From: James Almer <jamrial@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Subject: Re: [FFmpeg-devel] [PATCH] fftools/ffmpeg: avoid possible invalid reads with short -tag values
Date: Fri, 14 Apr 2023 15:56:51 -0300
Message-ID: <c0e9b8fe-0518-12c1-db8f-13a140377507@gmail.com> (raw)
In-Reply-To: <26cc8e9a-5561-7cf3-50bb-f85c3f428c60@gmail.com>
On 4/13/2023 11:14 AM, James Almer wrote:
> On 4/13/2023 10:59 AM, Anton Khirnov wrote:
>> Fixes #10319.
Should also fix #10309 i think.
>> ---
>> fftools/ffmpeg_demux.c | 8 ++++++--
>> fftools/ffmpeg_mux_init.c | 7 +++++--
>> 2 files changed, 11 insertions(+), 4 deletions(-)
>>
>> diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c
>> index b9849d1669..d89e28b9f6 100644
>> --- a/fftools/ffmpeg_demux.c
>> +++ b/fftools/ffmpeg_demux.c
>> @@ -736,8 +736,12 @@ static void add_input_streams(const
>> OptionsContext *o, Demuxer *d)
>> MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, ic, st);
>> if (codec_tag) {
>> uint32_t tag = strtol(codec_tag, &next, 0);
>> - if (*next)
>> - tag = AV_RL32(codec_tag);
>> + if (*next) {
>> + uint8_t buf[4] = { 0 };
>> + memcpy(buf, codec_tag, FFMIN(sizeof(buf),
>> strlen(codec_tag)));
>> + tag = AV_RL32(buf);
>> + }
>> +
>> st->codecpar->codec_tag = tag;
>> }
>> diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
>> index 62e5643a04..aab423464c 100644
>> --- a/fftools/ffmpeg_mux_init.c
>> +++ b/fftools/ffmpeg_mux_init.c
>> @@ -610,8 +610,11 @@ static OutputStream *new_output_stream(Muxer
>> *mux, const OptionsContext *o,
>> MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, oc, st);
>> if (codec_tag) {
>> uint32_t tag = strtol(codec_tag, &next, 0);
>> - if (*next)
>> - tag = AV_RL32(codec_tag);
>> + if (*next) {
>> + uint8_t buf[4] = { 0 };
>> + memcpy(buf, codec_tag, FFMIN(sizeof(buf),
>> strlen(codec_tag)));
>> + tag = AV_RL32(buf);
>> + }
>> ost->st->codecpar->codec_tag = tag;
>> if (ost->enc_ctx)
>> ost->enc_ctx->codec_tag = tag;
>
> LGTM.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
prev parent reply other threads:[~2023-04-14 18:57 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-13 13:59 Anton Khirnov
2023-04-13 14:14 ` James Almer
2023-04-14 18:56 ` James Almer [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c0e9b8fe-0518-12c1-db8f-13a140377507@gmail.com \
--to=jamrial@gmail.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git