From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 4E8FF45EA7 for ; Fri, 14 Apr 2023 18:57:04 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id ED1F668BEFD; Fri, 14 Apr 2023 21:57:01 +0300 (EEST) Received: from mail-ot1-f43.google.com (mail-ot1-f43.google.com [209.85.210.43]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A0E1668BEEB for ; Fri, 14 Apr 2023 21:56:55 +0300 (EEST) Received: by mail-ot1-f43.google.com with SMTP id w15-20020a056830410f00b006a386a0568dso16588356ott.4 for ; Fri, 14 Apr 2023 11:56:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681498613; x=1684090613; h=content-transfer-encoding:in-reply-to:references:to:from :content-language:subject:user-agent:mime-version:date:message-id :from:to:cc:subject:date:message-id:reply-to; bh=6K3L9BBA7hxd8tfTfw07sRagdRSn5gkUW0eQ5K6Q5Lw=; b=lrWlFaIncpsz1booQDupdGB8XpqGgZqcM/vRQ5IOPmFjW32NnhWNZf1P8O1Rk2dC+u LA0dY8/4d2SFPs8PoPBTru8MIdKochDtkER0rb3zkJyjns55zPvQdFsz9PujdUuCUKXT /XUNKgyl6k3QNfrGtGYHyVtX/MSInLK0Cu53YS9PVY6EK7FE7NyDy5Pz/LTfAxY/npd7 SylvQ0OYPwu1keLfdYMY2iU1y/1tn8Xs/jPOvqTXKtd72e64Ebpj78WSGouEur2ea1tM VevcnOdo5LfIcLsdwjeu90NTmhv5KpjQMIV5xAnju5othoppksEqY8Xt2mvEsq8Jukly 7kEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681498613; x=1684090613; h=content-transfer-encoding:in-reply-to:references:to:from :content-language:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=6K3L9BBA7hxd8tfTfw07sRagdRSn5gkUW0eQ5K6Q5Lw=; b=HwrVoXT/zUR3U5Wq2wtSGtFUsSSkSBvDvCh4NazyHvgWoPjdOUsYGhbdRWWm6trTRF zYmHauxxi4qeDjIrVCy6mgwD9oqt76qGkKvorxY7kp4cT4WOJr6LHPr4KiX1DGE/f+bK u3eMPXMnjpDMOmZ6wmuoCw/OV9fVOALGDTrSqKHFBtyMH+7UoMZ7bU1mUYz1HxI0PSyX R2PsCI556G+vsZjxBgHEWvWNcfN9/5btPQDqzYSNkJepUYOj69f2i+JW4Vxk4kw/01N7 pDU5/T2p7q0wxdUf4Iknh7Dpj0f0IykAtXuSYxjmdSQq2UeCcMLNdgw4KNqAlK+pJZVN 7RMA== X-Gm-Message-State: AAQBX9fDVf8gbP7l6LyrYXxkRdwkYDbNZuTWGztXTbb3kI3GRFgd0XZ3 Ph32qJQF6AJGu50JuQ2upXbS5jApxyk= X-Google-Smtp-Source: AKy350ZLeiNjE2AzeyCwtjhjD69pOnNDTy/AUop5Ok0kA53wIy1fUq39Gf5IyPkhKhRTU9y4WsFXPA== X-Received: by 2002:a9d:7306:0:b0:684:e788:eca9 with SMTP id e6-20020a9d7306000000b00684e788eca9mr3476133otk.17.1681498613525; Fri, 14 Apr 2023 11:56:53 -0700 (PDT) Received: from [192.168.0.15] (host197.190-225-105.telecom.net.ar. [190.225.105.197]) by smtp.gmail.com with ESMTPSA id q22-20020a056830019600b0069d602841e7sm1941630ota.72.2023.04.14.11.56.52 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 14 Apr 2023 11:56:53 -0700 (PDT) Message-ID: Date: Fri, 14 Apr 2023 15:56:51 -0300 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0 Content-Language: en-US From: James Almer To: ffmpeg-devel@ffmpeg.org References: <20230413135954.26658-1-anton@khirnov.net> <26cc8e9a-5561-7cf3-50bb-f85c3f428c60@gmail.com> In-Reply-To: <26cc8e9a-5561-7cf3-50bb-f85c3f428c60@gmail.com> Subject: Re: [FFmpeg-devel] [PATCH] fftools/ffmpeg: avoid possible invalid reads with short -tag values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: base64 Content-Type: text/plain; charset="utf-8"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: T24gNC8xMy8yMDIzIDExOjE0IEFNLCBKYW1lcyBBbG1lciB3cm90ZToKPiBPbiA0LzEzLzIwMjMg MTA6NTkgQU0sIEFudG9uIEtoaXJub3Ygd3JvdGU6Cj4+IEZpeGVzICMxMDMxOS4KClNob3VsZCBh bHNvIGZpeCAjMTAzMDkgaSB0aGluay4KCj4+IC0tLQo+PiDCoCBmZnRvb2xzL2ZmbXBlZ19kZW11 eC5jwqDCoMKgIHwgOCArKysrKystLQo+PiDCoCBmZnRvb2xzL2ZmbXBlZ19tdXhfaW5pdC5jIHwg NyArKysrKy0tCj4+IMKgIDIgZmlsZXMgY2hhbmdlZCwgMTEgaW5zZXJ0aW9ucygrKSwgNCBkZWxl dGlvbnMoLSkKPj4KPj4gZGlmZiAtLWdpdCBhL2ZmdG9vbHMvZmZtcGVnX2RlbXV4LmMgYi9mZnRv b2xzL2ZmbXBlZ19kZW11eC5jCj4+IGluZGV4IGI5ODQ5ZDE2NjkuLmQ4OWUyOGI5ZjYgMTAwNjQ0 Cj4+IC0tLSBhL2ZmdG9vbHMvZmZtcGVnX2RlbXV4LmMKPj4gKysrIGIvZmZ0b29scy9mZm1wZWdf ZGVtdXguYwo+PiBAQCAtNzM2LDggKzczNiwxMiBAQCBzdGF0aWMgdm9pZCBhZGRfaW5wdXRfc3Ry ZWFtcyhjb25zdCAKPj4gT3B0aW9uc0NvbnRleHQgKm8sIERlbXV4ZXIgKmQpCj4+IMKgwqDCoMKg wqDCoMKgwqDCoCBNQVRDSF9QRVJfU1RSRUFNX09QVChjb2RlY190YWdzLCBzdHIsIGNvZGVjX3Rh ZywgaWMsIHN0KTsKPj4gwqDCoMKgwqDCoMKgwqDCoMKgIGlmIChjb2RlY190YWcpIHsKPj4gwqDC oMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgdWludDMyX3QgdGFnID0gc3RydG9sKGNvZGVjX3RhZywg Jm5leHQsIDApOwo+PiAtwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBpZiAoKm5leHQpCj4+IC3CoMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqAgdGFnID0gQVZfUkwzMihjb2RlY190YWcpOwo+PiAr wqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBpZiAoKm5leHQpIHsKPj4gK8KgwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoCB1aW50OF90IGJ1Zls0XSA9IHsgMCB9Owo+PiArwqDCoMKgwqDCoMKgwqDC oMKgwqDCoMKgwqDCoMKgIG1lbWNweShidWYsIGNvZGVjX3RhZywgRkZNSU4oc2l6ZW9mKGJ1Ziks IAo+PiBzdHJsZW4oY29kZWNfdGFnKSkpOwo+PiArwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDC oMKgIHRhZyA9IEFWX1JMMzIoYnVmKTsKPj4gK8KgwqDCoMKgwqDCoMKgwqDCoMKgwqAgfQo+PiAr Cj4+IMKgwqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIHN0LT5jb2RlY3Bhci0+Y29kZWNfdGFnID0g dGFnOwo+PiDCoMKgwqDCoMKgwqDCoMKgwqAgfQo+PiBkaWZmIC0tZ2l0IGEvZmZ0b29scy9mZm1w ZWdfbXV4X2luaXQuYyBiL2ZmdG9vbHMvZmZtcGVnX211eF9pbml0LmMKPj4gaW5kZXggNjJlNTY0 M2EwNC4uYWFiNDIzNDY0YyAxMDA2NDQKPj4gLS0tIGEvZmZ0b29scy9mZm1wZWdfbXV4X2luaXQu Ywo+PiArKysgYi9mZnRvb2xzL2ZmbXBlZ19tdXhfaW5pdC5jCj4+IEBAIC02MTAsOCArNjEwLDEx IEBAIHN0YXRpYyBPdXRwdXRTdHJlYW0gKm5ld19vdXRwdXRfc3RyZWFtKE11eGVyIAo+PiAqbXV4 LCBjb25zdCBPcHRpb25zQ29udGV4dCAqbywKPj4gwqDCoMKgwqDCoCBNQVRDSF9QRVJfU1RSRUFN X09QVChjb2RlY190YWdzLCBzdHIsIGNvZGVjX3RhZywgb2MsIHN0KTsKPj4gwqDCoMKgwqDCoCBp ZiAoY29kZWNfdGFnKSB7Cj4+IMKgwqDCoMKgwqDCoMKgwqDCoCB1aW50MzJfdCB0YWcgPSBzdHJ0 b2woY29kZWNfdGFnLCAmbmV4dCwgMCk7Cj4+IC3CoMKgwqDCoMKgwqDCoCBpZiAoKm5leHQpCj4+ IC3CoMKgwqDCoMKgwqDCoMKgwqDCoMKgIHRhZyA9IEFWX1JMMzIoY29kZWNfdGFnKTsKPj4gK8Kg wqDCoMKgwqDCoMKgIGlmICgqbmV4dCkgewo+PiArwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCB1aW50 OF90IGJ1Zls0XSA9IHsgMCB9Owo+PiArwqDCoMKgwqDCoMKgwqDCoMKgwqDCoCBtZW1jcHkoYnVm LCBjb2RlY190YWcsIEZGTUlOKHNpemVvZihidWYpLCAKPj4gc3RybGVuKGNvZGVjX3RhZykpKTsK Pj4gK8KgwqDCoMKgwqDCoMKgwqDCoMKgwqAgdGFnID0gQVZfUkwzMihidWYpOwo+PiArwqDCoMKg wqDCoMKgwqAgfQo+PiDCoMKgwqDCoMKgwqDCoMKgwqAgb3N0LT5zdC0+Y29kZWNwYXItPmNvZGVj X3RhZyA9IHRhZzsKPj4gwqDCoMKgwqDCoMKgwqDCoMKgIGlmIChvc3QtPmVuY19jdHgpCj4+IMKg wqDCoMKgwqDCoMKgwqDCoMKgwqDCoMKgIG9zdC0+ZW5jX2N0eC0+Y29kZWNfdGFnID0gdGFnOwo+ IAo+IExHVE0uCl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f CmZmbXBlZy1kZXZlbCBtYWlsaW5nIGxpc3QKZmZtcGVnLWRldmVsQGZmbXBlZy5vcmcKaHR0cHM6 Ly9mZm1wZWcub3JnL21haWxtYW4vbGlzdGluZm8vZmZtcGVnLWRldmVsCgpUbyB1bnN1YnNjcmli ZSwgdmlzaXQgbGluayBhYm92ZSwgb3IgZW1haWwKZmZtcGVnLWRldmVsLXJlcXVlc3RAZmZtcGVn Lm9yZyB3aXRoIHN1YmplY3QgInVuc3Vic2NyaWJlIi4K