From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
by master.gitmailbox.com (Postfix) with ESMTPS id 6C7924D890
for <ffmpegdev@gitmailbox.com>; Sun, 20 Apr 2025 22:09:48 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 63EE7687DEF;
Mon, 21 Apr 2025 01:09:45 +0300 (EEST)
Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com
[209.85.214.169])
by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 17A1B687D9F
for <ffmpeg-devel@ffmpeg.org>; Mon, 21 Apr 2025 01:09:39 +0300 (EEST)
Received: by mail-pl1-f169.google.com with SMTP id
d9443c01a7336-22622ddcc35so50864945ad.2
for <ffmpeg-devel@ffmpeg.org>; Sun, 20 Apr 2025 15:09:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1745186977; x=1745791777; darn=ffmpeg.org;
h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date
:references:in-reply-to:message-id:from:from:to:cc:subject:date
:message-id:reply-to;
bh=028OQjpfxPnEhk/zIBIjGTd7I+xgsyD9nYCRZCReHVQ=;
b=lCs+uGp4xXu0MZsWC0ReUdb/u/f6vUpE4g8YZCQ+vb1WNU63x73Ac0wBNvt+73gW4q
FoKSKAX2sv7SwbOuM5N8orwPGqoeFoB9SzezHFdK8S8hLvfto/IjuNrv0hhkXrYIpo9Q
+t818cTDpuvaAoiW5WEW8k17WJVNoWPLkhNAwEQ5DlKDEccqc2IUQxDICZa/Kx83/akp
sYxTqJTL8YdBnWg8tvN9AImQGYscbM0Amm8+2B/BPlpSRsFtSvWHfAptR6qre6/hCqAw
+3bVB8eiHT9vV86+iPOz47TduQ47Rnw8JKS4kHlPPmM5bitwBdcI8+nYD401LjLooE6U
6ZoQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1745186977; x=1745791777;
h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date
:references:in-reply-to:message-id:from:x-gm-message-state:from:to
:cc:subject:date:message-id:reply-to;
bh=028OQjpfxPnEhk/zIBIjGTd7I+xgsyD9nYCRZCReHVQ=;
b=BLLGmid7O+acvzHDTFmYvbDwe1YAlvJPJq7pZsP38at7+qItRBCb9gJu6fN0Verl0G
PYSkpFwsEKGfe1qMr+/NhXNsAmvEx7/7HN0OeQrLt5MU7nTne8/k+/71BizMDDnU7D9y
C/CYeLKCglb/mSWIKJLRopSthHw27ZVP4g60++RpCWNF+YmSJxHLwF1NvbH8Ro/jiWZf
IPOwJBPc+7cQ6M9+26/6QDwVOR8wGUXq+bLZbU83kRmO0zlMF1t2wRkr1PXwqOIrkqaE
we9XYEwEpFIDbL3HLjp+O+ZzYAHiLeMKYyxkihW/pVimTj2jJ622LS9iY0yQbY7flhIw
F6gQ==
X-Gm-Message-State: AOJu0YyRPqn1/L+u0S3hOLHzs9u83R0yPBlGqDCDsQ3+TE7fcc3u8UM6
g/SJXFsC+OmWC76Ndh1zZexvasAY2TFHlsrVPkj7L97CG8OsQk/pHge2MA==
X-Gm-Gg: ASbGncuUZKVq1Kx/kteuAiDvqVRoRqbvLl1SEEwxnwA7FX6NpYtAYsfX2u9FMn+gwA0
+tDTu5doLLKi85JSM55J0UbbzLKIbJXKhv6M+Wsj4Ip9oI2T7vrs2pud+VnULWDX5BhAjRg3w5P
g8Ufx22crsEQQ4P791ABD4QCFizJ/ftRmWzH6rEEenFF+D8S+tgFicTOm/8uZnpDv2mGpvlmfuM
NuWl6/GwzDeWyZIa8VdfZ5YGcFlBl130AsEOtLN2blVfUk76xut9mBE4ZkVIK5AfARYBY2zdPqD
hYwMd9PKN1M8sM3LX+Rl11xzaZVatSZGjXKI3CjdX3sqSDq9ukFM00MCK/U=
X-Google-Smtp-Source: AGHT+IHW3I9vsTwq8p/ZmX02Dz/zXH5L7gwrbIfk6nYwS67Ej5Gha6ZlhN0k/bE/jPh2R39lEfMhEA==
X-Received: by 2002:a17:903:1cd:b0:220:c164:6ee1 with SMTP id
d9443c01a7336-22c536195c9mr153931645ad.32.1745186977358;
Sun, 20 Apr 2025 15:09:37 -0700 (PDT)
Received: from [127.0.0.1] (master.gitmailbox.com. [34.83.118.50])
by smtp.gmail.com with ESMTPSA id
d9443c01a7336-22c50eb48f7sm52592465ad.138.2025.04.20.15.09.37
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Sun, 20 Apr 2025 15:09:37 -0700 (PDT)
From: softworkz <ffmpegagent@gmail.com>
X-Google-Original-From: softworkz <softworkz@hotmail.com>
Message-Id: <pull.70.v2.ffstaging.FFmpeg.1745186971871.ffmpegagent@gmail.com>
