From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id C45B7449C9 for ; Wed, 28 Sep 2022 18:41:01 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8282F68BBAB; Wed, 28 Sep 2022 21:40:59 +0300 (EEST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-oln040092073054.outbound.protection.outlook.com [40.92.73.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B822768B844 for ; Wed, 28 Sep 2022 21:40:53 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SPWBw1D3FCDed6rDARmf7MTU2/DTv7fvKWCRxwrAnrWVwt5ziZBaA5sGx6Rt6kXwlGm0c3QWOgrFGH6ZtDrHgGvRy6byzhM/mw1JguNUGDK5NgNyD/vDBqv54qCFDa7DruTGVdCadldBXH/8bbc8bF5ZZz9XlZ3CvjfvAZWBGzM6OU84DBZPyf1By7l1/RHzN+3uiGO74zNnmQKldcHqhO0e7q1+Ry82piOzIWDUDbxvJgry9ODevOFvDaiinQr3fppLQXNojutOw0bqgQbK91MbaT8G9GBtedyj8VFHqT5nYoUdQRNblap4qaoUzbURp3CDCO6LkDGDuJ20p7v0/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FBc/5ZX4+gtkum2aZjE7zLIOnJvZsuHaLskXrKasY4k=; b=g87WwzFr1NN4e1WsxvtCt2M0wFsaLpZ4Ym8T7fpAA6P0ijAC5uPDaceM16J7h5N/by1FJZH6bsTmiEFaSMtx1zhhqFXUi9hwKoYMnxeWyAeuVRfzOZ1S5z0A1FVf0IYLVgmoJ4ZojNs3S+HFnvdG+SxEYgEvPNVtNiW+93dqs1hZ8iyr8+8nt1crxa+AYv+QV/UH+VgSWjkX+otD4LzVS+mch/W+DJjJlN789P7/lWJEwDLmH7aWJ6cJIhbFC1rEZL8iawUgg/EFLDgiZTAL2kTXkQguCnQc9OGu5W5qVq3pEqFkK/H+VPZm114eTNVMaeaIPhpQdpAKCqDwRJ7inw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FBc/5ZX4+gtkum2aZjE7zLIOnJvZsuHaLskXrKasY4k=; b=R4a7jId/6PUnh8IlHD4wOPFC8DvcPY+eZjlyPWyWemg2LOP8vMZQvV9ZkfQZ8qYmvxbiLEJ3NMBxW+DRM5j7Uq2DRLJPfAoy6Q76NVeJy/MXzDU9Czhnd8ISlbnmVsiwvNeQxiE44l9AEFL6D6BWtt32BuYQaRsJGClbRdAo5LgLQm9qLY/N10DSS7kJIP239264vM2WoxZYP310HkEVP3c+jRro1Zi/kPTxkEEjCW5JYgzc5cjJE/vreLEjLnm6GSb857y078u1RYxRA1vCZ9rXr0EquV1ffsT/6yCmzsZpcKMGhVfxV9+7+VX4IOsDBT0hRDlN7Lxlz2NdJXQ4pQ== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by PR3P250MB0132.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:177::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.17; Wed, 28 Sep 2022 18:40:52 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::68bd:2fc7:ac52:38f8]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::68bd:2fc7:ac52:38f8%9]) with mapi id 15.20.5654.025; Wed, 28 Sep 2022 18:40:52 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 28 Sep 2022 20:40:49 +0200 Message-ID: X-Mailer: git-send-email 2.34.1 X-TMN: [j825ZLdYfzyTWJEpFdMniUgo4YTox7pY] X-ClientProxiedBy: AS9P251CA0018.EURP251.PROD.OUTLOOK.COM (2603:10a6:20b:50f::16) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <20220928184051.937399-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|PR3P250MB0132:EE_ X-MS-Office365-Filtering-Correlation-Id: b4a1d817-38c8-4257-f2a0-08daa180f855 X-MS-Exchange-SLBlob-MailProps: