From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 7F2F446C76 for ; Thu, 6 Jul 2023 21:07:36 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5ABC568C763; Fri, 7 Jul 2023 00:07:34 +0300 (EEST) Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04olkn2089.outbound.protection.outlook.com [40.92.75.89]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 26A6C68BF58 for ; Fri, 7 Jul 2023 00:07:28 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VOvbBi5T8UBR1QKz7OhLiVPTlQco9r4MPIi//aGa2axhgTLV6/iY+UcDkjYBC8rINFN3+CFzqG6pIoFmKDdoq6i9esu6CC9kwjaV89Nt4boi0pAOJOeWDPJ/eJOp//lDpiL/zS240bTCn4vqQciCb7d/g2i7kAQwfjvwnJ8RcGPVX8rYaZ7DsuOmPa3mgTjfOcOlYZ7oZpa7RAQ/vl46hVAr3un8FYrG2YYfPzdxpH0ooumW343mHbBJhltsAl8ZTqQL8hEHPxX0xMAdfqwjoWNFM2rFcJu2j/4Gz/gEo00IEfQlm5iBKEPwBoLDb6ktY8frPzTKAfbrhLDKFf86eg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=FC+d9oyToBSI1XTebsj7SQCNnHZS4szMD6iSdFzPM3M=; b=dBKgsPd/xyK8iwCTmajLlzOgxx/lGGCEn5qNfqOkWVfRQr1Ko6ZM8CdRg5t5hLKN7rJEQhtBHpudBlqKOQIcPLWweXE4DspabU448IoCaDfcUgE1QPtpUYYpH4gEosKGHvJj3gdLW3iRuYbXF2rV/w+3WQ7e4ADGx4QMdsY1EaMucYJjJ5Nv423H8wIEsgRf/EXda4QhFeJK8pbS7GQnlxVdK0vlnVom7uymiXOI966ZM3VNJPpsLiGtkwRoDEIx6lXgTVwuV8PAhZG7hbxBf0YPBrcYYRPYDV/5GwpKdUuf5y9JPgdpgWZDB0nVb0G7NAw8gGX8401zdwC8ukqg3g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=FC+d9oyToBSI1XTebsj7SQCNnHZS4szMD6iSdFzPM3M=; b=rfpRyddrfe/2dNhSTkAW/bP4c8qxCo1K3vJw4sGq693kTSJPZM4lu6jJ2R3+4wjxPcRpaGBc6KMUVSGnB0Paa+71zem4FgiB9DtFoFq1eFvBVdeslsRyHbxn6pouaJPpMCu38paIqPTB5nVH58NV8mkyUBOo+4eggC4SkiWV79vEo76yfewDEmtnnF7Fn/wHwLsPgO695c26eRziEp/9+2mxA9w4JUU6OhZ+UyZwggMy1BjlNcvRKL2Nf+KhxTz/qPt0tkzdihOmbVy+hAwlaIhkYA/Xzw3p43T03loF1S94T8WvGnOTpfenjZgoxYwpyKXGg5AWoxgCd6pIt69iSA== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by AM8P250MB0376.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:32b::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6565.25; Thu, 6 Jul 2023 21:07:26 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::8f13:2ef8:4559:907]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::8f13:2ef8:4559:907%6]) with mapi id 15.20.6565.016; Thu, 6 Jul 2023 21:07:26 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Thu, 6 Jul 2023 23:08:28 +0200 Message-ID: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: X-TMN: [Uo9jSThSxi4G8A5mUIEAgiLO2Dz3HYaU] X-ClientProxiedBy: ZR2P278CA0074.