In-Reply-To: <pull.70.ffstaging.FFmpeg.1745114187876.ffmpegagent@gmail.com>
References: <pull.70.ffstaging.FFmpeg.1745114187876.ffmpegagent@gmail.com>
Date: Sun, 20 Apr 2025 22:09:31 +0000
Fcc: Sent
MIME-Version: 1.0
To: ffmpeg-devel@ffmpeg.org
Subject: [FFmpeg-devel] [PATCH v2] libavformat/asfdec: Fix regression bug
when reading image attachments
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: softworkz <softworkz@hotmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/pull.70.v2.ffstaging.FFmpeg.1745186971871.ffmpegagent@gmail.com/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>
From: softworkz <softworkz@hotmail.com>
Commit c8140fe7324f264faacf7395b27e12531d1f13f7 had introduced
a check for value_len > UINT16_MAX.
As a consequence, attached images of sizes larger than UINT16_MAX
could no longer be read.
This is a minimal fix of the regression, avoiding the controversies
of my earlier submission regarding int type handling in asfdec.
Signed-off-by: softworkz <softworkz@hotmail.com>
---
libavformat/asfdec: Fix regression bug when reading image attachments
Commit c8140fe7324f264faacf7395b27e12531d1f13f7 had introduced a check
for value_len > UINT16_MAX. As a consequence, attached images of sizes
larger than UINT16_MAX could no longer be read.
This is a minimal fix of the regression, avoiding the controversies of
my earlier submission regarding int type handling in asfdec.
Signed-off-by: softworkz softworkz@hotmail.com
Versions
========
V2
==
* Fix "new warning" detected by Patchwork
Published-As: https://github.com/ffstaging/FFmpeg/releases/tag/pr-ffstaging-70%2Fsoftworkz%2Fsubmit_asf_attachments-v2
Fetch-It-Via: git fetch https://github.com/ffstaging/FFmpeg pr-ffstaging-70/softworkz/submit_asf_attachments-v2
Pull-Request: https://github.com/ffstaging/FFmpeg/pull/70
Range-diff vs v1:
1: a5ce9d3d37 ! 1: 794108ed4e libavformat/asfdec: Fix regression bug when reading image attachments
@@ libavformat/asfdec_f.c: static int asf_read_metadata(AVFormatContext *s)
value_len = avio_rl32(pb);
- if (value_len < 0 || value_len > UINT16_MAX)
-+ if (value_len < 0 || value_len >= (INT_MAX - LEN) / 2)
++ if (value_len >= (INT_MAX - LEN) / 2)
return AVERROR_INVALIDDATA;
name_len_utf8 = 2*name_len_utf16 + 1;
libavformat/asfdec_f.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/libavformat/asfdec_f.c b/libavformat/asfdec_f.c
index 2441cadb44..ea6e8ef4f3 100644
--- a/libavformat/asfdec_f.c
+++ b/libavformat/asfdec_f.c
@@ -608,7 +608,8 @@ static int asf_read_metadata(AVFormatContext *s)
{
AVIOContext *pb = s->pb;
ASFContext *asf = s->priv_data;
- int n, stream_num, name_len_utf16, name_len_utf8, value_len;
+ int n, stream_num, name_len_utf16, name_len_utf8;
+ unsigned int value_len;
int ret, i;
n = avio_rl16(pb);
@@ -622,7 +623,7 @@ static int asf_read_metadata(AVFormatContext *s)
value_type = avio_rl16(pb); /* value_type */
value_len = avio_rl32(pb);
- if (value_len < 0 || value_len > UINT16_MAX)
+ if (value_len >= (INT_MAX - LEN) / 2)
return AVERROR_INVALIDDATA;
name_len_utf8 = 2*name_len_utf16 + 1;
base-commit: 7cd1edeaa410d977a9f1ff8436f480cb45b80178
--
ffmpeg-codebot
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".