From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 9BF604AECB for ; Sat, 22 Nov 2025 20:28:47 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'whuKkOodB62Yk7/QPzzJMx60vWFT0rIem5lxaSxREgc=', expected b'+xtd0o25aRmLY9OEihKN6gqPnC7aXzPSAP7mENu9/kg=')) header.d=ffmpeg.org header.i=@ffmpeg.org header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1763843317; h=mime-version : to : date : message-id : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=whuKkOodB62Yk7/QPzzJMx60vWFT0rIem5lxaSxREgc=; b=jyVnQCg/XzjFuq2/u/VbuwbvyIkPXKQhF+/aX9Pty+Fzuuk1mxXDHeXZw1dYfJ/U9+1HS PQF5QsiY8xJ0r333vK0lMwNvqu3SbZeB7+tQelkxu0WqS1Z9CVubOeqUKbpYqg0W6HBC7DR /VXHmmnbYSIFQThIGPgBhDPH4gukuThgbqVs6Fh2ZjEUMCffKP5b1YR8rdooh44igUDDLEh 02NygbkDB5p/vGLfhi4+1oK67EdA4w74Rs5o9FC5ZGvGkHrffpuLV2YBeOFA+L7zQKMl2JU 3+lQPnKmnimGNB9iS7MBma+i5h19frdWRBGn2h92WQmKiWu+2y3C7yN8Waog== Received: from [172.19.0.2] (unknown [172.19.0.2]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 78909690005; Sat, 22 Nov 2025 22:28:37 +0200 (EET) ARC-Seal: i=1; cv=none; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1763843316; b=pJ+6bdnJmvsnRqqqjlIXNQ2+DX/gxK7A0YCfXZziehlgQr4QgebZvHdJXl+ybOnEVQGI0 B0IbvllZFtjwwk2KBjcANN9HN1dk9RUc4OxfXl98+uSaBCyveud62afaNm+LGBaH5bE+rsO PX8j13t8wLK8sBUyMYk3rHM7mrqOtIbIq8ZObWyoiVsqKqv91fPRIEYA2z5bR/T/UhxvcEQ WQOAoNWVvnVWNAvmr1AdO/2FLx4XlN+QdKC4HmKn2a9uWm9z1/53Gvl2Yb+3K5yr6WRsqtk JSzI4DhuJUy5JDWI1SPXt91V6b65KnmAuaOON6EiKbu7034PvEgWnJy8m7UA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1763843316; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=bzUfLVtrAXWY0Cbm3uytVfQ8PfULIjF3saqrPzgu+3c=; b=h2N+/jGYZzGqUkzQPTjll8zMqc3bZCnoXh+U0bxQAMTsrPEkRivtGZFesnf7+zyw1ciSH URIRVs6U4wrD/1zAHKuugQggvNCcwnIYUbyvSIFeWB721jfX/Cq/I40G+q5CMGKkXiplwtQ uIuKqQKDYWS8jkH4uiNWX6AtuEOrofZJiB2xGHH76t9HgagV+OdZ2GrZo9P2X32p9tk85lN afI/ZGrXahDowujS98zZcp+vp0ySybcV0HUvY3Zo3wG/qEKLIsuk5zeT3L/EbSdM1IWNIDI CZaFtGI6MzVSzKYA2ks5m6CF4ej/H7InFFwwStMFU+maC8cDNMKgcUo7zaYQ== ARC-Authentication-Results: i=1; ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none; dmarc=pass header.from=ffmpeg.org policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=ffmpeg.org header.i=@ffmpeg.org; arc=none (Message is not ARC signed); dmarc=pass (Used From Domain Record) header.from=ffmpeg.org policy.dmarc=quarantine DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1763843308; h=content-type : mime-version : content-transfer-encoding : from : to : reply-to : subject : date : from; bh=+xtd0o25aRmLY9OEihKN6gqPnC7aXzPSAP7mENu9/kg=; b=DrbAYhmb6qixuMl9J1cN8WcHDriUFdFvCB3appp3Kn+EifDJrXTqc65fsuFLHx61T0i3P zwy/MpfyNQZ8g/SshZPlY2Wz2S4ifa0bEfNq1m1hXdyuz9JgOaIPgzntMhyXfdP6VT8Bo0N yImlhx0cZIgoiNgh/aKazhlBuYzZlSzLW/vV4s83EY6MTzbuTcx80Ao0wtDEYo2sgmdvCeS dauL0s0T7lt0e4u2x+bQBcHiImqdPJ65MUxwXIkkA3LznTmwNvh+/8TFsDFIVHfy/xwrrnG 9GIViA9A9+3KoA0rJ13/pNidJWu5Kxv5Ntw3pZOybub6SCd+4Z45GY4tpEcA== Received: from 55ca25703178 (code.ffmpeg.org [188.245.149.