[FFmpeg-devel] [PATCH 1/5] avcodec/notchlc: Check uncompressed size against input for LZ4

Tue Oct 20 18:37:40 EEST 2020

On Tue, Oct 20, 2020 at 04:57:47PM +0200, Paul B Mahol wrote:
> This broke decoding of every single file.
> 

> Please revert ASAP!

reverted, i have to say though that this was the bound that you posted.
I think you mixed upper and lower bounds and I didnt notice

The patch i originally posted works with the 2 test samples I now have
are you ok with it (the change is below for reference)

@@ -490,6 +490,9 @@ static int decode_frame(AVCodecContext *avctx,
 
         bytestream2_init(gb, s->lzf_buffer, uncompressed_size);
     } else if (s->format == 1) {
+        if (bytestream2_get_bytes_left(gb) < uncompressed_size / 255)
+            return AVERROR_INVALIDDATA;
+
         av_fast_padded_malloc(&s->uncompressed_buffer, &s->uncompressed_size,
                               uncompressed_size);
         if (!s->uncompressed_buffer)

Thanks

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

While the State exists there can be no freedom; when there is freedom there
will be no State. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20201020/6d1f7c5a/attachment.sig>
