From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 877CF49C43
	for <ffmpegdev@gitmailbox.com>; Thu,  4 Apr 2024 16:40:58 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AC5F668D0D9;
	Thu,  4 Apr 2024 19:40:56 +0300 (EEST)
Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com
 [209.85.218.53])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C785468CCFE
 for <ffmpeg-devel@ffmpeg.org>; Thu,  4 Apr 2024 19:40:49 +0300 (EEST)
Received: by mail-ej1-f53.google.com with SMTP id
 a640c23a62f3a-a4e62f3e63dso157743766b.0
 for <ffmpeg-devel@ffmpeg.org>; Thu, 04 Apr 2024 09:40:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1712248848; x=1712853648; darn=ffmpeg.org;
 h=user-agent:in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:to:from:date:from:to:cc:subject
 :date:message-id:reply-to;
 bh=E3kh6z7adt5caVKSC0Tp5aCjf1YIcot+YyysXLUGEY4=;
 b=jXUhnZlD6PBNbXHp0Rm8L56Wqe8arrbUcWR7NFCQnmIGiMrNLAgKFPYUbpj5CMpchU
 1495UyFiHjvHYLrIpPzOiEwSjVXXGzeqcYHGz6AJd3uQpJGJv4jY8vI1RE3pTs3X/Jux
 APGFL+lOjy5GJHM4TJaY0mWhoEbbvCRQf4CDO6Q1heNdZQVFXI22o5ZhfmENvE6ou5HU
 /1FaJJBpKB/HaZWiblzoZBu4TdDSFzOosdKDaTQrRzAj2skuuXhMMbMFPi9mTl/jKKf6
 0n0nqQfxfSEZQTJOrcWQcrE9qJ23ox1tD4jxjQbANyjB254AePPWZFcph8W+0WKJAz8k
 qoFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1712248848; x=1712853648;
 h=user-agent:in-reply-to:content-disposition:mime-version:references
 :mail-followup-to:message-id:subject:to:from:date:x-gm-message-state
 :from:to:cc:subject:date:message-id:reply-to;
 bh=E3kh6z7adt5caVKSC0Tp5aCjf1YIcot+YyysXLUGEY4=;
 b=ltaxzdS7dvtk/Dybgk2pSqcd5uzzooequV7ynptHWMblpKhExSfk0zXn123BcDpVXT
 ru/06JoUsut++DeJGqVhzLczC8ykJzC3WRr8jiCVZEgFtqf/WW+O0XeKUHJNrTVmxvs6
 XH4KZ0L1qpBZSP/k7uhFD1GitTo0qdC00EGK6SWvsNxELezr4gkmrE16XGXMS4JZmdOF
 49DCx7gSMe7Wk7/UnSEQVSB7VuLOVxUOk/jYIT/MUYopM4LRCDa1Ckch7vgt3W0nD7BB
 2Qu1foVcmcvprh1mJYou7qTihtNAmDcXLfx11BYm23j2pyPPD8CVRB1fIjCsp+sol1CJ
 P7EA==
X-Gm-Message-State: AOJu0Yx7J2tOTGfgYL1T69Brh8V0YNh1ukNRQAqFSdRgMUrUftYrJiWP
 GtzFDCXYO8sSJckqiCRtQ492fzBr+kDb5RynYcpPUqq7qE2ak+F1AcF4SPm/
X-Google-Smtp-Source: AGHT+IHRO1oq82OLFH/SUWKbw8liAFh1wJl7GK9OAvDJ/+0Okb8/56y9V7IOYRUuDQ4joQS6SxCRRw==
X-Received: by 2002:a17:907:7292:b0:a51:98c5:eb52 with SMTP id
 dt18-20020a170907729200b00a5198c5eb52mr218870ejc.11.1712248848063; 
 Thu, 04 Apr 2024 09:40:48 -0700 (PDT)
Received: from mariano (host-79-42-51-175.retail.telecomitalia.it.
 [79.42.51.175]) by smtp.gmail.com with ESMTPSA id
 t25-20020a170906269900b00a4c9b39b726sm9241954ejc.75.2024.04.04.09.40.47
 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 04 Apr 2024 09:40:47 -0700 (PDT)
Received: by mariano (Postfix, from userid 1000)
 id 49AEEBFCE8; Thu,  4 Apr 2024 18:40:46 +0200 (CEST)
Date: Thu, 4 Apr 2024 18:40:46 +0200
From: Stefano Sabatini <stefasab@gmail.com>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <Zg7YDiPa3FxB01Tc@mariano>
Mail-Followup-To: FFmpeg development discussions and patches
 <ffmpeg-devel@ffmpeg.org>
References: <20240404162936.4581-1-jamrial@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20240404162936.4581-1-jamrial@gmail.com>
User-Agent: Mutt/2.1.4 (2021-12-11)
Subject: Re: [FFmpeg-devel] [PATCH 1/2] avcodec/liblc3dec: sanitize channel
 count in avctx
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/Zg7YDiPa3FxB01Tc@mariano/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

On date Thursday 2024-04-04 13:29:35 -0300, James Almer wrote:
> Should prevent out of array accesses.
> 
> Signed-off-by: James Almer <jamrial@gmail.com>
> ---
>  libavcodec/liblc3dec.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/libavcodec/liblc3dec.c b/libavcodec/liblc3dec.c
> index c0a31bc91f..52364859d4 100644
> --- a/libavcodec/liblc3dec.c
> +++ b/libavcodec/liblc3dec.c
> @@ -46,6 +46,8 @@ static av_cold int liblc3_decode_init(AVCodecContext *avctx)
>  
>      if (avctx->extradata_size < 10)
>          return AVERROR_INVALIDDATA;

> +    if (channels < 0 || channels > DECODER_MAX_CHANNELS)
> +        return AVERROR_INVALIDDATA;

add a log:
av_log(avctx, AV_LOG_ERROR,
       "Invalid number of channels %d, max %d decoder channels are accepted\n",
       channels, DECODER_MAX_CHANNES);

>      liblc3->frame_us = AV_RL16(avctx->extradata + 0) * 10;
>      liblc3->srate_hz = avctx->sample_rate;

LGTM otherwise, thanks.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".