From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 245654DF92 for ; Fri, 9 Jan 2026 02:12:05 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b't4fiIVcWU1Lo4+TsOAG5xNWQQJni1mzzJ5AFuYAlw6M=', expected b'1pSKQ3Jh5XKrzT9id/HPLEmKeyiPs03cWJbbfMrg+Bg=')) header.d=niedermayer.cc header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1767924717; h=date : to : message-id : references : mime-version : in-reply-to : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : from; bh=JMV1/pyv1wuuFcwyxZhIF7xhmF5nQ1l+Ydb2nf1WvEs=; b=svWXHnS6/eicivFqRZLvXgGC/k/kAKjGO39gO4K2AHb9wvwVz1RQKFxKBhqNENXY95jrD tWgdFrdCIFqcZ2icVoRoS74f6d4cgjyAPTrUQCKSWbjd6O4MvAtXCjlo3f66uXR+Dpi2E64 VawOIE3T2QQYV3D7uXWPF2SwwAJSF0Vl1LSShIwypr/D1U5gK30f4iSALQHg/4VK0N3izNW RlRbxVPJcVDAh4MIP0jS1gpFaYm9PPh0OAuP4dqmoESYf/Ge+KBtsd7vOVd6M+AWzQs/6by PAALpKahonwqpJ57zz/WZ8OR8UduF7boIkfJ/sZdj+jtzRpQ0noJ2tmusZtg== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 149EF690DDA; Fri, 9 Jan 2026 04:11:57 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1767924705; b=S3tsztaQvlYYo2XkAp3jpnQlceNMy6SdqV/rvFPJwTMSe7LDJ4GPNpXeKnEXAeoFKDfUz 4K6TLv+3dfgrSK8Rf8Tn8uGyiJdF+GXO7sO51EtaebwueLXkHdvExHIhnrpHUQOtc3EcSXK 8D80H7FSDISXBXtAFoDEnM2SZzev3NAojVjWjTG3y6nHzfcQwz3xaiEPiaBbUFtGhRPrHUk hpa7ee/rROg5T+ytpQXrccOBz9Tj54/h+uP8W8UEb75naW1OjQQBx7HvKdAqLv5q4vx98FP +CNYCsEt5sB/QIJYjGHxHSIEzUSYBH1GhBJNE0zIDrU0nfUk8eHMzL/kOeGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1767924705; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=t4fiIVcWU1Lo4+TsOAG5xNWQQJni1mzzJ5AFuYAlw6M=; b=jcyRXLLWu87zn5U+wABuqe9BRQUGppeg+0ZNUXed2w2frnCxNixxwEwenJ8zLbTrWMN/P lV6xyEImUmc2s0fhWonE1FfjRuMR4lCPxiIfDJVDZqPA8zY8nQliA+olNX9Mzqiev2ut2xt JnnXybkrlXqgbUWmcucN+J4ZiJbNXZcnyjcY1WlH9VdPlm31+11mfbKoQAq69IZZ9D6/9GR TX45ThfHaRmwkXL0IovSq/SP185e/aTqNC/D4/WhyoGhzN+i1Ea3qcSLn4pLIcFuG1/LcGY MA5Rf1Oof6B4dnt8VDkXPIeavySHCuVMJaEa3GWNn++Attdn4TjseX1EaUzg== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=niedermayer.cc; arc=none; dmarc=none Authentication-Results: ffmpeg.org; dkim=pass header.d=niedermayer.cc; arc=none (Message is not ARC signed); dmarc=none Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 9AD95690D39 for ; Fri, 9 Jan 2026 04:11:32 +0200 (EET) Received: by mail.gandi.net (Postfix) with ESMTPSA id 071471FD26 for ; Fri, 9 Jan 2026 02:11:31 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1767924692; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=1pSKQ3Jh5XKrzT9id/HPLEmKeyiPs03cWJbbfMrg+Bg=; b=C+36BQ0aG6XOfwH0hVXY0I030dLiZWEOKvXd01rb0kJiMuzYD2Hpn1YS6axvUWWJ9du1DO 9tag1VAawWQN3LxmENYxjGMjmDfQ8kDsKAbIgF0MQ/bx+rcv8XJ8z3yhj10eq00Ak8IsRh SoWHntB6b3Au6bS0niuDKxMMcQ4O+UdISZRlxa8X5h71xltmOR2hBCsD1g6nJNdXl3DEL5 B2L/JmqJk0IIT03gYTDqUXfVyLi5ZxXCYmuJJhQKC8a5Ce94zfdiE6GjOsAObjPdqQssGX zIuJS06eHmGipqyEOA3JD18dQfaj3P+oM/pXndFMbnKe9UM0Adl6ki3obzu1zw== Date: Fri, 9 Jan 2026 03:11:31 +0100 To: FFmpeg development discussions and patches Message-ID: References: <20260105003504.1895-1-monsterbat02@gmail.com> <20260105003504.1895-3-monsterbat02@gmail.com> MIME-Version: 