From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id BD27B45435 for ; Thu, 19 Jun 2025 22:28:26 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 2BF2068DA4C; Fri, 20 Jun 2025 01:28:23 +0300 (EEST) Received: from EUR02-VI1-obe.outbound.protection.outlook.com (mail-vi1eur02olkn2088.outbound.protection.outlook.com [40.92.48.88]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id D048A68DA3A for ; Fri, 20 Jun 2025 01:28:16 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=RO6T6YeFGPrn4AUrLACHaU3JYbbhBWleH2TiepWDLmrRFmaeFA7XpJjoY7DuelNB00OzxRamEcPmL7lO9kOioBXfe4oHZYwgU1DjJ1Zg5Qj5CUCvj5cnjlvMOcC0m9vIfYBjimGRYZw2+aC1d51HYBnogOKS6x/DA3DsJaQcJrFnv9edAfeCzdlk1oaQS0G2SGSHTgzg1+gu/uk4n9NfD1vlEfws8k9wy37PFghyXp7+djO/QuaFc8mhnZxLpsLJ4He4cOJpo//ZoAFQx2F78RG1zKvtk+ZXB3ufO7OTRPsDI9MAfLUjmr0lEZsEZK38cgVNmByvHxCxIU7R/SGhWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bxvw9/13PJpbBDzTvygVziD6IjANWrwzKQMhoWkLTGs=; b=cAr1ZfKaOPofJqZ3r6jGifbXyaRNKj0rauAgw3VNbSfKGcTy6TZ1BDvYTBhn8KVAU+b0DdxFTzCusorQ7zsQddIYdlPaiKF8m4NoLzjzQwM6KAB4nPfogpDomISmdwoYyvq2Tkj4/i3c4/6dCHWw0SOQ8vlNHz9tVQFzKf7WNhWvwicnY+YiKVwdha/um5lBWsqjZw9Cf7bH5OpXHatF+Wzh4sbfqTPnYr7CErtEyyfecumSJpGEVtwYBIuQelKf7VBB1JMgYVN4MAp0Ro2ZfFZUNtyP/mp1OkBqJ8qnGpCl1+V6zwisAhArCe7a0u4xRo5TECez5g7op+HKiJRp3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bxvw9/13PJpbBDzTvygVziD6IjANWrwzKQMhoWkLTGs=; b=pp1jwUZ9urhKUzO5S4qF+VFEWIGkUYytzJv3VPp8KUeW9ubSV74dg05TagZy90CMWTUI01vB3xwiMydYc3UAZF4TNRKfLoA1AtXI4al5cQhZL2iv0PBJL9gifbBtGqt50yPWyxTtWTgLLj51w6CmtzPO3CQ5wFU+3oL/ga9q737EMZdVBTLFLeUo2+L6wSHayxfPXhUUxoqdFoSbFdtpLTJDcUhxDZHqM4phVNAhO08SXozPfkTWemsrEXbx6cUcdGHdXr72hqINWzzT6n8yStwLM5WX+g7aW48HhQtldw6exkjFIy/t+h8uiSzHPe/KywkbZF0b+8W1m/9p6tNPmw== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by GV2P250MB1117.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:268::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8857.20; Thu, 19 Jun 2025 22:28:15 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4bfc:40d7:f620:ee41]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4bfc:40d7:f620:ee41%2]) with mapi id 15.20.8857.020; Thu, 19 Jun 2025 22:28:14 +0000 Message-ID: Date: Fri, 20 Jun 2025 00:28:13 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20250619030432.2977718-1-michael@niedermayer.cc> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20250619030432.2977718-1-michael@niedermayer.cc> X-ClientProxiedBy: FR4P281CA0443.