From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id F04FE4937F
	for <ffmpegdev@gitmailbox.com>; Thu,  8 Feb 2024 15:27:54 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id EDC0668D12E;
	Thu,  8 Feb 2024 17:27:51 +0200 (EET)
Received: from APC01-TYZ-obe.outbound.protection.outlook.com
 (mail-tyzapc01olkn2104.outbound.protection.outlook.com [40.92.107.104])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 152E468C338
 for <ffmpeg-devel@ffmpeg.org>; Thu,  8 Feb 2024 17:27:45 +0200 (EET)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=QW1lnTeWYzCR08/8qFYkxCyiqF6zrb/fnq25nU2Z+0WbEXLFjw4eaty9nmdSwCp6xwE5JIAHB3JuBdwUxG2i6GfZP0/FCPN3VV5CsEla5ROa1MQq/z1Llo3/6Sh32aBJ33qsAMlHhg7xq7ayDWiVBoRuXab7evNupoHhMUWK5iXdkTy0ltN9Ikwd4jfoJXW+bcLwTB0trDcSP0trlZonwP9Ux1rBu4xxPeCIx07TpgXp5x2gyDgI//1Nf5hvksm044AU/xib0+1iO4+g2w2+M/v3G174M2fZX6OIUM+/Iy89pFNes1pE35uPw8qTGW3eaaa5EtBG3pqRjoHBo3PiAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=OMfFHDxttik/ZJFPp14NXIahB3Wj4RwuPb9r9o1hkP4=;
 b=JjpgEQMOldEiVkKabwd9DplLjjmOgOHrBl56oo+fIM/D7cP7Yujn91KPXeJYGr5g9n4RtSn+iE01drillE8/rdCw9724Fl13/PNNy0qjkD+i7qvlubctY/WOQlpALvd2GaXiMUMO9cXkbAz+ckEp+uJxOxgpSb8pNwVf4GhUi62gwrfxD/aJSkRGIzK7g/nBRwy4SHA4ftRyKFuYgmOwigELiJZJff+dlAA53mv0TOTPz2ic/GSJTOgq1T1Vgo/+MeI37fp+d54L/N741Z6eQC7k9k1pLj1QMjsQ2j5UbwrGU4TWva2VPawKOS9iE+SbuZn91Hx9x/wSW4wZ+f59Jw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=OMfFHDxttik/ZJFPp14NXIahB3Wj4RwuPb9r9o1hkP4=;
 b=So8mvlvg185cPB/XjQX1qPu3oCPDl5hl+3lIx26bo0TWa2lxLhtgUjPivee9uZJ4+yYHNhgA7Cp0TvmEpOl8rEjsuFctlkCvcUhx8NLbCbEaL3ZxsbabCz2vTDbgl9YlHbfGgSR2pKlKIPl3Z5FTYR1pl9NvUQVbi8rJm40IkUwpObekEKocU44CXUVCnZnq5EmFszjNOJEiqYpMSEx7i+IVU/RSWsa0gp2KeK9hGJfqkYn0Y8DAyHjiX5krImV2tGts8JUD6xd45NyZ4tdgAsbk9QO6QXFBZbI5Rsjgo300NBlbx4xlX6Iiu3BmO95AcjoOV26mLem/o27EsfYSJA==
Received: from TYSPR06MB6433.apcprd06.prod.outlook.com (2603:1096:400:47a::6)
 by SI2PR06MB4154.apcprd06.prod.outlook.com (2603:1096:4:e9::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7249.39; Thu, 8 Feb
 2024 15:27:40 +0000
Received: from TYSPR06MB6433.apcprd06.prod.outlook.com
 ([fe80::e139:fd7a:1b66:a3f7]) by TYSPR06MB6433.apcprd06.prod.outlook.com
 ([fe80::e139:fd7a:1b66:a3f7%7]) with mapi id 15.20.7270.024; Thu, 8 Feb 2024
 15:27:39 +0000
From: Nuo Mi <nuomi2021@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Thu,  8 Feb 2024 23:27:09 +0800
Message-ID: <TYSPR06MB6433FAD9F3799D6F5277EE44AA442@TYSPR06MB6433.apcprd06.prod.outlook.com>
X-Mailer: git-send-email 2.25.1
X-TMN: [BFQXIi9bPPO14MbYbKb1dDkGWPv9hCwF]
X-ClientProxiedBy: TYCP301CA0038.JPNP301.PROD.OUTLOOK.COM
