From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id D5D3C46A0D
	for <ffmpegdev@gitmailbox.com>; Wed,  2 Aug 2023 10:50:44 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E12FF68C5A2;
	Wed,  2 Aug 2023 13:50:41 +0300 (EEST)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com
 (mail-db8eur05olkn2048.outbound.protection.outlook.com [40.92.89.48])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9EC1A68C52E
 for <ffmpeg-devel@ffmpeg.org>; Wed,  2 Aug 2023 13:50:35 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=E447wg+WJRkn4j2bhachO9AIvegtcmHcp8lhuEgwUUXTNBakOvCyhs7iCGqGsZOI8GHdZdZc8svtSHi40Aoy37q6IJ8P06KBU3mBHMRSLWF47p1AnR0ZaOtxMiqlzytfpGWz/KddZaB4OPlH4cDGc3bHJLdpnyf7msupti4JiqlO6WFQe/m3EUEB9MaV/R2uCtZFml2QemWsbElfgqXo7Bu5f9mz1YuDfcDSbeMGLQMMuYObw3e33Lis9jqU3koomrqTQZpSfUb47j4/UhclmgUqaTug31sFwNdWrPAQtzHhPiKqBgLGy3iMmUhNoQFTEvpahmqIVLN7DsJ3x/w4Iw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=Dl7HtLt058h+e3EhHC6QoU7t6GC20AVgPTdToCrFEPw=;
 b=BuhVVAy3ovYltu5IYiuncZ4o9fDSVvpDxQpnStit0OBpknYkqHX/ZtyV3ogjDaeNRSXrpNm1y7GxWIE8+JZaHhywczuBqe47ABhlSXQlHZXl9LDANkLyqsAyZKQc0swh87Q/IEWRXubEE8oWDLXpqoQxmBEIeOtAUyjH04B45JjZKu6PWYhkJT142wgMAuoEsC9faVw1FMZxBiVlpCg98etAiBYCtrx0xpFMiEBRawywDypm5+IzK4ZewI9bIidI07GAzzXCk5Fqkwp9+LLL5uKSwYWas4VfuWvtLepIoJ8JoH2lLu3QXoFbFbfjhjN1XfDKmt/tth5MLmondV2Afg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Dl7HtLt058h+e3EhHC6QoU7t6GC20AVgPTdToCrFEPw=;
 b=iOY8rMaI4tNnBAWtw4j0X2caSwTvBVM1WBuX2u73xLNqmTFFeXUoIdOmYx+JrJq8bTZxwoNkQl0xM2fzdAETkl8osfH0UFGC+Cu3K6sX6UQAkaNj0vG5cIPh9nghORRv6MDcD0ziFLvGaBo5FcCGTkuKa7E3st7h7suvNMzUryHEIyZq+O6aknwjxVxJny4zwp0ScGG/7jJ0mUB5QCgd1iaSQ+/j5YSeLQiKuib3hSDv6vMkHmvUQBnb6vA4Au5a3cirYUE5maFiuIeptdBVoRkxRwSfSFJ+Z21K4/OLXBLnw/cK8h1YtJr2aUhOKkXmX/lkPBAyHHmckht39pW4mQ==
Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17)
 by PR3P250MB0152.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:17e::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6631.45; Wed, 2 Aug
 2023 10:50:34 +0000
Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 ([fe80::4d3a:7ca6:cf28:9e8c]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 ([fe80::4d3a:7ca6:cf28:9e8c%7]) with mapi id 15.20.6631.045; Wed, 2 Aug 2023
 10:50:34 +0000
Message-ID: <GV1P250MB0737A7C62D29753617D1315C8F0BA@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM>
Date: Wed, 2 Aug 2023 12:51:46 +0200
To: ffmpeg-devel@ffmpeg.org
References: <20230802093524.1136658-1-kobrineli@ispras.ru>
Content-Language: en-US
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
In-Reply-To: <20230802093524.1136658-1-kobrineli@ispras.ru>
