Re: [FFmpeg-devel] [PATCH] libavutil/encryption_info: Add NULL checks.

Fri, 01 Jun 2018 17:03:44 -0700 

On Thu, May 31, 2018 at 09:33:36AM -0700, Jacob Trimble wrote:
> Found by Chrome's ClusterFuzz: http://crbug.com/846662.
> 
> Signed-off-by: Jacob Trimble <[email protected]>
> ---
>  libavutil/encryption_info.c | 7 +++++--
>  1 file changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/libavutil/encryption_info.c b/libavutil/encryption_info.c
> index 20a752d6b4..a48ded922c 100644
> --- a/libavutil/encryption_info.c
> +++ b/libavutil/encryption_info.c
> @@ -64,6 +64,8 @@ AVEncryptionInfo *av_encryption_info_clone(const 
> AVEncryptionInfo *info)
>  {
>      AVEncryptionInfo *ret;
>  
> +    if (!info)
> +        return NULL;
>      ret = av_encryption_info_alloc(info->subsample_count, info->key_id_size, 
> info->iv_size);
>      if (!ret)
>          return NULL;

> @@ -127,7 +129,7 @@ uint8_t *av_encryption_info_add_side_data(const 
> AVEncryptionInfo *info, size_t *
>      uint8_t *buffer, *cur_buffer;
>      uint32_t i;
>  
> -    if (UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA < info->key_id_size ||
> +    if (!info || !size || UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA < 
> info->key_id_size ||
>          UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA - info->key_id_size < 
> info->iv_size ||
>          (UINT32_MAX - FF_ENCRYPTION_INFO_EXTRA - info->key_id_size - 
> info->iv_size) / 8 < info->subsample_count) {
>          return NULL;
> @@ -260,7 +262,8 @@ uint8_t *av_encryption_init_info_add_side_data(const 
> AVEncryptionInitInfo *info,
>      uint8_t *buffer, *cur_buffer;
>      uint32_t i, max_size;
>  
> -    if (UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA < info->system_id_size ||
> +    if (!info || !side_data_size ||
> +        UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA < info->system_id_size ||
>          UINT32_MAX - FF_ENCRYPTION_INIT_INFO_EXTRA - info->system_id_size < 
> info->data_size) {
>          return NULL;
>      }

in which valid case would these be called with NULL input ?
iam asking as this feels as if it might be a bug in teh caller

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In a rich man's house there is no place to spit but his face.
-- Diogenes of Sinope

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list
[email protected]
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Reply via email to