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:c6::17) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <554edc2a-1d4e-425c-bbf3-a300df1aa791@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|GV2P250MB1117:EE_ X-MS-Office365-Filtering-Correlation-Id: 311d4d5c-f73a-4d1e-5971-08ddaf8094c9 X-Microsoft-Antispam: BCL:0; ARA:14566002|7092599006|5072599009|19110799006|41001999006|15080799009|6090799003|8060799009|461199028|3412199025|440099028|40105399003|10035399007; X-Microsoft-Antispam-Message-Info: =?utf-8?B?YWEzVitlRnp4QS9tTDA3NFlQNlpqMEUvd2tQcFJnUkpiejY5cVdnZlE2NkVq?= =?utf-8?B?WmlWVERpK0RtUysxQVJ0TDU1YWJWdDRiVi9YUlRWOGRFZzVGM2Vha2VTYlRY?= =?utf-8?B?Q1hRMmloQWwyV3VXbFMyV1RaS3BnUWNzM1NEdzFnakQ1Vk5MdkxjTXJYSHJ4?= =?utf-8?B?emdIL21RWXJHMWdldlBHUWZjU1piVHR1cEtudjRKdmVuOVNTQTVRQ0YwRzR0?= =?utf-8?B?Z1JEWG01Y05oSmw0cW9yV3BwajViV2I4UE5FSStHRzlnNnhWWWZtK09BdTZC?= =?utf-8?B?a0Y5bi85WG1lMGFLek1pc3c5ajc3Vnk4VC96NVNDeGJOMjQweUlpRWhBUWk1?= =?utf-8?B?ZXZhNEowSGY1Y3JkNFFoUW1uVGlyZ01JN28xRFd5SGtVWk5TbEFlTERBWmFV?= =?utf-8?B?VkJJWk5KNFhyd2FRNmpyK1Frc1pZcGNyOVQ5ZStCS2NtUCtia3RVTUtERS9l?= =?utf-8?B?Ymlhc3dwNGdLb0w4c3VhTklRbExYWUJsWnNldDJGZjU2amt4cHlsNW5uZnpu?= =?utf-8?B?OEJRa1ovRGJJUEp0RXhDMGRWc0xIUExoR2pJeXozWWRmbTZlQm5yVW53cjBk?= =?utf-8?B?ZEpSWkljaDN5YitNR2dzNWZ1UEpKd0hjbUpPTEZqcmJZTFZsc1E0RWJ0bmtJ?= =?utf-8?B?dmhveDRlM1M3TDBueHFnQk5JNG42RjJrNVB4M0ZoZWdPQnN6QVhxMlNQUzgw?= =?utf-8?B?dTJQT3cxeGd6bzJWTjhpQWo1VXREbkppRm1yb0l5TVp0eEt4eE1RamxNR2JS?= =?utf-8?B?YlZHaGhQZUoxMUN4TW5UN2phVVdkY0Rra0VzRnN3dmlxZEIvUGRYSkQ2WnYy?= =?utf-8?B?UWdWWUl5Snl1a3JidXJOU3lEWDlPUVZtcjRjMWJFZ2NyVzJGR0M2a3RsZ255?= =?utf-8?B?VXBYdnplS3FOVGlRcURyU281WUxRM01hZkhDZVd5NUlvMVNscTRDOWY0M0t6?= =?utf-8?B?VEtPWFRQVEo0eXVYT1p5MmkyOEw4WkJXTzVvNnN2RkpRTENqY1ZOdGhDcS84?= =?utf-8?B?dG12QzFYMVFrc08zMWI4RkVXSVN1dkJQNk1qZTlDanZPZ3NxaXUxOWNhVnNF?= =?utf-8?B?T2F2VS9WVmVnVkFGWDNUR0IwMVQyMU94RHhUWmVUemc0L0dOS054TlZDb2RK?= =?utf-8?B?MlQ1Yks5ZCs0VVRpTnorekg2Y1E0OXEzaU1LOC9vdDZwV0Zvbmt1UWRFRjZD?= =?utf-8?B?TFU0Tld2eWF4d1RCakJLbGQ2UzhicFV4VkxwRCswdDVRUDdTSUNHd0RSSDNC?