ZILSnhm0P3kh+Zs0i80mamVaMOhNuFW0+WpKoCAKNkmOIFnxoyTlo/tpGhURSiiuXcyxchA5F+LzBPSfW3P+V6uDb8aDy1dBIz/eQ56lCVvHt3ZMevdng8vpYg3FOFGkEhPtePkgD2IVCn1dpkKZZzyszotCu3HckMuavjRq7n8LPKt6sty5c0nkmwArjGe6q5zI1YTHEfyWaLFVTsmcZ9QLVvC6lgaKnnPNSvkIsaDXa65ViONgILtyARWDbhRU/667BZf9h0tzgF44ZnRRTzKzyec3GdQR5t9lz87ddzQ/1iTM8FM4AwBrVNQZN75UCUbg//XHGLxtL6gRGIzHZfBunYxefVPbGQLi7C4wFji8i26lvyNMPj9yOVDmxBe14mGi9/R2w9b5aaSlX3RDBUkOwvm1ALc3IGzVbWqKSc8MCejxbPVP3vPLv7kUnN8MC7rK6VljZJTFf45YZ3A6Xu9IJ9d/0bJP96Ja8IbHiEeiXUtOgz19x5aos81uw2mr4K1p/dn3Mv96xMcYFSmL305ystvL6yz0SnIs9CjgZDFEHFTAVGk5vPARxRoRiVVgdLJiecaJ83ZJji6iolzwJpt640Q5qt5K4rutPbNqbP6AHOmz5PheiV9SHul7ANjbvVxT304WUdFI6xBlWmasrMmGtDmg/ftui9u4MMk61yGUoi08Tn3Rv5vrz/kD1RRfptJQNcl/Cn90AodRx8gDIGCpVpJDPAnU0g7skb0cGQChX6jLegIPuGPLhKpwRjBnyomHhc2XsOPTZ33dIYcXTiTZy+gAufMF X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LP/Im5ghXMzzPd9K3l1ndA51Bd2HXW/BgKrPVsnShoGLMHdIr/EkY8lKtmH7zUv86+0WYQc/xsC+J3D1Aed4XAYzPM1vWT+lgG8hqCBQvTCn5ghCl10xf6azmWdS5i600foYDr7/S/RW+yAFknilph5H7uUq+h4FRn1UflcKFQqwAsG/PylCFQsavENgC8ROHD70WmzSyZ8NGS6Ad1qCqjxX5oU8Gt31wfxMZo1y4DfIjaTuf7gPKABoFJ99MusPPQLrb9imb4Ty0LDdn2p02oyhMPV9QSJmLt4wZ6xpQwsO/czbpy19Efafq8H3a5ZvBfd+eM02EUXszwgCSfD+PUTnysHJp35pU9rrSfUcCvrzKmFbR8Yzlj75Ju9grH9J1+iYuA55Cx41qO9i5/C2fMafZbu/ru85AefaoCdqm+wTjhZOiwdof5yPULW4IQCBKJOhmlvk0uXPnjjvdHbXlUCFV1nQ8VWxh+Us264NYpbbtV5+9uNXa6cyRisfdu+Tp5ArEoxK7rwL99V9VSZuyvjBRtJ9KcJeSTKqnZddPyirJxolA4OlYQLJzyr7v7RzpLUBwHgEXS2PSoOA3gW73iEWVdcNlAf2hGWU4If4C3f3psT9X25YzPNVPLfulyBzhp6sv1pmfPa1IVPUPXdSEA== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?VZnSdmLzY8nkh5SPrv+udHZ8jCk90xnZzN4/o9rDmv1mNBqIRYOo+nqcGARZ?= =?us-ascii?Q?q13aDiFNDTeNmsMcSfc6KdL/pQWkTmR6HLit7p9NgAsY/+RAgBtvdSDvgKG9?= =?us-ascii?Q?Yj6v/CnLvhrY2PXs9WeWnWJSjR8WVTa164oGPEQ+JLNMnSI8Bh/g1GG7yOpE?= =?us-ascii?Q?w4V2dzccoPG8ru/2vmHKC2cCZ8HW7bRIhC73sx2K5gaAcEI5dG3WM+G/syT8?= =?us-ascii?Q?pP4L6x/9nz4AHhKu54Lsi2daHNoUZeDcP2qiuMl5DFdmWyhb/2ELgmfP1Sbz?= =?us-ascii?Q?gs46jiiK9wkFfRqe1HdQAJSQoDWPx0kElY4V/Pf+UUlWOx9vs5cyowfxXWc/?= =?us-ascii?Q?R2hy8D/J+7FZfk1hQI4K1Fx43sWYc3EXp2WPwVSxzHu5IzE/giJJ1EX6Tpo/?= =?us-ascii?Q?d8ea2gkkAiJEvqv5SrN4KIxGJxfMBCHSS7MKmj02322bUOjtsRnR+lNU95yy?= =?us-ascii?Q?NZCv+yj/vkYp+MPa7Afqq3k0K9LIIyEb9WiXaz63+ZwDTlFVAQ9D3gwT1cXa?= =?us-ascii?Q?pnGAOM6dZQ1HwwCmtCVeVUGbgTB1oW8nA70Iq3h9rBfZ9aAWfZ97JDEc6FVV?= =?us-ascii?Q?2BsFO1I5mj86V0aV0jJT2LKi8uo1zEO2kzq48CRH2iDefiCDNwCadou0kpGC?= =?us-ascii?Q?XR2O7GUGMwR6QkfeHzQ+6Wfr50iH53IZqc6NQKQ8kOBvioptgAXDqFMJhrvE?= =?us-ascii?Q?8bORbBHtNkJBzKCL+ti5RaUdUYMfBJPkMUvZAu+TXR63+ECO5gRCOcyKuEbl?= =?us-ascii?Q?NadARtPG87PmcqTOdIPSw/BG+HDa2pAoJZQIRO6FkDTn6yluadhwRKUve92y?= =?us-ascii?Q?Jk9vLxIWwKk2/bm8rMhPfn73chUixYCBTQ2P8x7kgnFI+LszqJQEv1uryqUY?= =?us-ascii?Q?E5eU3VQNZjFapnV+gBAeRHzwv61NGfG9Yy5TmaFckKpeE0PrM403beVHpLlD?= =?us-ascii?Q?v1ye4I4CoLWIEIWV1TWEfxE/9Tgt701dxooiFo3Jb5X7Aws/5vERvJ2YT49l?= =?us-ascii?Q?Upu+Odi4HSU8R30SRXMPTKMtIGBymvNlzb3R+W4klWtI0gosJOs4ui5jBoeM?= =?us-ascii?Q?EGSY5rLlX62QEX/sMaX4CBJ/ETtlhZXkpHUATJ1FSnPC5GsJhxGZuww6pq2c?