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:52::8) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <20230706210829.2162011-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|AM8P250MB0376:EE_ X-MS-Office365-Filtering-Correlation-Id: bee314fd-55be-4b59-dadd-08db7e65003c X-MS-Exchange-SLBlob-MailProps: Vs63Iqe4sQndKyqL8642oGsqqqxrclgckbU5QCGR/p+KT8LimJRUszYl7YKjqnpKUL6qVcSiLyM6dfKNmMmdUkKpbYhPSy32gqBiXzbrGrJDfPOZP/V1zi+TpSNmqbxtL9hyWwy/Uap3L8qOY5Cw8qjf0Y0poc2PYHKscbKCwq1VXC+jKSsXe2l8QdnkbJsvZTVCFWCtpKrwWK7SeNv+gNj7WODz0etNo9/agc/iIJTvGsD/iePV94JkrS2BILXJdid94rPEH6564uO3CRqx2Hob6REzJsDwUQQfDwGPdsFsEoDz4UBbZoVXftXNbPC/Qb4YaHhdIn9sBu/P+i/SuNArz7PRjSSvGpQ10DJfORep+VkwZOKAMnqQikuUO7vTr8Q54hTQV9uJHLjSzJMb+2YpMYHm/MM+4ClCPjgPtuGu/BgxETF3yR+eljyc+/t/ys9I67DayVg50Vre+R0xs4dX63R92x+XRy9mt6IgrZ57kYPo7K1L0YGhI+rxjrvaoN5zyEFVQazLWE/lqykbJtliLQYCW3zDYrUyo0rR/a0EnTR0bMVhrCAvQb8xyqi1yENT812bS71VKqF0NOqVkd690dzjBKklTmOboBGHr+PF5Pp9ftlbMyMT0K+4wbdnKKY3rJ9L8sCjFMSj4f+4yq/hVpyEPJKGEBHBmzJVBMndBB7Hap4j0Rwn6PvCfilA+Rbi8xqlAqg92Gua/rIMDW15YOysaWkkwR0QYt3hE4E= X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: CVN/e1QbJXoiapchgg6JL2JYuJX9lh839vo4i1+BATALNc37alIW0wOZxCRvSFiM8KpI2Bg9Rs/E+hwWgJmCmG+DXfYsJ7Tg67M0oeQxZSnrucTNf0xCYVdAUbjYFk330JCpepmoChmBcrLU8EkPCcpNPqXbX7Q8ExnQhfdMPK7l4LNJUVl/9JOPThjOZrMRxfWsxpfhL3jYNGjazxuQ1GBskrpH6ALk98xbq0xEDXPkYrQkeKg59c3byPtRgfOZeZP1qS9QBxzgtIwlS3V2LyTYdQAxnv9dv9WoEy7gM1/Haqbi4lNfJH6WbYZ3SJMOgna301Y3QD4kSpwkX3BL2UeFmXrdWQe99Xw/pyFIvZXBD+IUUV4iAnvCFvGmwUFW/akiHvQiLpkDHQavN84Lqab3BU6E9WZ2AMtCLtwdwR6nNWrEYCKQXHiFAh8GVrnlLCRxb5dywWGdjMbEOXnI92iL7R7hhmSMVrVKMqY0bxmcxtTLetT5tVwanN2zHqCHd+9WQWuBz7DZdClR+FIb197MTv8yiJpcekBJHux3/q3yUzqXbm6LA6KWslFbAr5MiSOJyxKF/JBzGJ/qr7u/R3YKtHAmIAnPrID4E5HH4/O/s77lERB2KUXWia0VySal X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?4ZA8yePU4hi+DS2h7iUyOr88zTwm76WXUfqP7POv1oQHI0gMOunXmBUUxO60?= =?us-ascii?Q?UAZ2oHzKj1IweEdGVXQER5k0ocf4J0ZToQZqEfTst67aX7F0oGK7Zl1tqDNN?= =?us-ascii?Q?SajAvjqiGD9+AByDo4BUaUbeCgLYKIQ6zGQNmZvHLZIdfN+LmXL+Uq71fO0m?= =?us-ascii?Q?LvAE15QLPCQ9Osjp65zqxsKn5KdjJ6Ph1SJf5ACOPW/OReoi8whKB/aNJ/+t?= =?us-ascii?Q?T/70X1sQJkPMh3oHiIu/6qe0luxN2kYoqoFbCIkIBwtGMjMuZlYV3tgFBor9?= =?us-ascii?Q?CLZdNKoK9tUMhRB2u/IPJo89DfMEQKmfc8Ug7w5JYT9Rt+wFQXqZZ8cbi4bC?