= =?utf-8?B?Z1hFLzNCemVyKzU0L2J6RmZUcmhQL0VtVVhsWW1Mb1RmNCs2ME1sTnFMT1Jm?= =?utf-8?B?UzU4aGpsSzN6dm1hbS9BSW9TQkM1R1MvekR2ejdtZWM2VmNYUEhJVHc5NTlo?= =?utf-8?B?V0lqOXZ6akxyYVRzMlpsd2pEUERzTTZhVVJWeGFMYnZNRjQzYlRBczJtSXZi?= =?utf-8?B?elJoRkczeFptNVh3TlFPRVkvZGhCQW42TjdpL0ZTSEdIOGtMdXVFN1NuYmMv?= =?utf-8?B?aVJMRWRtWGlTTG5OYlB5bkZseVRDS3RCOWs3S2VoQXVtZ01FMjFpWElqRUkw?= =?utf-8?B?Nmxmb1NnL29LdnFZNTBMWnFVWk1DV3k3bUkvVjNKazFGWmVIY3BNUThtT0JH?= =?utf-8?B?elpYU05BMm1LNnE3NEJNWG1vZllvSjlOQmhEN0pGRDAyUjdXOE43SWJqeUQx?= =?utf-8?B?V216eTdZR3FtekdXZXd5MWJZUVdXZUNibGhXNVFGUUt2MzJxYjZLOFR3a2FW?= =?utf-8?Q?cj4Eig+dV7g7QR7+wX4sS/woa8tgnvavXylNPG/?= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?RGlwTkNrRUVZc3hRSlJIaUlGUm5ZM09mNnFKL1djRTViMWhsYWpLREVsZVZm?= =?utf-8?B?aVVEblJFeHM3dHgydUFuemsxaHBXbGJJMHRXTVI1Y1krbnRzNGZIWTZPN1dn?= =?utf-8?B?SkNGZ1drTGZ4R3BmemlCSkdoVHlYdzQ0R0ErYUdhVE5ZTm92M0lJeDlrZUJF?= =?utf-8?B?eHZwZ1lqbnlCTlBWNlRyWFZ0YlBhenBIeVJUeXYzQm5MRmJTN2tSN1N6UDNX?= =?utf-8?B?NnU2ZlF4eXNKSFF5MDBBcHhJUGt5a1pScXF5bTZmNlJwTk5XcDBGTzFKNi9Z?= =?utf-8?B?UURyUjQwVVpNUVN6L1pGOGh4clZUYm51SzlCRFNiUmVwUmUzVUpWSUZuZ2hR?= =?utf-8?B?MDhFWVhTSVZqcTcxZ3hVTmRONnVTQ2lKNXRLZkhaNnJCZklvc2R3clNRODRL?= =?utf-8?B?aUR4QW96VzRXQ1UrTmRkN3JCdmxuT2ZXa1ZRZ2EwaHk3a2dibWdYbVFUQnA0?= =?utf-8?B?UzZRSFdtTEc3V1R0NUJBSUt2alV1VE9vM0wxSzFOcU5LM2Vsa3FPTVRCa1dP?= =?utf-8?B?OVlRNi8zYWNzcXBWZTQxenUyQThieGcyNTBhZm53bjJmYnhuQ3Q5bndJSFFY?= =?utf-8?B?eXRRaVFxai9USnNUZUQxVDJ3a1FSM1o0ZVVnNHBjdnhTWDlidkRJaE9BTmtt?= =?utf-8?B?VkIwZU5GdWZzQVVvOHRFNjh0bVE2anFLU01NL29venBqM2VvYncxM3Z0ek94?= =?utf-8?B?dFF1bU1LUkloQklRWjNjQm96OHdCMi9aMGUyRFZDajBVbkpWekZLUWpZN0xt?= =?utf-8?B?V25HbHVBK0dOemNBZkRWTDU2eEJrbmtoTEtORVkydlFHOTRHa2pGMDI0M250?= =?utf-8?B?YWlBYjlwL1EyMUUxdi92U210dmtZVFZLNnoya3RRdzUvRnZzaGFRRkd4Qzk1?= =?utf-8?B?R1VFQ2NCMGtQVWtmS29UMjBhUHNtNU53bUdSd2drb3g2Y0FVdG5HVmtTUk9u?= =?utf-8?B?YzM0YU55aXpTRHlkd285VzBXbkRTTzFranlRWC81RkhRcThZeGk0enBPZE9X?= =?utf-8?B?bWdzWTlJek04eTQ2OVhOS1p5eXQxNWt1bk5tNmFxSk9Qb3pnNDNQU0k1N3ZM?= =?utf-8?B?UlYwQWg3MzVDVy9LeVVkUFFNNjhzb0VYbGsxcCtLZXRLYXVESmNJdmwyakxm?= =?utf-8?B?NUliaDRlVDE1eVhTY3U1V0ZkTFppRUdyekZ5dU9TMjB3Rk1IanFGNVlXTTIr?= =?utf-8?B?QVJPeEo5MEhJZGEwVXE1WXJlemFKNHRZQkdJOXNRRSt3ME1IVitiRzdhQUZ5?= =?utf-8?B?elRUSFRHM0RFbG11VGJSMllCQWtDQTRPd1FLMy9TRDlRY3B6SWFrTmIrZHgv?