[FFmpeg-devel] [mpeg4video] Fix undefined shift on assumed 8-bit input.

Michael Niedermayer michael at niedermayer.cc
Sat Nov 18 04:22:54 EET 2017 

On Fri, Nov 17, 2017 at 04:07:42PM -0800, Dale Curtis wrote:
> decode_user_data() attempts to create an integer |build|
> value with 8 bits of spacing for 3 components. However
> each component is an int32_t, so shifting each component
> is undefined for values outside of the 8 bit range.
> 
> This patch simply clamps input to 8-bits per component.
> 
> Signed-off-by: Dale Curtis <dalecurtis at chromium.org>

>  mpeg4videodec.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 5a181e6ad8a04ea0d3d6c7d08be79243995dc292  fix_mpeg4_shift_v1.patch
> From 0373fed23fb495161267607230e99c8ed36e444a Mon Sep 17 00:00:00 2001
> From: Dale Curtis <dalecurtis at chromium.org>
> Date: Fri, 17 Nov 2017 16:05:30 -0800
> Subject: [PATCH] [mpeg4video] Fix undefined shift on assumed 8-bit input.
> 
> decode_user_data() attempts to create an integer |build|
> value with 8 bits of spacing for 3 components. However
> each component is an int32_t, so shifting each component
> is undefined for values outside of the 8 bit range.
> 
> This patch simply clamps input to 8-bits per component.
> 
> Signed-off-by: Dale Curtis <dalecurtis at chromium.org>
> ---
>  libavcodec/mpeg4videodec.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c
> index 76247c3b8c..93fa1d9973 100644
> --- a/libavcodec/mpeg4videodec.c
> +++ b/libavcodec/mpeg4videodec.c
> @@ -2154,7 +2154,7 @@ static int decode_user_data(Mpeg4DecContext *ctx, GetBitContext *gb)
>      if (e != 4) {
>          e = sscanf(buf, "Lavc%d.%d.%d", &ver, &ver2, &ver3) + 1;
>          if (e > 1)
> -            build = (ver << 16) + (ver2 << 8) + ver3;
> +            build = ((ver & 0xFF) << 16) + ((ver2 & 0xFF) << 8) + (ver3 & 0xFF);

Not sure what is best but
throwing part of the version silently away is not correct
most likely erroring out and asking for a sample video to be uploaded
would make sense if such a file is encountered


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Observe your enemies, for they first find out your faults. -- Antisthenes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20171118/70cb1a94/attachment.sig>

More information about the ffmpeg-devel mailing list