 (2603:1096:400:380::13) To TYSPR06MB6433.apcprd06.prod.outlook.com
 (2603:1096:400:47a::6)
X-Microsoft-Original-Message-ID: <20240208152709.5109-1-nuomi2021@gmail.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 2
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: TYSPR06MB6433:EE_|SI2PR06MB4154:EE_
X-MS-Office365-Filtering-Correlation-Id: c71ae034-3ed0-4909-ff52-08dc28ba7b41
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: svMbKLy66xozcpFblTSP5S2RFL5jrTCWwhGUrkT9QCqdYhf/alF3Xflk7FOVsTp8LgewB2kTfS5aCl8GDx4dN4L9ph7/exicgYzPd5NOXaTnPKafHE07d9GSMPqDjbkat9FWsfN59BcJj6IdLbZkuxKT+A+Q4/04ScOYiTsDtLC4xgA7ymtEnaTw7z8TTK7F7kLJZP2ddBxPoQxAGHm8vG7qs/AEY5J7qz8GfjLmRwf6R556GhsrFO6e/u6/cWja9mqYlyxHMqdi9jxV9zi/wpYThDkG/znP8yiI0CCZ9GVITAgaHSF0RKVGm8+y/3cbHBca6l9P8QI5kPtQAP3V+SGhu/aJiyOT8UgbXTFfCp9CuhvN9W8NOPBoI2TmDeGvxdajF8akIAzQHU1Pk2R2RpoJA1M5twrSH6tFCNfktbNPU4B3XYHQ/UaM9QzMvrY5Tyh0WbAj3zu9fGYQ89s5I40Vqf6JiOHJJPLxdple+VCud5t0ss6l+qGm9LoBu1Jp1HWD9iB8dACswXSFnKGtCv9UWCorpNPDr4wrPtlYA/4DIOh79Onl7xz5ldBJ1sf3+hBRTUMSKRbQuwR9vjcRcgiMYUV9TJkV5ZxfvbRmjrmMkdmrKdzgvZ8xjR5YjNWv
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?wjQvJx2tEoSsqU9BQIoB85FLmO7yom7Xg9tZvcuX33KuslIVYh18E9Xpjomx?=
 =?us-ascii?Q?ynV2gA1KIT9G/JwigWBkAbU2Xc9FQ+1qCFWphyYUHbcK5fF4ecC0e0gxriE0?=
 =?us-ascii?Q?kmzTHvjkKWx1zyYsaeeo3WvbwnjYSVRF15serAgs/1Oqm8cEFSVx5uVqX9v2?=
 =?us-ascii?Q?OE30MUy0lhnG/ItzwFdbWm9SY5W3r3mrIW/zY4QrjIwLXtrPyJuwFmnR8jnA?=
 =?us-ascii?Q?NtqJ4WBhTq1B8Y4Tivox3bVL2nl2BNdkEPVq11keIeuAjtH34iBACOUi2eh5?=
 =?us-ascii?Q?vuDKB4e87WIIg3MLewdofAKdBW5ktQIHBz45VG7ycl85s0yzdNhxoEmi2Kuf?=
 =?us-ascii?Q?YIvH8jJFfMkplRDfsPRSV9SunJeOcPAy76aQ0QUgPdJfuNbD/LWRtVwdvGeF?=
 =?us-ascii?Q?elhGcLV0Gb+OZNsOJ8n4ttfpJ49pSMAwLTBrgDc75WMvcV+euhXwFt1JzE3z?=
 =?us-ascii?Q?4ijHybNv5bT/4F5KBpMxZfcDvl0EmI8wWkYljzpxGUDgaO2ptVjVEYZXUsrr?=
 =?us-ascii?Q?fp76wgQcyVAO4fgJzTXzHFQtlaOh7rkg6YNIfOKUsVSkbyczTUoMeQfXmuib?=
 =?us-ascii?Q?/sSwr+pUQ1leV8EL1cSqXFEffsg8Wl7o2uz0O7gni0c1qib5ET5lpLeFFCYz?=
 =?us-ascii?Q?4DqDi3ihGsaHTe7yUsHn0pZQCuv9iwF6RYBXv606AkSX/av/s0L+in9knzmx?=
 =?us-ascii?Q?V9cIG4ehm+EOQpveKVVDKf+W3L2NUvTPf51Ko+zmzX8Zf/cGV+6rjwv4k3Hp?=
 =?us-ascii?Q?+BhvboaaCMAz3B3T6j+mdykP+TQV479gMMCkJQL/EGm8nRovs6t6bmsAg48u?=
 =?us-ascii?Q?Td9nKKzDdiakz4ufzG6n0WYE+mYTQW0MshsjZrc386DYQ82XmWPzOKbLkwHM?=
 =?us-ascii?Q?rpqg2cD1/JEfpWN7KK+jTw0wmvvPA7pwhjn51ukMajuSxhDVVCCRMoTVr30V?=
 =?us-ascii?Q?FeTxl8Umu6czvf+QWVbepQ0208cJsPit6pcvhaP0cQ319+Ga+LbjsS0BmOoU?=
 =?us-ascii?Q?Dgf3lv9me6G6c4XCcyeYtgFhGEnPFNGZ9Or5gPtSt1P/XRJMXzhM7LMShSf8?=
 =?us-ascii?Q?dd8YcVp8QFkbJP2yA2KYPe169MEeoZ3PHdASVlTdkIin8CQbcMhbCLpEDwRf?=
 =?us-ascii?Q?uR377VCO4lUdjAlJO0D7W2nVfS4uChbGdEVUNGxvaY2rnjfAr84sEFb9fhJe?=