= =?utf-8?B?VFFJblZiVzkvNEV3d05TSU10dTRBK01uTWlxT0pLdG5qRmJxdlBkcWZUUHhS?= =?utf-8?B?WmVwZTN1UlNaOHFLUW1TRnpLOTBHTUREY3BYSFV2dWl1czI2VGJrMjVSVkZ6?= =?utf-8?B?UzltTEhHQlRySHlZbWZnZGpzLzE4K3RicDFrQ0VSaVhVbHhEaHRXd0NPSlpL?= =?utf-8?B?OFprM2tIRDRxdVRPMUwzejUxOGxEYm4yWEtqK3I1K3d1Y0YvQi9aRlQwQVho?= =?utf-8?B?WFNZRjM5bWlROFN6aE9IRms0bit1R0hzQy9VbzFoakRvOVREWSs1S1BxM2gv?= =?utf-8?B?emI2ZytZam83Z0JMSUtDekFZN2hXcmx1V2hoM1AxUUtFNENiVkVYWmt6am51?= =?utf-8?B?cGVKV0h0M1prZDl2Nkt1eFE1anRieGUvNi9JU052R2tpUVZ3b3ZnMmhsYnZr?= =?utf-8?B?bnVJZ3l3ZTE1WVRCOXRTMXJxN0xUbFYvbUJVdHJyZkRQNVRIOW9kNEtXbnBa?= =?utf-8?B?VzNoTjErQ3h3aG5LMC84Zz09?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 311d4d5c-f73a-4d1e-5971-08ddaf8094c9 X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jun 2025 22:28:14.7090 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV2P250MB1117 Subject: Re: [FFmpeg-devel] [PATCH 1/4] avformat/iamf_parse: Check extradata size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Michael Niedermayer: > Fixes: Assertion n>=0 && n<=32 failed at ./libavcodec/get_bits.h:406 > Fixes: 398527871/clusterfuzz-testcase-minimized-ffmpeg_dem_IAMF_fuzzer-6602025714647040 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavformat/iamf_parse.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavformat/iamf_parse.c b/libavformat/iamf_parse.c > index 71497876ac3..330e01733dd 100644 > --- a/libavformat/iamf_parse.c > +++ b/libavformat/iamf_parse.c > @@ -305,6 +305,8 @@ static int update_extradata(AVCodecParameters *codecpar) > skip_bits(&gb, 4); > put_bits(&pb, 4, codecpar->ch_layout.nb_channels); // set channel config > ret = put_bits_left(&pb); > + if (ret < 0) > + return AVERROR_INVALIDDATA; > while (ret >= 32) { > put_bits32(&pb, get_bits_long(&gb, 32)); > ret -= 32; There is only one way for put_bits_left() to return a negative value: If there is more data in the internal buffer than can be written out. And this scenario is already a violation of the PutBit API. Given that the size of the internal buffer depends upon the arch, it could be that one would have already hit an assert in case one is not using x64. In other words, your check is too late. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".