From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id E7B614DF2C for ; Thu, 8 Jan 2026 03:21:40 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'CE6ziV3NZvdNPQCBthJIj83hJoI3Y8wkntXcdOjQ0Yo=', expected b'yCmtUXeqtkndswz/9hYTnYdgwM2zopHuCZsSnngLBfQ=')) header.d=niedermayer.cc header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1767842489; h=date : to : message-id : references : mime-version : in-reply-to : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : from; bh=FPXnOByAlcSfd2CJoPZMzhcscAueGixeUjWiktGBVdI=; b=az3zQpOojBUSmcUaob5/tC0tX0sN0P9z6R5J7e/LAEHPtJjmhp8Kp9eOOwBE0ZhWG2NEB WflkNWjA1RteRGgnmcN7SiYyqkb7NmWCN1oZ3lTK1S4vLbudZ7v33hwZKzUlyyEjjXFx5hJ nUFHadfbOqkoAGwmTDuu7wH5PoExRrMxfDzeU2Wc1RdH6XGM8YRmQ40rWYB6MYeAVWMe2MN AX+devQTWElkWVQ5PhzNKHCO5wVJVAcucBbt8VvqWOcSB0s8ey1UTb0QEe03bQ+csD1uK8q 2gpMn2P57J1aHlExFscGWt+PWBiAt0OdCfdSd3K5DtxmyeXqorzJuc5A/vzw== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 92E46690DAB; Thu, 8 Jan 2026 05:21:29 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1767842472; b=hPXRx8fD9HAWnBd5MWNcsILlggzWQ2tnZ/QcoPTIbAyJ9qZ6O3arguJID3szpL0JQ8JVs sEDRUIU3Njo1JRpaAclbI/GKc/Ysgk8IU8YCgPCW9fxpjsRe15W4nIytfa4OxBIhQkfYJEq RUsZmFF8ZKyxaCUnv4j/gIgPM096EZKf/1sirnF1KT8PClqT/RJzVfKpQGzj9ep+9XOxcld uMalzjk1CsVkHBNoOsJY4YA8IZ1p1yGX3V/xNXkWVN3ecix7dO7RrZ7rNovsLmZHo82KrhN 4HQyd5qsxi9fuYSJTG+AzOrjYH5xhf42Y42DRarioGJjLByrI79eG3KFd+ow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1767842472; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=CE6ziV3NZvdNPQCBthJIj83hJoI3Y8wkntXcdOjQ0Yo=; b=re4W+9dfTOku8XYhcqDOhAOj4NsXiXLYS2vjefucsGvydCUTwJmwV0jJ++hv3iom5g3Qm IdtQXuCC5UUO/tNZdAT8POBNsMw/AOInOpQM/FGkmja4rV+oJlDG/7c9zZhHFkNRZl4ch7H fNoP/3G/ykIvwq6EcWqrNqNkJeJOUuJ9/vp+2uqcWFmpu52XcA2DREhl0JYJe1uPqSuvb82 5Hh0PWjrG4nggnaEW4kuYo9iakCqUCiWMDxBsW3y5dkKvgifs7hINEcHfJ0BwUITIemOpvz 9vQV5F4yRs+2MJmA4y8Jm8PkI5BSy6hdWba8qfM+MYOi3HbcukzqfBD4zGGg== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=niedermayer.cc; arc=none; dmarc=none Authentication-Results: ffmpeg.org; dkim=pass header.d=niedermayer.cc; arc=none (Message is not ARC signed); dmarc=none Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 44B6F690D39 for ; Thu, 8 Jan 2026 05:20:58 +0200 (EET) Received: by mail.gandi.net (Postfix) with ESMTPSA id 717E443986 for ; Thu, 8 Jan 2026 03:20:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1767842457; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=yCmtUXeqtkndswz/9hYTnYdgwM2zopHuCZsSnngLBfQ=; b=nyZEqmEyUWCrV1cCZdrFKtYwxIcblzfLKnxS/gSiEqIqE44OQdpyvu2/qUB8s5cSZOCuJj C3eXCevMS/OiFtT0vnLv2Dan/0lWd2NRcnPyILJSdoVCojzqQEn0cHv3XyrNeId6NVZW8/ F0ItOBl56tujfmx3tElz9EIgc15Hwz8/xfNQHms5HagUv35zlQA0/A9QhLejisxxx/RztB ZduIyIYQvY+F5fECZOZ+IWHWXxx6RyNyAMy/eAnLXTfe2aeqcGjKA3T3VqeX/6q0tXNem5 ToN88kbpfrMN4Jr+YLZ9HPbgYV3HiC9pWvI1+V2jV3Uq6Qdd4WZ1jI495nPV5Q== Date: Thu, 8 Jan 2026 04:20:56 +0100 To: FFmpeg development discussions and patches Message-ID: References: <20260105003504.1895-1-monsterbat02@gmail.com> MIME-Version: 1.0 In-Reply-To: <20260105003504.1895-1-monsterbat02@gmail.com> X-GND-Sasl: michael@niedermayer.cc X-GND-State: clean X-GND-Score: -85 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddutdegkeeiucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlhcuvffnffculdduhedmnecujfgurhepfffhvffukfhfgggtuggjsehgtderredttdejnecuhfhrohhmpefoihgthhgrvghlucfpihgvuggvrhhmrgihvghruceomhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtqeenucggtffrrghtthgvrhhnpeelkeeggfffiedufeejueffjeduhedttdduledtheevveevtdeiueelhfdtuedtkeenucfkphepgedurdeiiedrieeirdehtdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeguddrieeirdeiiedrhedtpdhhvghloheplhhotggrlhhhohhsthdpmhgrihhlfhhrohhmpehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgdpqhhiugepjedujefggeegfeelkeeipdhmohguvgepshhmthhpohhuthdpnhgspghrtghpthhtohepuddprhgtphhtthhopehffhhmphgvghdquggvvhgvlhesfhhfmhhpvghgrdhorhhg Message-ID-Hash: JS7YCMJQVWU2CEB7IGPXLJJBYQJCLOT7 X-Message-ID-Hash: JS7YCMJQVWU2CEB7IGPXLJJBYQJCLOT7 X-MailFrom: SRS0=puFR=7N=niedermayer.cc=michael@ffmpeg.