[FFmpeg-devel] [PATCH] fftools/ffmpeg: avoid possible invalid reads with short -tag values
James Almer
jamrial at gmail.com
Fri Apr 14 21:56:51 EEST 2023
On 4/13/2023 11:14 AM, James Almer wrote:
> On 4/13/2023 10:59 AM, Anton Khirnov wrote:
>> Fixes #10319.
Should also fix #10309 i think.
>> ---
>> fftools/ffmpeg_demux.c | 8 ++++++--
>> fftools/ffmpeg_mux_init.c | 7 +++++--
>> 2 files changed, 11 insertions(+), 4 deletions(-)
>>
>> diff --git a/fftools/ffmpeg_demux.c b/fftools/ffmpeg_demux.c
>> index b9849d1669..d89e28b9f6 100644
>> --- a/fftools/ffmpeg_demux.c
>> +++ b/fftools/ffmpeg_demux.c
>> @@ -736,8 +736,12 @@ static void add_input_streams(const
>> OptionsContext *o, Demuxer *d)
>> MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, ic, st);
>> if (codec_tag) {
>> uint32_t tag = strtol(codec_tag, &next, 0);
>> - if (*next)
>> - tag = AV_RL32(codec_tag);
>> + if (*next) {
>> + uint8_t buf[4] = { 0 };
>> + memcpy(buf, codec_tag, FFMIN(sizeof(buf),
>> strlen(codec_tag)));
>> + tag = AV_RL32(buf);
>> + }
>> +
>> st->codecpar->codec_tag = tag;
>> }
>> diff --git a/fftools/ffmpeg_mux_init.c b/fftools/ffmpeg_mux_init.c
>> index 62e5643a04..aab423464c 100644
>> --- a/fftools/ffmpeg_mux_init.c
>> +++ b/fftools/ffmpeg_mux_init.c
>> @@ -610,8 +610,11 @@ static OutputStream *new_output_stream(Muxer
>> *mux, const OptionsContext *o,
>> MATCH_PER_STREAM_OPT(codec_tags, str, codec_tag, oc, st);
>> if (codec_tag) {
>> uint32_t tag = strtol(codec_tag, &next, 0);
>> - if (*next)
>> - tag = AV_RL32(codec_tag);
>> + if (*next) {
>> + uint8_t buf[4] = { 0 };
>> + memcpy(buf, codec_tag, FFMIN(sizeof(buf),
>> strlen(codec_tag)));
>> + tag = AV_RL32(buf);
>> + }
>> ost->st->codecpar->codec_tag = tag;
>> if (ost->enc_ctx)
>> ost->enc_ctx->codec_tag = tag;
>
> LGTM.
More information about the ffmpeg-devel
mailing list