From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 5A7C5493B6 for ; Fri, 9 Feb 2024 11:17:12 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 030C768D13D; Fri, 9 Feb 2024 13:17:08 +0200 (EET) Received: from APC01-PSA-obe.outbound.protection.outlook.com (mail-psaapc01olkn2022.outbound.protection.outlook.com [40.92.52.22]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C8A7B68D0F5 for ; Fri, 9 Feb 2024 13:17:00 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gGhW4aLJQ33bOtpEKg/xorm87U3q3t+Ue90i+8JV8zVACSK+qeEpz9b34N99TKydymJXGUI/JRRUXKZEHGvbHhFJIanSSIAdrBn6LBiVFX6uyaa5vY03j8x06IZG1JnmVXfsjPg/J3dglfnJKEPDv1nafPcuRuCIt0rQPxFW3sSOT8cK8mAM7Wchhbct9zUH9ceN4I61mlIx93q+3DkmycH+X11VXK5MKh63MmRC64SRFgclqUR+FLuvDsckMouldJn2qiYY6U2c4PGjqfrJPJulza8bxq85uIfWucfbfhfVf37jr+PdwUk5c4cEFxLtINS4unV1TuCxKKVRW6+gYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/ly0u1OxvihW/vplxiYgZjCy96xynEGrXlJxU7DuNeE=; b=P9x5xL8v7YQ9XHjTZIzqCr5fTc1GgUVWztGjk4Sjw6YB6gNSJzRudui/2IB4/J4tu3jzJGDiMXJP6X7dfavqPpYAKAu2VXPZoEJ3uXto2VbrlrprNwsQllwz+rehCSTzGFKmiJ2bMA2z+eRadjQ2L/hsZK5z8ytkFHy3KnbXIv2L6HgobCXj7/Q7L6u7DfIyeUtl2gESXZRXDy2EgH9KGLTyLWyuM7MlAbzfxM9jkPtQw3AAkyXOC+qrTpsfUPNlb9IWcxN9x7GmhUKlQbDAgzVMI+Xa/w99cxopaEWHlPLVEfoqFAJIKMbWxdDrq3ow/kw7FPIqPj4u2E9j6VodKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/ly0u1OxvihW/vplxiYgZjCy96xynEGrXlJxU7DuNeE=; b=FuWwpmhX6206dTdc6oxnv7LwjYErcDHnL2yymTLv47ulyZxdsKjDyi94tJM/5XzTe2SfU/xeHc0zvqk/w0F6B6fWJ+BaXRIccspYs2HPEmZVK0GNSPsMMaCTE74vI1cNDOyV4kdNTGBnPS+HsCNTCi+q12dASKOuXz52QQQ+7y9aj8LvncByyVvygEVpmsafYyG6lQOJYT8CeLd4AVCB6RrurHCtPs6p5wVlZqsc7UfayzVEdyFLEtFJ4F79jT9VROw4+1123JUmjSSF67X81Bsz9Q7z6Bdh/nYY4RCF42w6IIyUVfRhxOGpJjLgB2NTrE9zMsPVXAVg4INfUQohZQ== Received: from KL1PR06MB6426.apcprd06.prod.outlook.com (2603:1096:820:f7::5) by KL1PR06MB6944.apcprd06.prod.outlook.com (2603:1096:820:125::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.26; Fri, 9 Feb 2024 11:16:51 +0000 Received: from KL1PR06MB6426.apcprd06.prod.outlook.com ([fe80::3e72:c290:f9b2:7be4]) by KL1PR06MB6426.apcprd06.prod.outlook.com ([fe80::3e72:c290:f9b2:7be4%4]) with mapi id 15.20.7249.039; Fri, 9 Feb 2024 11:16:51 +0000 From: Nuo Mi To: ffmpeg-devel@ffmpeg.org Date: Fri, 9 Feb 2024 19:16:31 +0800 Message-ID: X-Mailer: git-send-email 2.25.1 In-Reply-To: <20240209111631.6026-1-nuomi2021@gmail.com> References: <20240209111631.6026-1-nuomi2021@gmail.com> X-TMN: [6Gb6tdDcOsIIGJfoq/u7h/PHjN1VP+ir] X-ClientProxiedBy: TY2PR06CA0017.apcprd06.prod.outlook.com (2603:1096:404:42::29) To KL1PR06MB6426.apcprd06.prod.outlook.com (2603:1096:820:f7::5) X-Microsoft-Original-Message-ID: <20240209111631.6026-2-nuomi2021@gmail.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 2 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: KL1PR06MB6426:EE_|KL1PR06MB6944:EE_ X-MS-Office365-Filtering-Correlation-Id: 3c0e23fe-cba5-40e3-4a95-08dc29609d0a X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: hVVJAF4YufDU2mtqRti5KTOa7F9CSIgQcH5JP7SwXVm3ZPRGTLn06FaGgTr6yC8tW4oXRizrLBL6uqJ4zGHZ/V5v7PfZqXNYDqPXxzI1FinmKPXrEZmxK8bhSJgR2lM6EO4btrGpGT8wGWNbJXTz7MEBR03KJberQidD9cgxMLkRfI2MwvUdGZqwZ1bXSCa9iQ1+0G634ms4uDFyD6geIWmpKgC+EiNb+9DLo/wuCbGav8oXEjW5xmTER6xfzzTPxrmxyeLFuICHcf28iT2ASHdNYiN38M50eC2WQSJt8uRdIpqm7pb/TYJzzmBu8ji/ezuyv3LFCvd+PX6+tINAx+HxBnfhtARyVJO/UMkbHqzB0CHQg8sb1DoovqWFRQl2ag2m4+SUZM2K0wPf3JgJ5fhldsbrPbuorlNH/Lz1aeG2EvdrvlkFBwlW11OOQZbXJ+YtVX9UB1z522/SQ8apxCdEAp8XaepE+V9lMIXyBtNu8CgHK85f+Xa9MjXhvW/NetebNFmHulaQ2TQvfbeSq/XuOLjKDh2KmvVaHMii2oaLwg/KNHX8M1L7yx5WEUwn33yDYtDMpYlAMDR/yus+jf2Aom+frUzkBGjQLr2+b0xb//TTA4Tek4GeTvvjVRBs X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?ciI6VewNRZLbngel7sUPuRtj1dL4ha6Rgscjnv4TjZC0z+8ECUPGqjaBRF9g?= =?us-ascii?Q?yPM8B6dXIcd1YfV9XHjO/JZ96LfTIjJc83wGqqqGvHPMQiqeTAxjtR/sYgpU?= =?us-ascii?Q?omZxVU1SD8EgcVumCn/ujwUqXY1qU3R+lBvGAAFg4LBAJsR3yx7VlBqDvLGZ?= =?us-ascii?Q?xXu2xY0u5P5KMMWkwjsuASExmfrUtPXfmMaDQFUIM/5KhTwFN+UMTLcar7CJ?= =?us-ascii?Q?J95236jMtRhGi+WMEiKTRkXEVHo/r+OxqzL9D1z99uACMMfqVIqoGCQWGO6H?= =?us-ascii?Q?U6lJnYQ4NXffCQR+cKyos29t2fdNtkPfeLm48h+K0k2CtqOy9zPPsBhKZVVM?= =?us-ascii?Q?VRZnpADUiMNXq3TAqveazJLU99JiWKPZ6X/7taB4uyJ6QPkzCN/SeLkHyt3w?= =?us-ascii?Q?iYa/dJB1fU/jd8tJGdYxJVPF9WlntDS59xUb/29jvqj9gAhjuZSFSvbvpNwZ?= =?us-ascii?Q?07dvTnSHMhDvckIyINhYpukBBBISeCZi+zhl6pwIFizjVDLUcenbTv0hzQsO?= =?us-ascii?Q?d66GeSXAj51UHCUUw0cIPY7KEfaRs5DVtUWoUnkCoRtWchB4LOqsuLcA0YOe?= =?us-ascii?Q?cm6CW6kfGZbVMwphgBuZ9vjDhfib9T/MJ1608Fm+y7kRETt78R3sivcz/ej5?