From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 4649E4A631 for ; Tue, 2 Apr 2024 03:31:12 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3565368D0CE; Tue, 2 Apr 2024 06:31:10 +0300 (EEST) Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05olkn2101.outbound.protection.outlook.com [40.92.90.101]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C0F8168CECE for ; Tue, 2 Apr 2024 06:31:03 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BpmcHwvchZVXnZYcAnh7AhdxP8Irz86lISO15Vw/W83iPSdREE75Qw4OCS+NjEWubMYRaVERwcZUB0Dkmkm6rDVbYNiqGZqIuTVjc1Zoqhf5gcJO/8PuULodGRAaxOKZIqxuy65CTb14edqlCSj0rQZJBlyU72PUCStxhZNft5BsdgDqTJMt++bCIpYzj3QHVZK07XtBeTdE6+eSFVIYfcZ36b70B3s+3bGYxW17Hwlz7/qlJftWEuJ8cTjLBP/P/T7trsMzYNRcC+P798hmX1/LQI86DVcivrU+mUj5KZKqF3+s7Fv7DNV4zYphCWVrtm/Ux1EI4X/Zz93Wrz33Tw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uvoE2W+PXy1/0l7pF0vjB746xRC9GytI4uYbtA8YQfY=; b=C22Qor1Gc3d60g0OXaWfh+kJclR4RBkiAHq11/dpRKblE1eWaQQH+1wGdU064uOA9+0rBI4pLvfCfUmztpinkdxYYseYgM04zwrFRH8ZXccVZaMl7nysm8EZaBpzkhW2jM4MQlZHEH4Byg5hm40Wp0SWZ/gHvcGIr+paQ1mbxFzvPUr5n8a8sJQGZjTRP6pBOsUi7BDGv0fsTI56NKUbZR1yZnK2fNn/kn8N6HMdteSfO4LL55cHFW/tXm6JDA0NGMvfzrK+AKWXNmU/LbK/cdFK0GExoZYeM1C+l3lRJhzwfBZdbapAzysfRU8fI+G4ONtnqEgVWGkM3OLtyJUy3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uvoE2W+PXy1/0l7pF0vjB746xRC9GytI4uYbtA8YQfY=; b=jaHfBxxDAO36BUS3pna6MaACD33D6+0m6p4hLEtecnpTbZlv5YMdC9ZC3aa9OTqGWQqI2/Hg99r7hwX6ddK7NoYndOLbKM/TEeQp9k3U1wQPQQ8G6QDrnjN2FqRjqoLVA8a2oAN+H75QnOSfnI9A63kpaAqsqusl7aPB+bwpFmD3CLH6RERMlzE5v1zZnEhVu3TrsY3Jj40tbM5fn0RncoALS4IEo6FdTh3uvEmpiiDQaVGcek6X2htWJ5+NoMn6IF8MrCHY7kQ4SHPjGo00PC2ZoXK5dVMVeF2MelhLBD0BeChFTiTP7y8ykxjHHzOCZeB92THg0TH2kcdnl3u1BQ== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by PR3P250MB0273.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:17c::9) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Tue, 2 Apr 2024 03:31:02 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4a3b:cf76:cddc:c68d]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::4a3b:cf76:cddc:c68d%4]) with mapi id 15.20.7409.042; Tue, 2 Apr 2024 03:31:01 +0000 Message-ID: Date: Tue, 2 Apr 2024 05:30:59 +0200 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240402031800.7159-1-jamrial@gmail.com> <20240402031800.7159-3-jamrial@gmail.com> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240402031800.7159-3-jamrial@gmail.com> X-TMN: [Wtbj6KbJYbhN70d+zx2JNX2oCa/doqdVjPcz1c3lUAA=] X-ClientProxiedBy: ZR0P278CA0121.