(). > > This fixes the wmavoice-(7|11|19)k FATE-tests with UBSan. > > Signed-off-by: Andreas Rheinhardt > --- > libavcodec/wmavoice.c | 9 ++++++--- > 1 file changed, 6 insertions(+), 3 deletions(-) > > diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c > index 4438089e51..26744719e6 100644 > --- a/libavcodec/wmavoice.c > +++ b/libavcodec/wmavoice.c > @@ -1900,6 +1900,8 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, AVFrame *frame, > { > WMAVoiceContext *s = ctx->priv_data; > GetBitContext *gb = &s->gb; > + const uint8_t *buf = avpkt->data; > + uint8_t dummy[1]; > int size, res, pos; > > /* Packets are sometimes a multiple of ctx->block_align, with a packet > @@ -1908,7 +1910,8 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, AVFrame *frame, > * in a single "muxer" packet, so we artificially emulate that by > * capping the packet size at ctx->block_align. */ > for (size = avpkt->size; size > ctx->block_align; size -= ctx->block_align); > - init_get_bits8(&s->gb, avpkt->data, size); > + buf = size ? buf : dummy; > + init_get_bits8(&s->gb, buf, size); > > /* size == ctx->block_align is used to indicate whether we are dealing with > * a new packet or a packet of which we already read the packet header > @@ -1931,7 +1934,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, AVFrame *frame, > if (cnt + s->spillover_nbits > avpkt->size * 8) { > s->spillover_nbits = avpkt->size * 8 - cnt; > } > - copy_bits(&s->pb, avpkt->data, size, gb, s->spillover_nbits); > + copy_bits(&s->pb, buf, size, gb, s->spillover_nbits); > flush_put_bits(&s->pb); > s->sframe_cache_size += s->spillover_nbits; > if ((res = synth_superframe(ctx, frame, got_frame_ptr)) == 0 && > @@ -1968,7 +1971,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, AVFrame *frame, > } else if ((s->sframe_cache_size = pos) > 0) { > /* ... cache it for spillover in next packet */ > init_put_bits(&s->pb, s->sframe_cache, SFRAME_CACHE_MAXSIZE); > - copy_bits(&s->pb, avpkt->data, size, gb, s->sframe_cache_size); > + copy_bits(&s->pb, buf, size, gb, s->sframe_cache_size); > // FIXME bad - just copy bytes as whole and add use the > // skip_bits_next field > } Will apply this patchset tomorrow unless there are objections. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".