= =?us-ascii?Q?7mbrGjKrQgxHigbjb9WA62sWt+oF+/T5x5t6kUe0JZ3TeB4AZQcE5Xplq5pA?= =?us-ascii?Q?z5MzD4iO2HlpNkiToGWirbdyinFZeMvCHBeN8mCfiw4ToAS8dCTJk4sPQWYW?= =?us-ascii?Q?QouprUzZmHkUXVMDD1NgatditJVlWnU0DiJlNv1+0WimahZOKi4r0WLMvcxL?= =?us-ascii?Q?DFaEEKgcptoFiu2I6FlWf5JYRyI8ZsdL/n8ubedtv5gLFE21CYk1Lkf8j2J9?= =?us-ascii?Q?kSSzYbG+4hP8sZyWJWKPQWuzBpfJ1E4va30rUs0tCkFt2ZuwSgGBYYsQrhbl?= =?us-ascii?Q?tpouiOalk316nmVlYsP823RHFfY1BAZUZDsZcgszWxdaha4vTSQ55DvxE1Pb?= =?us-ascii?Q?E4NTfc63po2JRO3r6yN0ooZgF0OjUqSy9KIUmFOMcvLPgdZsGG4ChDRJ2wrx?= =?us-ascii?Q?Wj3fLI8X+D1dcRnF04iQHoCp57V/jizv4VElMTi5zJqFa9KOyizyhnTmF3wD?= =?us-ascii?Q?ea3OG5uSaXa6orVvvZ48Oua1rSQZ1rGep0W6AFGjhyNbIkS34xxTChu0YUQw?= =?us-ascii?Q?wubv6OFtHJ0P3up024rzh8IuGuZCxxLsyo2HI4uPqjzaNydAs6gFd2tVCQd+?= =?us-ascii?Q?c9ABiqzqD/EOLjFMvPPuSeWYc5yb0Pn3JQCtnZaRnw=3D=3D?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3c0e23fe-cba5-40e3-4a95-08dc29609d0a X-MS-Exchange-CrossTenant-AuthSource: KL1PR06MB6426.apcprd06.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Feb 2024 11:16:51.0786 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR06MB6944 Subject: [FFmpeg-devel] [PATCH v2 2/2] avcodec/hevc_mp4toannexb: check bytes left for nalu_len X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Nuo Mi Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: similar issue as in the previous commit --- libavcodec/bsf/hevc_mp4toannexb.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/libavcodec/bsf/hevc_mp4toannexb.c b/libavcodec/bsf/hevc_mp4toannexb.c index d91229a895..8eec18f31e 100644 --- a/libavcodec/bsf/hevc_mp4toannexb.c +++ b/libavcodec/bsf/hevc_mp4toannexb.c @@ -65,9 +65,11 @@ static int hevc_extradata_to_annexb(AVBSFContext *ctx) } for (j = 0; j < cnt; j++) { - int nalu_len = bytestream2_get_be16(&gb); + const int nalu_len = bytestream2_get_be16(&gb); - if (4 + AV_INPUT_BUFFER_PADDING_SIZE + nalu_len > SIZE_MAX - new_extradata_size) { + if (!nalu_len || + nalu_len > bytestream2_get_bytes_left(&gb) || + 4 + AV_INPUT_BUFFER_PADDING_SIZE + nalu_len > SIZE_MAX - new_extradata_size) { ret = AVERROR_INVALIDDATA; goto fail; } -- 2.25.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".