 =?us-ascii?Q?cLCp28B1C6OTtYMhlHw2ytQdjcufKEiAXZYHwTEae0mzEKmfOn2VAzS/EFJI?=
 =?us-ascii?Q?4jGrYNara+6NTX6JPciK?=
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c71ae034-3ed0-4909-ff52-08dc28ba7b41
X-MS-Exchange-CrossTenant-AuthSource: TYSPR06MB6433.apcprd06.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Feb 2024 15:27:39.1013 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SI2PR06MB4154
Subject: [FFmpeg-devel] [PATCH] avcodec/vvc_mp4toannexb: check the return of
 bytestream2_get_buffer
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Michael Niedermayer <michael@niedermayer.cc>, Nuo Mi <nuomi2021@gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/TYSPR06MB6433FAD9F3799D6F5277EE44AA442@TYSPR06MB6433.apcprd06.prod.outlook.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Fixes: fuzzer timeout
Fixes: 65253/clusterfuzz-testcase-minimized-ffmpeg_BSF_VVC_MP4TOANNEXB_fuzzer-4972412487467008

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/bsf/vvc_mp4toannexb.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/libavcodec/bsf/vvc_mp4toannexb.c b/libavcodec/bsf/vvc_mp4toannexb.c
index 25c3726918..a15c1eef5b 100644
--- a/libavcodec/bsf/vvc_mp4toannexb.c
+++ b/libavcodec/bsf/vvc_mp4toannexb.c
@@ -168,8 +168,10 @@ static int vvc_extradata_to_annexb(AVBSFContext *ctx)
                 goto fail;
 
             AV_WB32(new_extradata + new_extradata_size, 1); // add the startcode
-            bytestream2_get_buffer(&gb, new_extradata + new_extradata_size + 4,
-                                   nalu_len);
+            if (bytestream2_get_buffer(&gb, new_extradata + new_extradata_size + 4, nalu_len) != nalu_len) {
+                ret = AVERROR_INVALIDDATA;
+                goto fail;
+            }
             new_extradata_size += 4 + nalu_len;
             memset(new_extradata + new_extradata_size, 0,
                    AV_INPUT_BUFFER_PADDING_SIZE);
@@ -298,8 +300,10 @@ static int vvc_mp4toannexb_filter(AVBSFContext *ctx, AVPacket *out)
         if (extra_size)
             memcpy(out->data + prev_size, ctx->par_out->extradata, extra_size);
         AV_WB32(out->data + prev_size + extra_size, 1);
-        bytestream2_get_buffer(&gb, out->data + prev_size + 4 + extra_size,
-                               nalu_size);
+        if (bytestream2_get_buffer(&gb, out->data + prev_size + 4 + extra_size, nalu_size) != nalu_size) {
+            ret = AVERROR_INVALIDDATA;
+            goto fail;
+        }
     }
 
     ret = av_packet_copy_props(out, in);
-- 
2.25.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".