1.0 In-Reply-To: <20260105003504.1895-3-monsterbat02@gmail.com> X-GND-Sasl: michael@niedermayer.cc X-GND-State: clean X-GND-Score: -85 X-GND-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddutdejheelucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuifetpfffkfdpucggtfgfnhhsuhgsshgtrhhisggvnecuuegrihhlohhuthemuceftddunecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenfghrlhcuvffnffculdduhedmnecujfgurhepfffhvffukfhfgggtuggjsehgtderredttddvnecuhfhrohhmpefoihgthhgrvghlucfpihgvuggvrhhmrgihvghruceomhhitghhrggvlhesnhhivgguvghrmhgrhigvrhdrtggtqeenucggtffrrghtthgvrhhnpeeigeektdejudffjefhteegjedtgeettefggedthfejgfevhfetgeekjedtvdfhveenucfkphepgedurdeiiedrieeirdehtdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvghtpeeguddrieeirdeiiedrhedtpdhhvghloheplhhotggrlhhhohhsthdpmhgrihhlfhhrohhmpehmihgthhgrvghlsehnihgvuggvrhhmrgihvghrrdgttgdpqhhiugeptdejudegjeduhfffvdeipdhmohguvgepshhmthhpohhuthdpnhgspghrtghpthhtohepuddprhgtphhtthhopehffhhmphgvghdquggvvhgvlhesfhhfmhhpvghgrdhorhhg Message-ID-Hash: Z6YUZHSSJNUH7MW23RWH6PROULRM2BKE X-Message-ID-Hash: Z6YUZHSSJNUH7MW23RWH6PROULRM2BKE X-MailFrom: SRS0=t8x0=7O=niedermayer.cc=michael@ffmpeg.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] Re: [PATCH] avcodec/qdm2: check packet size before bitstream initialization List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Michael Niedermayer via ffmpeg-devel Cc: Michael Niedermayer Content-Type: multipart/mixed; boundary="===============0896219723871846268==" Archived-At: List-Archive: List-Post: --===============0896219723871846268== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="wR3VwfxDLSIm3lMO" Content-Disposition: inline --wR3VwfxDLSIm3lMO Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi 0xBat On Mon, Jan 05, 2026 at 01:35:02AM +0100, 0xBat via ffmpeg-devel wrote: > Prevent integer overflow in init_get_bits by validating that packet size = multiplied by 8 does not exceed INT_MAX. >=20 > Signed-off-by: 0xBat > --- > libavcodec/qdm2.c | 2 ++ > 1 file changed, 2 insertions(+) >=20 > diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c > index b2136c6824..2eb1f3be99 100644 > --- a/libavcodec/qdm2.c > +++ b/libavcodec/qdm2.c > @@ -978,6 +978,8 @@ static int process_subpacket_9(QDM2Context *q, QDM2Su= bPNode *node) > GetBitContext gb; > int i, j, k, n, ch, run, level, diff; > =20 > + if (node->packet->size > INT_MAX / 8) > + return AVERROR_INVALIDDATA; > init_get_bits(&gb, node->packet->data, node->packet->size * 8); init_get_bits8() [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Those who are best at talking, realize last or never when they are wrong. --wR3VwfxDLSIm3lMO Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCaWBj0gAKCRBhHseHBAsP qySUAJ0Ut26Mo2OHbac+5D51KjRByQxKXgCglpwI4BnstvjrHYgF/70swUlzlfM= =85sx -----END PGP SIGNATURE----- --wR3VwfxDLSIm3lMO-- --===============0896219723871846268== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org --===============0896219723871846268==--