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:20::18) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|PR3P250MB0273:EE_ X-MS-Office365-Filtering-Correlation-Id: db2753ac-a86c-43c4-a993-08dc52c551de X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Dd5D33Sgb3Pl9rwOL94VoCXeYBkjIRiUr0xeBv5+PbAvDoV5w9ifCsjrDIcxUT4x0Wn4Dpzq6OlBGUZ8OhzHo/InSktV+IugnxDTIq+AVGomnBPuikuZd9zY7cTbOT3kw2wV7r+ZDB0Juw6lA0AyK+m8322YY7pn6V+O7mh1GVJpAiKY9hL1F6woGcUBNy/8F1mtSD30RYOlGnVvXkxzB+JC16ad13f2SDwErjUI+obUoxwTW3aw1704QkBSs76Nwm10pOkw1YTYfx6o+HeRTgoyT9dhJ8Dscm4k6axDFC79dwtLQvqp1ZqdhUVN3poTod5Tr5Dc+hdnxXLNtAhO7qdxG/0BYmzCEv7QyTfU+y9NiFvZojIbALhTrPOWbXWed5WmxRth7fqp0Ar6SteDqA1y/AWhctg/VQvBd7saK1XbbK6ijRk8Ka0HAK4WLm5fGS8v2bFvYbtcP9wWW/ayOHK+mKyomrvTMEbSh0kS0UqMd/SYTKw/kGc9JLOz1Ch+ctilqJyWJE3HzhG7Hmr3O4V+dEQlmMNtutKd15ncgjDaH9FmctshaxnZBycg2hQa X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?Q0ZqQTU0dGowbzFNZENkSTlxYk9YUkhtY1I3QXVpandXdzhqd3RGbG9OdkVJ?= =?utf-8?B?TmVRY2hIbWdnd2JrNlFnNVg4YTdFTkdpRkRHQzhURUw1SVRWckZ5bnBlVGY0?= =?utf-8?B?c3J2TWhuMlVMNm5kWkdYT0ZXWkdMc3J5UUpORnNMdnNIdWdSTWNSRHZzcUdn?= =?utf-8?B?TGxRdm4wejFJeGdaMkZ5OXlZNUYyQXhBOFl4TytINkZqYVZvSkNMdlJUWkN1?= =?utf-8?B?NWNYYnpIbFdQbzd0WGhiRTNEZEN4SDB0Q0U1VnpCVldoa1lpNXBzeWVvU2Ev?= =?utf-8?B?c1VsRG16VjdoZWZ5ODliRnNrKyt2ZWx3SHRVRTBidHlGeFRmZXBWdVY0VFRr?= =?utf-8?B?eStZK1FIMkl4QTU2MVRLa3pJNjFBeXg0MFRDb2Z6QXkyVG8wVGxSejRrVzNk?= =?utf-8?B?MEZPZWR6K056Q09GUXVPcyswekpEbEg5UUt1Mnh0OTRzbHp0VnNBeGhUNWt1?= =?utf-8?B?eldMN3VGSVArUWxjbzNlUEpTVkd3UkFOMXlnSXVwUGhJZzhKRFBBVkNHOWJK?= =?utf-8?B?T05XSU5jWk1CeEtuSHVzSWp1b3l1bFJocDJzdUNqMTZ5czRJb1YyQkNpK25K?= =?utf-8?B?bUMyc1VoSW1ZMDNmNE84R0RNVVIrYW8rY3NTbStMRVVvUTJjcXNRaERPeVA1?= =?utf-8?B?SG40MXpneER2dFIwSm1ydTRmdFpOR3huNWgrQ1hvaFZteU5uNitXSm90S0Ir?= =?utf-8?B?dTZGa09rc3hGTnJvK0xYdW5QdTJabjBZamc0cmNaVkZwY1dMMTU4ZUV1Y1VD?= =?utf-8?B?dW9HRjhTcE92dmlaRFFMVXdGQVZmbzZGbmVQNnlsbkRMQjRuR0RIQThvYWNK?= =?utf-8?B?MnZ4L1pHbC9sSGlYZmE4VU8zaG84UHVnN1Q2Y09SRy9hKzVsYm9IY0U1Qkdv?= =?utf-8?B?VWVLbmxFZHpOR1k1bzg1ZmtSK0RFWWMvbDRHMWhxdWFoY2hUNzlLcUFpS1Fz?= =?utf-8?B?WXl6L0tzUU9IVlNQeG0rTzJCN2NVc0Exc0tlbUxDeVRLTEFzMm5zRW5TTjBj?= =?utf-8?B?VTAweWl6Z25oUU5QeDBXYnlkRXZQYXB0RjNhbEJHK0dLb0VFVGNpUzdyVjFM?