= =?us-ascii?Q?6JljsuNUugdHckkDiOJvjjzwWQ1JWvIUSfbWGtxqhyl5j0qLCBplA7AKlJeJ?= =?us-ascii?Q?Yit88D8LEG3LSYR9yievtEjCh/XEQlzmQvwDlYPyN4RDsdwKFCKN4gduppif?= =?us-ascii?Q?5qTibdE9+t8F2bACRVHW72cAldeN278GuxTtMvoyGd1NEubE6dgmd8xsuOwG?= =?us-ascii?Q?r5pxAvc21bQYtwY7HzWJiRP+iVfCQeC1Mipm3sEQznAE94aCp0hu7Fj+jFQ6?= =?us-ascii?Q?c+aVzBlZvPCDyd/mXwEfVB1j+APZmKwKdtRO4ojYujIchn0XrEVTv2NgVl7E?= =?us-ascii?Q?cYi6eW2AWk1vQMtMp5pp5OunIFM0EwBdKVo7CwhJR7qEhQPajYG/4n6HrO9b?= =?us-ascii?Q?eCe4m+nF7naxcLJwdwMYFQqsoWem/XscZLaTqyESb6jsG/OxkKGN6QPrS29V?= =?us-ascii?Q?dX42Qy87OO/nc+hsASLlLPWrdlQkLlrwBviPDycM7gBloyxFOw+ud+EukcVu?= =?us-ascii?Q?eRh7o2h5nSebhnLjTxWZfyTnCOWP+jwfd0I/DCe7PjI3by7ipN1BORCIV94L?= =?us-ascii?Q?CjvX+KXmSNf4w/2xXAtl1fDe+eP0lOngL84CzGOt9Y2wJEMhC1VaUL0hObZW?= =?us-ascii?Q?PUgSKTqnNX7UwWG+gzS9m6R67RuJBnQKCQROnmo8dgTTqzwfHWbYZOxFM0ai?= =?us-ascii?Q?TOmbv/JOe3DgSGKYYiUo7RaT6V7o1pS0yEjB0Ya8lW//1TZ/fypuFKqL5Bm6?= =?us-ascii?Q?eoiquSZj5QqSZcuombQPZ9fXGB7YRfh0Fslxth8XGdU/ArMPYrjnBVyKTGAW?= =?us-ascii?Q?XAfkVELJ596FFXlsHCszRx9hxXvSUIen/Tx+JOQ3qUtiRBglzWUmVoyM2gD1?= =?us-ascii?Q?rGQOWoaQrbqXuxYLZR70jt0yYmeoQ4ZZ4FWxOP05oT+FKyA3hJZUNR6y/Z/a?= =?us-ascii?Q?KBXUhKfgR56n6CCN4ped?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: bee314fd-55be-4b59-dadd-08db7e65003c X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Jul 2023 21:07:26.6833 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8P250MB0376 Subject: [FFmpeg-devel] [PATCH 2/3] avformat/evcdec: Check that enough data has been read X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Fixes potential use of uninitialized values in evc_read_nal_unit_length(). Signed-off-by: Andreas Rheinhardt --- libavformat/evcdec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavformat/evcdec.c b/libavformat/evcdec.c index 9886542311..0f464930f7 100644 --- a/libavformat/evcdec.c +++ b/libavformat/evcdec.c @@ -162,6 +162,8 @@ static int evc_read_packet(AVFormatContext *s, AVPacket *pkt) ret = avio_read(s->pb, buf, EVC_NALU_LENGTH_PREFIX_SIZE); if (ret < 0) return ret; + if (ret != EVC_NALU_LENGTH_PREFIX_SIZE) + return AVERROR_INVALIDDATA; nalu_size = evc_read_nal_unit_length(buf, EVC_NALU_LENGTH_PREFIX_SIZE); if (!nalu_size || nalu_size > INT_MAX) -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".