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 7A2E068EF93 for ; Sat, 22 Nov 2025 22:28:28 +0200 (EET) MIME-Version: 1.0 To: ffmpeg-devel@ffmpeg.org Date: Sat, 22 Nov 2025 20:28:28 -0000 Message-ID: <176384330866.59.18407543131258316050@2cb04c0e5124> Message-ID-Hash: LIPU7PK5XXMJU3XATNYBB6QG5VVRQGKP X-Message-ID-Hash: LIPU7PK5XXMJU3XATNYBB6QG5VVRQGKP X-MailFrom: code@ffmpeg.org X-Mailman-Rule-Hits: nonmember-moderation X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] [PATCH] avcodec/sanm: minor fixes (PR #20997) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Manuel Lauss via ffmpeg-devel Cc: Manuel Lauss Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: PR #20997 opened by Manuel Lauss (mlauss2) URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20997 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/20997.patch - Do not consider dimenions of codec37/47/48 frames as trustworthy. Esp with Making Magic where the codec48 is smaller and embedded onto a larger carnvas. - Throw away codec37/47/48 frames that are larger than the current canvas. It's also what the original implementations do. - in decode_init() there's no reason not to accept a canvas size even for ANIM. While the SAN files do not provide any image dimensions in their headers, there's no reason to reject a known canvas size when the decoder is initialilzed. - in process_frame_obj(), apply the additional xoff/yoff after frame size determination, as to not disturb the frame size with the additional fobj offset. Tested with all my test videos and has also had ~20 hours of fuzzing as well. >>From 608197d882047bb9ef81fac16f9925cd03e023fd Mon Sep 17 00:00:00 2001 From: Manuel Lauss Date: Wed, 19 Nov 2025 12:21:41 +0100 Subject: [PATCH 1/4] avcodec/sanm: fobj: do not use codec-id to determine canvas size. Codec>=37 with smaller dimensions can be embedded onto larger canvasses; it makes no sense to trust their dimensions explicitly. Signed-off-by: Manuel Lauss --- libavcodec/sanm.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index 771ecf8246..3fc52f48b3 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -2057,11 +2057,6 @@ static int process_frame_obj(SANMVideoContext *ctx, GetByteContext *gb, if (w > xres || h > yres) return AVERROR_INVALIDDATA; ctx->have_dimensions = 1; - } else if (fsc) { - /* these codecs work on full frames, trust their dimensions */ - xres = w; - yres = h; - ctx->have_dimensions = 1; } else { /* detect common sizes */ xres = w + left; -- 2.49.1 >>From de1c66ce72b968fc60820d8d37c94dd0f9b6f89f Mon Sep 17 00:00:00 2001 From: Manuel Lauss Date: Wed, 19 Nov 2025 13:00:41 +0100 Subject: [PATCH 2/4] avcodec/sanm: fobj codec37+: reject too large frames. For the diff-buffer codecs, outright reject frames that are larger than the currently configured canvas. This is also what the DOS players do. Gets also rid of an artifact in the "sq1.san" Intro video of "The Dig". Signed-off-by: Manuel Lauss --- libavcodec/sanm.