= =?utf-8?B?bUY3TFNTa2ZyOUtCZ09DMnEwNDlDaFl2b3psK3U1czdMci9ubWJKV1lBQWpC?= =?utf-8?B?bkw5SW5kZGViS1h6dEdUTmk3TWhvZnVuRXF0L0FBTWE2NU5vT24wMEwwMS9Y?= =?utf-8?B?LzMrYlVXQ3E0bHRZVVo3b2tMcTZ1MlhMVStQc1BoK1NLbVd0Z3BnQllVL1JR?= =?utf-8?B?WUFGaWZyQU5vTUdIcGpvTEVIOVYrZEZHNkdKeHFEZWhYSzF1cEdSdHZmaDN0?= =?utf-8?B?MXRpNkhXa3N3UWg4aEZiM3drVmsvZkpnV1RiUERMZTFEN3QrWmc2ZFNUcUk1?= =?utf-8?B?azlwMEpJOG81UWhZenJNWWZCUUwzeXhXRGtHc2grRGtRYldWSThCS1krSlhs?= =?utf-8?B?M01pOUwzdGRaQkN2VDh2QXdza0plRkFiRkpvK0hiNk1nMkhZd1hsNWdaN25X?= =?utf-8?B?V1ZxVjlVYnNVSnB4WmNxa05id2xHdWx3bWg2S0hDOVZ0VGNzRWJqclcrUHlZ?= =?utf-8?B?dWs3SndnQ0lEL08zYUZGQitKWnU4QTVHRFhJSmszWEZvcG1yQzBPd1JOVVlh?= =?utf-8?B?QS92Sy9XeDhEU0QyTEYvYnk2ZUcyQzZIbWlOMFpxYXBVd0lUTWtqK1hnempn?= =?utf-8?B?amx4SGZXdTY3WTI1WnNVQmdpZTlyRmIvampjRkUxWDRpYnp4c0hhMFV3PT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: db2753ac-a86c-43c4-a993-08dc52c551de X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2024 03:31:01.7416 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0273 Subject: Re: [FFmpeg-devel] [PATCH 3/3] avformat/mov: fix the entry count overflow check in the keys atom X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: James Almer: > Signed-off-by: James Almer > --- > libavformat/mov.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavformat/mov.c b/libavformat/mov.c > index a935ef7326..9fca402896 100644 > --- a/libavformat/mov.c > +++ b/libavformat/mov.c > @@ -5025,7 +5025,7 @@ static int mov_read_keys(MOVContext *c, AVIOContext *pb, MOVAtom atom) > avio_skip(pb, 4); > count = avio_rb32(pb); > atom.size -= 8; > - if (count > UINT_MAX / sizeof(*c->meta_keys) - 1) { > + if (count + 1LL > UINT_MAX / sizeof(*c->meta_keys)) { > av_log(c->fc, AV_LOG_ERROR, > "The 'keys' atom with the invalid key count: %"PRIu32"\n", count); > return AVERROR_INVALIDDATA; What is supposed to be wrong here in the first place? The only thing I can think of is the case in which sizeof(*c->meta_keys) is > UINT_MAX, in which case the rhs would wrap around. But I don't think that is what you meant given that sizeof(*c->meta_keys) == sizeof(char*). Anyway, a simpler check that works even if sizeof(*c->meta_keys) were insanely large is "count >= UINT_MAX / sizeof(*c->meta_keys)". - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".