From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id E5CE54A2CE for ; Tue, 26 Mar 2024 02:36:42 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C9BFE68D5C8; Tue, 26 Mar 2024 04:36:39 +0200 (EET) Received: from mail-pf1-f178.google.com (mail-pf1-f178.google.com [209.85.210.178]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A966268D4B1 for ; Tue, 26 Mar 2024 04:36:33 +0200 (EET) Received: by mail-pf1-f178.google.com with SMTP id d2e1a72fcca58-6e6b3dc3564so3490933b3a.2 for ; Mon, 25 Mar 2024 19:36:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1711420591; x=1712025391; darn=ffmpeg.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=WZg4BvD6C2DGJG0H36QxYNDzDEEEZmxlwWcWaGMvXkg=; b=GZr5ytPRN+CYUGSZrMEIagztbHx2iEgtakzAPkHZwcNvYOp6g3mZn93L4Hvj52ydGj Wv8BzcH5j3xLpdkPao4uDDvEUbpfp5wXVHYwqsKA0m1RcNpvYtM2Pz+haadF0zuQPlny 1bJ/eJ2qGLGJVTCbU2mNSgdBGKowHCqwVNdVo25EcZWA2SwB6rOljgvTQi3BBoGbB1W1 B1gtpm3AwU6s3V9ftYEyKhwmYXmLNGkJJP7kXxylIRESTDt/6EWZFWmL+fWf7ZFll/j9 pSbzdDv3lyao/9CKIGFz8SznGs3QBKTd3ytjpir9fNI/jhoxH2gJ/IvDT4omKD8KTUqj /+RA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1711420591; x=1712025391; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=WZg4BvD6C2DGJG0H36QxYNDzDEEEZmxlwWcWaGMvXkg=; b=T3TwbWdb44hMGW62dZDHtJiqQqOmB5FbDPu0C8KZPdvLyqoqM/esKy+g4k+V9INtev Hd2RoR++z2CnbH1bAf1SGY1oV8RJh/Eo9FEKVCF5EJH3w4RFN6AEo7EUExFbffqQ1q1H Ofy4tSxQYQk8V7biWhri9hr7F0KkYo6YF/wbwmYhBpyht0fhT1Mh+WUle2XCTCoZP28R bDZJaSeeVFrtfzFOrM1Oox9J9oI0cKrUy6sQ1y//GYmXgd0LA01yN41N8YDWYrZi/bz+ 40NY1+1RFnTX0fimW08EhOtWrsMHVnwnpyGsgZ4mCld2Y6mOoxlMdr99dRP9sL5AEBLR qZ5w== X-Gm-Message-State: AOJu0YxlRJ9sIMI/cn0XUQQvHmjcW6DnK/fG+xW5eFRq+SZUQmYVE6sX srUSxtJdoU60WCGig8VtPe7FgnRV0nxnzv1YTJKxTBYYasstzAeedJW5QR7T X-Google-Smtp-Source: AGHT+IEih5oMOF6BuQ8mj8Sp1QXuiz30cm4r5onA8a4HGPwPBaaULJ6jqx3w65dOvOWlSmpiPLpvEA== X-Received: by 2002:a05:6a00:2d9e:b0:6e8:f8a9:490e with SMTP id fb30-20020a056a002d9e00b006e8f8a9490emr9853198pfb.5.1711420591048; Mon, 25 Mar 2024 19:36:31 -0700 (PDT) Received: from [192.168.0.15] ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id fk26-20020a056a003a9a00b006e6bf17ba8asm4841109pfb.65.2024.03.25.19.36.29 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 25 Mar 2024 19:36:30 -0700 (PDT) Message-ID: <0d2ad9a4-5348-4c47-bf7c-4f111411bc1c@gmail.com> Date: Mon, 25 Mar 2024 23:36:27 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240326023056.20548-1-michael@niedermayer.cc> <20240326023056.20548-4-michael@niedermayer.cc> Content-Language: en-US From: James Almer In-Reply-To: <20240326023056.20548-4-michael@niedermayer.cc> Subject: Re: [FFmpeg-devel] [PATCH 4/7] avcodec/rtv1: fix undefined FFALIGN X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 3/25/2024 11:30 PM, Michael Niedermayer wrote: > Fixes: signed integer overflow: 2147483647 + 4 cannot be represented in type 'int' > Fixes: 62285/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_RTV1_fuzzer-6324303861514240 > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/rtv1.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/libavcodec/rtv1.c b/libavcodec/rtv1.c > index 06afe9e873c..807c8a34666 100644 > --- a/libavcodec/rtv1.c > +++ b/libavcodec/rtv1.c > @@ -113,6 +113,8 @@ static int decode_frame(AVCodecContext *avctx, AVFrame *p, > > width = bytestream2_get_le32(&gb); > height = bytestream2_get_le32(&gb); > + if (width > INT_MAX-4U || height > INT_MAX-4U) Does this promote width and height to unsigned? If not, you may want to cast them to unsigned (or check for < 0) and remove the then unnecessary U to the 4. > + return AVERROR_INVALIDDATA; > ret = ff_set_dimensions(avctx, FFALIGN(width, 4), FFALIGN(height, 4)); > if (ret < 0) > return ret; _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".