From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTPS id B77984B8B0
	for <ffmpegdev@gitmailbox.com>; Sat, 25 Oct 2025 22:51:28 +0000 (UTC)
Authentication-Results: ffbox; dkim=fail (body hash mismatch (got 
   b'G/l30N9kKzW5Ee2wznfNab5Zg6znaFmQ9HhgVRkX1zE=', expected 
   b'nX2vi2eKNk+6guTRr6dBvhmA8FwWojCKiRugev5uBAU=')) 
   header.d=niedermayer.cc header.a=rsa-sha256
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org;
 i=@ffmpeg.org; q=dns/txt; s=mail; t=1761432680; h=date : to :
 message-id : references : mime-version : in-reply-to : reply-to :
 subject : list-id : list-archive : list-archive : list-help :
 list-owner : list-post : list-subscribe : list-unsubscribe : from : cc
 : content-type : from;
 bh=FlM2X9f1Q6HrE6iOO6kROxTxohc/ytEyBiPBzZGF+h0=;
 b=YM4TT76J+IF1eIqat+JiNPH9PUUEPPPmk7u+depsTV+vSzX5gNTWkvLP5bubEsxhK7Fy3
 hBxlQbHJPuxl326Jr50BTNf+WVxHmkKxCM4/51QvnJoOmnZBld/LZ/Xga4/XWJaZ+kgRFKu
 RjDNJKXPFpX+6Zamxkjo1PQTruZluGE4lPbkE/opawZAEP1tC56q3VOd6n5bg7NCZJasA7b
 ME2e9Zh58y9pZ2cbS2e7aRXhKYChZc2KGGn3IVwL7AMzCnAgNggBH8QgwK3SeP+pcSG2rsz
 Pky116JUNn8cyWDrZxTTiyDj3EN4UKCMpCJpzUDKov/J48gEQZU19oMM77mw==
Received: from [172.19.0.2] (unknown [172.19.0.2])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 8ED7D68F5F3;
	Sun, 26 Oct 2025 01:51:20 +0300 (EEST)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1761432662;
 b=YRE5NpQeRIqcauBnouOesiEzbUg6s7Fk+jmseBStItfaWZMzn8CApaeRqtr3UYa0a7/TQ
 9CggSjoLc+2+5lA2YPE7VLfcVNp1ISAnfrW4G33u+TSyFiQxSx32rLFktt65O4BP7rtmNom
 0XYAJcIiH6u6aMkOvLvno7W7K5PQnll0iYRTmvZq4ezvRqCn/62w6cbJXjx+aFRyP3wPlms
 Ijnhlr1vQ4uV2hjAwNR6+D4bdRemZSj1sWViJXXkRqxou/XdYFvE4y09fYRKmvl5d6X9UES
 FJQt0QSzfy6/gLns8mpxSHcTmcwJJA6G13CiAFl4WiVFlNLl6uC2gQa5vmXw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
 d=ffmpeg.org; s=arc; t=1761432662; h=from : sender : reply-to :
 subject : date : message-id : to : cc : mime-version : content-type :
 content-transfer-encoding : content-id : content-description :
 resent-date : resent-from : resent-sender : resent-to : resent-cc :
 resent-message-id : in-reply-to : references : list-id : list-help :
 list-unsubscribe : list-subscribe : list-post : list-owner :
 list-archive; bh=G/l30N9kKzW5Ee2wznfNab5Zg6znaFmQ9HhgVRkX1zE=;
 b=NXxmvQnyR1CnkuCxsMK0DMjbGv/zhZxBZDRDPxb+HWDb7AlNBU9B4PF76haYi2q1KMnTv
 /nlqq37L5hJU7owrJ7Eu9cGFp40T+MJisSjvgwqK9uzg4Y3KE39vqccViUY8NdeRINBJqQG
 P/C1nBRQxPuFRwd6THFNu+QWq6l6LOo4utnNgovNZA5S46a/TWo7gUiQqayEJTVfImKLBoD
 ld18NE5Alfn6bQzwXKRm7kVu/pO0crpl2GHoAueTbIuaHfX0aNAQGEAR97DthUIKJDVeOea
 +TtKJ+YM7a+wvp+Nf61KBCNsBjwTedCw+D1cO8XiPyHBC/LodY9kW1c3q9nw==
ARC-Authentication-Results: i=1; ffmpeg.org;
 dkim=pass header.d=niedermayer.cc;
 arc=none;
 dmarc=none
Authentication-Results: ffmpeg.org; dkim=pass header.d=niedermayer.cc;
 arc=none (Message is not ARC signed); dmarc=none
Received: from relay6-d.mail.gandi.net (relay6-d.mail.gandi.net
 [217.70.183.198])
	by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 0C12468F25D
	for <ffmpeg-devel@ffmpeg.org>; Sun, 26 Oct 2025 01:50:50 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id DBDB943244
	for <ffmpeg-devel@ffmpeg.org>; Sat, 25 Oct 2025 22:50:49 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
	s=gm1; t=1761432650;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=nX2vi2eKNk+6guTRr6dBvhmA8FwWojCKiRugev5uBAU=;
	b=awit5PE+x8dZ0h+38Bz4agQLPxvCFsmJntasOURb/5om8eW3T4Y9rKCRYw2riR/YQ1ki39
	kB/4rJyWZYmbhE+PNd199OEXDn9U/Yj29oCjlRmx5+eq78kG+U0JgHZlGVed3q7QwuBi0V
	jSn1wdvrfs2SMBJHDqwR/tLvzljYWo2K9eGxQtBvEfKS0Tu4LDOXiQlFYXwld8vmvOjuVt
	WDFgA3Ek+6Cx4HSWaJQdf9CPvdPT47fGZBz+SHw8xAlIl6C6hwOuo/emXEA1oXyBQchpU2
	gaCqiwgSXUB5UESZXFduiMXeOyOg3G3Oor10UATwIgfI6QHeSjIhRcK0Lm2UDw==
Date: Sun, 26 Oct 2025 00:50:48 +0200
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <aP1USITLYV29opl7@neo>
References: <176133193030.25.2306743551918367776@7d278768979e>
 <CABGuwEnzytRRoJSzjoNGsxNeJhkJiapk=vBVtaWmtAjiV=qN=g@mail.gmail.com>
MIME-Version: 1.0
In-Reply-To: 
 <CABGuwEnzytRRoJSzjoNGsxNeJhkJiapk=vBVtaWmtAjiV=qN=g@mail.gmail.com>
X-GND-Sasl: michael@niedermayer.cc
Message-ID-Hash: 6FPWR57HWIVYBXGEHHSK4FPE225I775D
X-Message-ID-Hash: 6FPWR57HWIVYBXGEHHSK4FPE225I775D
X-MailFrom: SRS0=nDLp=5C=niedermayer.cc=michael@ffmpeg.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; header-match-ffmpeg-devel.ffmpeg.org-0;
 header-match-ffmpeg-devel.ffmpeg.org-1;
 header-match-ffmpeg-devel.ffmpeg.org-2;
 header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: [FFmpeg-devel] Re: [PATCH] avformat/rtpenc_h264_hevc: Check space for
 nal_length_size in ff_rtp_send_h264_hevc() (PR #20746)
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
Archived-At: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/message/6FPWR57HWIVYBXGEHHSK4FPE225I775D/>
Archived-At: 
 <https://lists.ffmpeg.org/lore/ffmpeg-devel/aP1USITLYV29opl7@neo/>
List-Archive: 
 <https://lists.ffmpeg.org/archives/list/ffmpeg-devel@ffmpeg.org/>
List-Archive: <https://lists.ffmpeg.org/lore/ffmpeg-devel/>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Owner: <mailto:ffmpeg-devel-owner@ffmpeg.org>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Subscribe: <mailto:ffmpeg-devel-join@ffmpeg.org>
List-Unsubscribe: <mailto:ffmpeg-devel-leave@ffmpeg.org>
From: Michael Niedermayer via ffmpeg-devel <ffmpeg-devel@ffmpeg.org>
Cc: Michael Niedermayer <michael@niedermayer.cc>
Content-Type: multipart/mixed; boundary="===============3426943211830212268=="
Archived-At: <https://master.gitmailbox.com/ffmpegdev/aP1USITLYV29opl7@neo/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============3426943211830212268==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="HxZCTEP2Nqm5zEjZ"
Content-Disposition: inline