= =?us-ascii?Q?fq1AYTHJGkg5Y6kFSjYDIGkVykkEz2Xs+ORBXcXwbsFopD8IWQPAha/nXQcW?= =?us-ascii?Q?I8Igzz+Eqe3Hx5VKPwehTfZ/F3mPIE6/XufqOTCUUsbjUoV9HoONF9iIq3lD?= =?us-ascii?Q?hARzN/bdecLSEb+XGO5nBUOxXiEb9Hqxbk2diLV2xxfuGQIPkfa8xs0Y+ZCX?= =?us-ascii?Q?qW5Rv+ez/t9Uw92UhzE8vdUN?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: b4a1d817-38c8-4257-f2a0-08daa180f855 X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Sep 2022 18:40:52.4520 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0132 Subject: [FFmpeg-devel] [PATCH 1/3] avcodec/wmavoice: Don't initialize GetBitContext with buf == NULL X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Happens when flushing. This triggers NULL + 0 (which is UB) in init_get_bits_xe (which previously errored out, but the return value has not been checked) and in copy_bits(). This fixes the wmavoice-(7|11|19)k FATE-tests with UBSan. Signed-off-by: Andreas Rheinhardt --- libavcodec/wmavoice.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index 4438089e51..26744719e6 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -1900,6 +1900,8 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, AVFrame *frame, { WMAVoiceContext *s = ctx->priv_data; GetBitContext *gb = &s->gb; + const uint8_t *buf = avpkt->data; + uint8_t dummy[1]; int size, res, pos; /* Packets are sometimes a multiple of ctx->block_align, with a packet @@ -1908,7 +1910,8 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, AVFrame *frame, * in a single "muxer" packet, so we artificially emulate that by * capping the packet size at ctx->block_align. */ for (size = avpkt->size; size > ctx->block_align; size -= ctx->block_align); - init_get_bits8(&s->gb, avpkt->data, size); + buf = size ? buf : dummy; + init_get_bits8(&s->gb, buf, size); /* size == ctx->block_align is used to indicate whether we are dealing with * a new packet or a packet of which we already read the packet header @@ -1931,7 +1934,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, AVFrame *frame, if (cnt + s->spillover_nbits > avpkt->size * 8) { s->spillover_nbits = avpkt->size * 8 - cnt; } - copy_bits(&s->pb, avpkt->data, size, gb, s->spillover_nbits); + copy_bits(&s->pb, buf, size, gb, s->spillover_nbits); flush_put_bits(&s->pb); s->sframe_cache_size += s->spillover_nbits; if ((res = synth_superframe(ctx, frame, got_frame_ptr)) == 0 && @@ -1968,7 +1971,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, AVFrame *frame, } else if ((s->sframe_cache_size = pos) > 0) { /* ... cache it for spillover in next packet */ init_put_bits(&s->pb, s->sframe_cache, SFRAME_CACHE_MAXSIZE); - copy_bits(&s->pb, avpkt->data, size, gb, s->sframe_cache_size); + copy_bits(&s->pb, buf, size, gb, s->sframe_cache_size); // FIXME bad - just copy bytes as whole and add use the // skip_bits_next field } -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".