X-TMN: [CqulCLn3dgeVDrwvN8vObIIehGmYYoOdOfUVpgO+uc4=]
X-ClientProxiedBy: ZR0P278CA0070.CHEP278.PROD.OUTLOOK.COM
 (2603:10a6:910:21::21) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
 (2603:10a6:150:8e::17)
X-Microsoft-Original-Message-ID: <a7b82431-6b11-9238-6cb2-2c20a2c1903e@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|PR3P250MB0152:EE_
X-MS-Office365-Filtering-Correlation-Id: a5fa16c2-b106-4d7b-132c-08db93464c2c
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: HqjosgXdP1r2Z/qd1jxP33A4TR229W6w890lWFGWksrz6NUT3jHnrzumVDMsTQi7p4u5ZYSUNJdDNCj/U5bwbYsybRRBuFcsACms2qKwJ1M9E3eCh9XNqIyHc38zsXZOB4VEDjvfMVTlTpTYC/XkV9DEGAXt4aqeqxP9xDAVsPKFHZJs9eoHD0FZ6QpkWmScDXHZqYjcb1sMfMuyW34kRffp7UTv9hLxJfZk5zqoCl/M+pOqWOD9ZCJM0W5Vs9zRRqrJmvvhYPU9nH20fCxJvzxW0R8n0mFV+EEvfJdr306knd9iM0stGP/yGBQG/zLjZjH/FWifgozrKoK1YsicMQtxPWUiyG3YDIY3onXc+AY1Ikk0ZZuJ/uzMfuOmnL9lexUGZ+yIdA7J3QtAeZWSmDrxky2mqPKi/zuEgvguBDqfHo0WGRMnz+LteYkojCnHLR2x4AzN7G1G8H9cRTVBXU4S5BfzuCy1poVWxBaE2V/24ejrxCo8ZHanMdiHHbskSEMP0eW7k12sStXawtsCH+3huJtXmD3axtAzHbQGq88oNvEWR7SpSDEDqzzKozyH
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?d2RyTmpGQ0JVYnBwMnRUajU3VTJlcGZ1RFlpdEs3djhTRFNsV3lja0ZjbFg2?=
 =?utf-8?B?RE5QL3BLUUt0WWFxSFlFQ2ZqR25uc05hWXJ5ZEFyZG0zcndEbXBxZTBpZHlH?=
 =?utf-8?B?bjVzRHl5aSs0Y21BNXdBQ3pqdk5VS1hkb0tuTGNtYkw4MWhxZDNabEZ0MDls?=
 =?utf-8?B?aVZGUmU0OWliMVFvcUJNK1Y0WmEzRnVtby9WbU9hbHgyWklEK2c4RmtLQ1Yv?=
 =?utf-8?B?ZFl1V2s5OWFmR3NHMkFMT3lweFNhUDdjeU83c1c1TkpJN1ZIVlFWcGNYMDBs?=
 =?utf-8?B?T3ZWUCt0KzBNbW0weTk1bUpLY1B6MlNTdjd0cWl5TFdCWFdVWmJLZmExVFRv?=
 =?utf-8?B?dDBXK2lPMGtBUXhyb2ExL2N3dEV1Z0UrT1p5NW5XNCtwZ2oxS2t5blBtRHBP?=
 =?utf-8?B?QVBiV0NDV3hWb2pLOEs0UzRUZGF2bHFMd2szUnBOYmxRT0U1ZndPaWdyQ0Y0?=
 =?utf-8?B?alV4RlJFZDEzLzJjSVo4NHRqZ1QvT3FsUFRKMjJlaTRYczRaMS9TSXB3T3Y5?=
 =?utf-8?B?VlFoWDZhRzV3KytaNGpTbW01SFpMdkVtVEplZDFBYkN4WW9Ob25SSU1mbkZt?=
 =?utf-8?B?dkMwaW1qcm9UVktLSXJhcE8xN0k1WHlKK0RhdGdNUm1lbnB2YnFVSE1KVEpp?=
 =?utf-8?B?ZjdYTXZPZTRMeHhwV1d4cWlhcC9TYi93cjI0ZThUQXRvQTRKbGhkTmpHdTlS?=
 =?utf-8?B?VzRHei85c2RnejMrQVhQc1pVcXJKdWRuYVRrMUVsOHhYZTRnQmpkSmV6anhq?=
 =?utf-8?B?algwQVVNRkJwcytDODl6Wm5jT3lvdCs0ZmV3enRPblpmbXU5UFhPcmlUbjFs?=
 =?utf-8?B?dzh0L0hBQTRJU3pkMU5QdXhsWmpLZTc3OXhETDRWcEpnWUQ5WGNGMFE1Ky94?=
 =?utf-8?B?b01zV2JZVTNuQVBUUjB1ZTFMbitSZHhDSjZnMjdVcTJTbXlQaXFadEp5ZDB2?=
 =?utf-8?B?Zzh0Q3lIeTVSUzVsVW44bVBoQlR5aEdHbVJUaE40dlluRGs1SklTOE8zTzRM?=
 =?utf-8?B?QVlQZ1VQUitpMnpMbzlRN1F1cFhxUm5oa0hrK2IwRCtiNW1ISlhiVVdDZk5V?=
 =?utf-8?B?MXZIVWRlaXBlaXdyRlBSMGo0TmUzUDBrUlBpZGQvZHBXUDltN2lKWjlXbnNU?=
 =?utf-8?B?WE1PL3dXWFAwaW5MV0hBVUV0dkc2NDJoS0s1T2NidnpIb2c3Q1FlNlAxNk9s?=