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index 3fc52f48b3..68c80954ff 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -2087,17 +2087,9 @@ static int process_frame_obj(SANMVideoContext *ctx, GetByteContext *gb, } } } else { - if (((w > ctx->width) || (h > ctx->height) || (w * h > ctx->buf_size)) && fsc) { - /* correct unexpected overly large frames: this happens - * for instance with The Dig's sq1.san video: it has a few - * (all black) 640x480 frames halfway in, while the rest is - * 320x200. - */ - av_log(ctx->avctx, AV_LOG_WARNING, - "resizing too large fobj: c%d %d %d @ %d %d\n", codec, w, h, left, top); - w = ctx->width; - h = ctx->height; - } + /* for codec37/47/48, reject too large frames, like the DOS players do. */ + if (((w > ctx->width) || (h > ctx->height) || (w * h > ctx->buf_size)) && fsc) + return AVERROR_INVALIDDATA; } /* users of codecs>=37 are subversion 2, enforce that for STOR/FTCH */ -- 2.49.1 >>From 2a2185b262849c25b5b59744f3860832032184fa Mon Sep 17 00:00:00 2001 From: Manuel Lauss Date: Wed, 19 Nov 2025 13:25:01 +0100 Subject: [PATCH 3/4] avcodec/sanm: accept fixed dimensions for ANIM at decode_init This undoes 556cef27d905d31, which I added to fix a fuzzer-crash, but there's no reason to expect the decoder can only be invoked via the smush demuxer. Instead also accept a range of dimensions from 2x2 up to 640x480. Signed-off-by: Manuel Lauss --- libavcodec/sanm.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index 68c80954ff..2621378567 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -636,9 +636,14 @@ static av_cold int decode_init(AVCodecContext *avctx) avctx->pix_fmt = ctx->version ? AV_PIX_FMT_RGB565 : AV_PIX_FMT_PAL8; if (!ctx->version) { - // ANIM has no dimensions in the header, distrust the incoming data. - avctx->width = avctx->height = 0; - ctx->have_dimensions = 0; + // ANIM valid range is 2x2 up to 640x480 + if (avctx->width != 0 && avctx->height != 0) { + if (avctx->width > 640 || avctx->height > 480 || + avctx->width < 2 || avctx->height < 2) { + return AVERROR_INVALIDDATA; + } + ctx->have_dimensions = 1; + } } else if (avctx->width > 800 || avctx->height > 600 || avctx->width < 8 || avctx->height < 8) { // BL16 valid range is 8x8 - 800x600 -- 2.49.1 >>From 8a865c555e75c70f1bf8e7ee96271dd15f6d62c9 Mon Sep 17 00:00:00 2001 From: Manuel Lauss Date: Wed, 19 Nov 2025 17:01:18 +0100 Subject: [PATCH 4/4] avcodec/sanm: fobj: apply the x/y offsets after size determination Otherwise a wrong size might be determined. Signed-off-by: Manuel Lauss --- libavcodec/sanm.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/libavcodec/sanm.c b/libavcodec/sanm.c index 2621378567..c4cdfa52ca 100644 --- a/libavcodec/sanm.c +++ b/libavcodec/sanm.c @@ -2023,8 +2023,8 @@ static int process_frame_obj(SANMVideoContext *ctx, GetByteContext *gb, codec = bytestream2_get_byteu(gb); param = bytestream2_get_byteu(gb); - left = bytestream2_get_le16u(gb) + xoff; - top = bytestream2_get_le16u(gb) + yoff; + left = bytestream2_get_le16u(gb); + top = bytestream2_get_le16u(gb); w = bytestream2_get_le16u(gb); h = bytestream2_get_le16u(gb); bytestream2_skip(gb, 2); @@ -2110,6 +2110,9 @@ static int process_frame_obj(SANMVideoContext *ctx, GetByteContext *gb, memset(ctx->fbuf, 0, ctx->frm0_size); } + left += xoff; + top += yoff; + switch (codec) { case 1: case 3: -- 2.49.1 _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org