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] Re: [PATCH] avcodec/dxv: fix index validation against texture size List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Michael Niedermayer via ffmpeg-devel Cc: Michael Niedermayer Content-Type: multipart/mixed; boundary="===============2244230459652732159==" Archived-At: List-Archive: List-Post: --===============2244230459652732159== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RzjPlGSOyf2D2Q85" Content-Disposition: inline --RzjPlGSOyf2D2Q85 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi 0xBat On Mon, Jan 05, 2026 at 01:35:00AM +0100, 0xBat via ffmpeg-devel wrote: > Validate the calculated index against both the current position and the t= otal texture size to prevent out-of-bounds memory access. >=20 > Signed-off-by: 0xBat > --- > libavcodec/dxv.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c > index 07eee253e7..8d11dfe1a1 100644 > --- a/libavcodec/dxv.c > +++ b/libavcodec/dxv.c > @@ -72,8 +72,8 @@ typedef struct DXVContext { > idx =3D x; = \ > break; = \ > case 2: = \ > - idx =3D (bytestream2_get_byte(gbc) + 2) * x; = \ > - if (idx > pos) { = \ > + idx =3D (bytestream2_get_byte(gbc) + 2) * x; > + if (idx > pos || idx > ctx->tex_size) { = \ > av_log(avctx, AV_LOG_ERROR, "idx %d > %d\n", idx, pos); = \ this is a syntax error, that macro doesnt build src/libavcodec/dxv.c:76:13: error: expected identifier or =E2=80=98(=E2=80= =99 before =E2=80=98if=E2=80=99 76 | if (idx > pos || idx > ctx->tex_size) { = \ | ^~ src/libavcodec/dxv.c:80:13: error: expected identifier or =E2=80=98(=E2=80= =99 before =E2=80=98break=E2=80=99 80 | break; = \ | ^~~~~ src/libavcodec/dxv.c:81:9: error: expected identifier or =E2=80=98(=E2=80= =99 before =E2=80=98case=E2=80=99 81 | case 3: = \ | ^~~~ src/libavcodec/dxv.c:83:13: error: expected identifier or =E2=80=98(=E2=80= =99 before =E2=80=98if=E2=80=99 83 | if (idx > pos) { = \ | ^~ src/libavcodec/dxv.c:87:13: error: expected identifier or =E2=80=98(=E2=80= =99 before =E2=80=98break=E2=80=99 87 | break; = \ | ^~~~~ src/libavcodec/dxv.c:88:9: error: expected identifier or =E2=80=98(=E2=80= =99 before =E2=80=98}=E2=80=99 token 88 | } = \ | ^ src/libavcodec/dxv.c:89:5: error: expected identifier or =E2=80=98(=E2=80= =99 before =E2=80=98}=E2=80=99 token 89 | } while(0) | ^ src/libavcodec/dxv.c:89:7: error: expected identifier or =E2=80=98(=E2=80= =99 before =E2=80=98while=E2=80=99 89 | } while(0) | ^~~~~ make: *** [src/ffbuild/common.mak:90: libavcodec/dxv.o] Error 1 [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Awnsering whenever a program halts or runs forever is On a turing machine, in general impossible (turings halting problem). On any real computer, always possible as a real computer has a finite number of states N, and will either halt in less than N cycles or never halt. --RzjPlGSOyf2D2Q85 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaV8ilAAKCRBhHseHBAsP qwMsAJ4kSjE6lRFQvZTWSsh+DDnKU/WG1QCeN5gtlUIRYdzXsh/8uHbFjyoqyEU= =8bTB -----END PGP SIGNATURE----- --RzjPlGSOyf2D2Q85-- --===============2244230459652732159== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org --===============2244230459652732159==--