--HxZCTEP2Nqm5zEjZ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Oct 24, 2025 at 06:03:26PM -0400, Kieran Kunhya via ffmpeg-devel wr=
ote:
> On Fri, 24 Oct 2025, 14:52 michaelni via ffmpeg-devel, <
> ffmpeg-devel@ffmpeg.org> wrote:
>=20
> > PR #20746 opened by michaelni
> > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20746
> > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20746.patch
> >
> > Fixes: memcpy with negative size
> > Fixes: momo_trip-poc/input
> >
> > Reported-by: Momoko Shiraishi <shiraishi@os.is.s.u-tokyo.ac.jp>
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> >
> >
> > >From 3924caed9dd6345bcfa5ce09e9dbc8d5403a7525 Mon Sep 17 00:00:00 2001
> > From: Michael Niedermayer <michael@niedermayer.cc>
> > Date: Fri, 24 Oct 2025 20:29:23 +0200
> > Subject: [PATCH] avformat/rtpenc_h264_hevc: Check space for
> > nal_length_size in
> >  ff_rtp_send_h264_hevc()
> >
> > Fixes: memcpy with negative size
> > Fixes: momo_trip-poc/input
> >
> > Reported-by: Momoko Shiraishi <shiraishi@os.is.s.u-tokyo.ac.jp>
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavformat/rtpenc_h264_hevc.c | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > diff --git a/libavformat/rtpenc_h264_hevc.c
> > b/libavformat/rtpenc_h264_hevc.c
> > index 4d222dca75..ea19cb0627 100644
> > --- a/libavformat/rtpenc_h264_hevc.c
> > +++ b/libavformat/rtpenc_h264_hevc.c
> > @@ -196,6 +196,8 @@ void ff_rtp_send_h264_hevc(AVFormatContext *s1, con=
st
> > uint8_t *buf1, int size)
> >              r1 =3D ff_nal_mp4_find_startcode(r, end, s->nal_length_siz=
e);
> >              if (!r1)
> >                  r1 =3D end;
> > +            if (r1 - r < s->nal_length_size)
> > +                break;
> >              r +=3D s->nal_length_size;
> >          } else {
> >              while (!*(r++));
> > --
> > 2.49.1
> >
>=20
> Is this not a bug in ff_nal_mp4_find_startcode?
>=20
> If not, please add a comment as to the reason this condition happens.

added, not sure how usefull that is though.
Its simply that the last is truncated ff_nal_mp4_find_startcode() returns N=
ULL
which is turned into end and then theres just not enough space for nal_leng=
th_size

thx

[...]

--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

it is not once nor twice but times without number that the same ideas make
their appearance in the world. -- Aristotle

--HxZCTEP2Nqm5zEjZ
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaP1URAAKCRBhHseHBAsP
q5q/AJsEbqBWIachCMxTUrOAcmlbQradbQCfVQDrBAnqjYtHPDfeUxDvHOpqrLY=
=WqCk
-----END PGP SIGNATURE-----

--HxZCTEP2Nqm5zEjZ--

--===============3426943211830212268==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org
To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org

--===============3426943211830212268==--