[FFmpeg-devel] [PATCH] oggparsedaala: reject too large gpshift
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Sat Jan 2 12:19:53 CET 2016
On 02.01.2016 02:11, Michael Niedermayer wrote:
> On Wed, Dec 30, 2015 at 01:00:43AM +0100, Andreas Cadhalpun wrote:
>> From 4380123388f38eb9bbd11db34b0ac82a9ec18d5a Mon Sep 17 00:00:00 2001
>> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> Date: Tue, 29 Dec 2015 18:32:01 +0100
>> Subject: [PATCH] oggparsedaala: reject too large gpshift
>>
>> Also use a unsigned constant for the shift calculation, as 1 << 31 is
>> undefined for int32_t. This is also fixed oggparsetheora.
>>
>> This fixes ubsan runtime error: shift exponent is too large for
>> 32-bit type 'int'
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavformat/oggparsedaala.c | 7 ++++++-
>> libavformat/oggparsetheora.c | 2 +-
>> 2 files changed, 7 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavformat/oggparsedaala.c b/libavformat/oggparsedaala.c
>> index 24567f9..3651ca1 100644
>> --- a/libavformat/oggparsedaala.c
>> +++ b/libavformat/oggparsedaala.c
>> @@ -123,7 +123,12 @@ static int daala_header(AVFormatContext *s, int idx)
>>
>> hdr->frame_duration = bytestream2_get_ne32(&gb);
>> hdr->gpshift = bytestream2_get_byte(&gb);
>> - hdr->gpmask = (1 << hdr->gpshift) - 1;
>> + if (hdr->gpshift >= 32) {
>> + av_log(s, AV_LOG_ERROR, "Too large gpshift %d (>= 32).\n",
>> + hdr->gpshift);
>> + return AVERROR_INVALIDDATA;
>> + }
>> + hdr->gpmask = (1U << hdr->gpshift) - 1;
>>
>> hdr->format.depth = 8 + 2*(bytestream2_get_byte(&gb)-1);
>>
>
>> diff --git a/libavformat/oggparsetheora.c b/libavformat/oggparsetheora.c
>> index 6e6a362..5f057c3 100644
>> --- a/libavformat/oggparsetheora.c
>> +++ b/libavformat/oggparsetheora.c
>> @@ -108,7 +108,7 @@ static int theora_header(AVFormatContext *s, int idx)
>> skip_bits(&gb, 2);
>>
>> thp->gpshift = get_bits(&gb, 5);
>> - thp->gpmask = (1 << thp->gpshift) - 1;
>> + thp->gpmask = (1U << thp->gpshift) - 1;
>>
>> st->codec->codec_type = AVMEDIA_TYPE_VIDEO;
>> st->codec->codec_id = AV_CODEC_ID_THEORA;
>
> LGTM
Pushed.
Happy new year,
Andreas
More information about the ffmpeg-devel
mailing list