subject:"\[FFmpeg\-devel\] \[PATCH 4\/4\] avformat\/vividas\: Fixes overflow in shift in recover

Re: [FFmpeg-devel] [PATCH 4/4] avformat/vividas: Fixes overflow in shift in recover_key()

2019-07-13 Thread Michael Niedermayer

On Sat, Jun 29, 2019 at 05:44:21AM +0200, Reimar Döffinger wrote:
> 
> 
> On 28.06.2019, at 22:53, Michael Niedermayer  wrote:
> 
> > Fixes: left shift of 133 by 24 places cannot be represented in type 'int'
> > Fixes: 
> > 15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568
> > 
> > Found-by: continuous fuzzing process 
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer 
> > ---
> > libavformat/vividas.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/libavformat/vividas.c b/libavformat/vividas.c
> > index 753328245d..ed2eaea633 100644
> > --- a/libavformat/vividas.c
> > +++ b/libavformat/vividas.c
> > @@ -118,7 +118,7 @@ static unsigned recover_key(unsigned char sample[4], 
> > unsigned expected_size)
> > return (sample[0]^plaintext[0])|
> > ((sample[1]^plaintext[1])<<8)|
> > ((sample[2]^plaintext[2])<<16)|
> > -((sample[3]^plaintext[3])<<24);
> > +((unsigned)(sample[3]^plaintext[3])<<24);
> 
> Shouldn't this just be
> return AV_RL32(sample) ^ AV_RL32(plaintext);
> ?

yes, will change it to this

thx


> If so, the code might be worthy of review for more needless 
> overcomplication...
> ___
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
> 
> To unsubscribe, visit link above, or email
> ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The smallest minority on earth is the individual. Those who deny 
individual rights cannot claim to be defenders of minorities. - Ayn Rand


signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/4] avformat/vividas: Fixes overflow in shift in recover_key()

2019-06-28 Thread Reimar Döffinger

On 28.06.2019, at 22:53, Michael Niedermayer  wrote:

> Fixes: left shift of 133 by 24 places cannot be represented in type 'int'
> Fixes: 
> 15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer 
> ---
> libavformat/vividas.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavformat/vividas.c b/libavformat/vividas.c
> index 753328245d..ed2eaea633 100644
> --- a/libavformat/vividas.c
> +++ b/libavformat/vividas.c
> @@ -118,7 +118,7 @@ static unsigned recover_key(unsigned char sample[4], 
> unsigned expected_size)
> return (sample[0]^plaintext[0])|
> ((sample[1]^plaintext[1])<<8)|
> ((sample[2]^plaintext[2])<<16)|
> -((sample[3]^plaintext[3])<<24);
> +((unsigned)(sample[3]^plaintext[3])<<24);

Shouldn't this just be
return AV_RL32(sample) ^ AV_RL32(plaintext);
?
If so, the code might be worthy of review for more needless overcomplication...
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 4/4] avformat/vividas: Fixes overflow in shift in recover_key()

2019-06-28 Thread Michael Niedermayer

Fixes: left shift of 133 by 24 places cannot be represented in type 'int'
Fixes: 
15365/clusterfuzz-testcase-minimized-ffmpeg_DEMUXER_fuzzer-5716153105645568

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
---
 libavformat/vividas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavformat/vividas.c b/libavformat/vividas.c
index 753328245d..ed2eaea633 100644
--- a/libavformat/vividas.c
+++ b/libavformat/vividas.c
@@ -118,7 +118,7 @@ static unsigned recover_key(unsigned char sample[4], 
unsigned expected_size)
 return (sample[0]^plaintext[0])|
 ((sample[1]^plaintext[1])<<8)|
 ((sample[2]^plaintext[2])<<16)|
-((sample[3]^plaintext[3])<<24);
+((unsigned)(sample[3]^plaintext[3])<<24);
 }
 
 static void xor_block(void *p1, void *p2, unsigned size, int key, unsigned 
*key_ptr)
-- 
2.22.0

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/4] avformat/vividas: Fixes overflow in shift in recover_key()

Re: [FFmpeg-devel] [PATCH 4/4] avformat/vividas: Fixes overflow in shift in recover_key()

[FFmpeg-devel] [PATCH 4/4] avformat/vividas: Fixes overflow in shift in recover_key()

3 matches

Site Navigation

Mail list logo

Footer information