 =?utf-8?B?bCtCaWVVYktnL0NKUjh4ZlFOWFpmWHlKODh6SnBqeGZDY2M4Y0xkUERvQUtV?=
 =?utf-8?B?N0diZEZFekVVdlhFcnp3UFVpY1dQalNlbVNRanZSTmJpT0lNQ2xRY01hclJM?=
 =?utf-8?B?RkNDZG0zZlpWNlhEaGNua1hVdWRJdStEYVNhQm9SUXVEdGlDaEgwSVRtSGJL?=
 =?utf-8?B?eElxVEZPU2JQampuVXk0RkgyU3k5SEVISjB2ZnN3cjJuZmJMbjB0NFZMM0t3?=
 =?utf-8?B?R3lkYzdrdkMwazdPZ2IyMTdHTWVpVjlSdVpsWEhCSG9qaGdhcXl1ZS8wR1p5?=
 =?utf-8?B?RkluUG1walBZQldMVldwNkU2NTBTYWpIMEx5c2JBT05mSm9mRnlySGpFSEZi?=
 =?utf-8?B?N1o3bFdRa3BiVXV4L3JKYUdNdHd5cVBKWTBNMmNmbCt4b1pwQXVwUTlYL3Yr?=
 =?utf-8?B?bDh6SDBleGxtdjZNdDQrQnVYWWZxK0hlblJkK081dlMyWGh6U2syMmRXWW41?=
 =?utf-8?Q?F7pP+aldrVa2dFO+/flD?=
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a5fa16c2-b106-4d7b-132c-08db93464c2c
X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Aug 2023 10:50:34.0774 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0152
Subject: Re: [FFmpeg-devel] [PATCH] libswresample: Prevent out of bounds.
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/GV1P250MB0737A7C62D29753617D1315C8F0BA@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

kobrineli:
> From: Eli Kobrin <kobrineli@ispras.ru>
> 
> We've been fuzzing torchvision with [sydr-fuzz](https://github.com/ispras/oss-sydr-fuzz)
> and found out of bounds error in ffmpeg project at audioconvert.c:51.
> To prevent error we need to insert corresponding check.
> 
> Signed-off-by: Eli Kobrin <kobrineli@ispras.ru>
> ---
>  libswresample/audioconvert.c | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
> 
> diff --git a/libswresample/audioconvert.c b/libswresample/audioconvert.c
> index 1d75ba1495..701f4808a0 100644
> --- a/libswresample/audioconvert.c
> +++ b/libswresample/audioconvert.c
> @@ -148,7 +148,12 @@ AudioConvert *swri_audio_convert_alloc(enum AVSampleFormat out_fmt,
>                                         int flags)
>  {
>      AudioConvert *ctx;
> -    conv_func_type *f = fmt_pair_to_conv_functions[av_get_packed_sample_fmt(out_fmt) + AV_SAMPLE_FMT_NB*av_get_packed_sample_fmt(in_fmt)];
> +
> +    size_t idx = av_get_packed_sample_fmt(out_fmt) + AV_SAMPLE_FMT_NB * av_get_packed_sample_fmt(in_fmt);
> +    if (idx >= AV_SAMPLE_FMT_NB * AV_SAMPLE_FMT_NB)
> +        return NULL;
> +
> +    conv_func_type *f = fmt_pair_to_conv_functions[idx];
>  
>      if (!f)
>          return NULL;

Something seems to be using an invalid sample format (either out_fmt or
in_fmt). You should investigate where this comes from.
(Given that this is a public function, we should probably validate user
input; and maybe stop using AV_SAMPLE_FMT_NB altogether.)

- Andreas

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".