Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH v1 2/3] avcodec/jpeg2000dec: add support for HTJ2K block decoding
Date: Tue, 4 Apr 2023 16:54:34 +0200
Message-ID: <20230404145434.GV1164690@pb2> (raw)
In-Reply-To: <CAF7=sGJmybwAs7MGmRO-3SD_cP2Sf1MjsbBRiCK_t3D+P758sw@mail.gmail.com>


[-- Attachment #1.1: Type: text/plain, Size: 4331 bytes --]

On Mon, Apr 03, 2023 at 07:20:05PM +0300, Caleb Etemesi wrote:
> Hi
> 
> On Mon, Apr 3, 2023 at 5:28 PM Michael Niedermayer <michael@niedermayer.cc>
> wrote:
> 
> > On Sun, Apr 02, 2023 at 03:21:08PM -0700, Pierre-Anthony Lemieux wrote:
> > > On Sun, Apr 2, 2023 at 3:17 PM Michael Niedermayer
> > > <michael@niedermayer.cc> wrote:
> > > >
> > > > On Fri, Mar 31, 2023 at 08:29:40AM -0700, pal@sandflow.com wrote:
> > > > > From: caleb <etemesicaleb@gmail.com>
> > [...]
> > > > [...]
> > > > > +/**
> > > > > + * Drops bits from lower bits in the bit buffer. buf contains the
> > bit buffers.
> > > > > + * nbits is the number of bits to remove.
> > > > > + */
> > > > > +av_always_inline
> > > > > +static void jpeg2000_bitbuf_drop_bits_lsb(StateVars *buf, uint8_t
> > nbits)
> > > > > +{
> > > > > +    if (buf->bits_left < nbits) {
> > > >
> > > > > +        av_log(NULL, AV_LOG_ERROR, "Invalid bit read of %d, bits in
> > buffer are %d\n", nbits, buf->bits_left);
> > > > > +        av_assert0(0);
> >
> 
> This one is present to ensure for all test cases, we never overread bytes

But can a crafted input stream trigger an assert failure ?

If no then the assert is ok

If yes then its not ok, i mean a
"./ffmpeg -i /dev/random" 
should not crash, it should provide the user with some error and teh code should
cleanly return not abort

I simply do not know if theres a check or something somewhere that ensures
this is ok and just a extra check (which is ok)


> 
> 
> > > >
> > > >
> > > > [...]
> > > > > +int
> > > > > +ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s,
> > Jpeg2000CodingStyle *codsty, Jpeg2000T1Context *t1, Jpeg2000Cblk *cblk,
> > > > > +                         int width, int height, int magp, uint8_t
> > roi_shift)
> > > > > +{
> > > > > +    uint8_t p0 = 0;             // Number of placeholder passes
> > > > > +    uint32_t Lcup;              // Length of HT cleanup segment
> > > > > +    uint32_t Lref;              // Length of Refinement segment
> > > > > +    uint32_t Scup;              // HT cleanup segment suffix length
> > > > > +    uint32_t Pcup;              // HT cleanup segment prefix length
> > > > > +
> > > > > +    uint8_t S_blk;              // Number of skipped magnitude
> > bitplanes
> > > > > +    uint8_t pLSB;
> > > > > +
> > > > > +    uint8_t *Dcup;              // Byte of an HT cleanup segment
> > > > > +    uint8_t *Dref;              // Byte of an HT refinement segment
> > > > > +
> > > > > +    int z_blk;                  // Number of ht coding pass
> > > > > +
> > > > > +    uint8_t empty_passes;
> > > > > +
> > > > > +    StateVars mag_sgn;          // Magnitude and Sign
> > > > > +    StateVars mel;              // Adaptive run-length coding
> > > > > +    StateVars vlc;              // Variable Length coding
> > > > > +    StateVars sig_prop;         // Significance propagation
> > > > > +
> > > > > +    MelDecoderState mel_state;
> > > > > +
> > > > > +    int ret;
> > > > > +
> > > > > +    /* Temporary buffers */
> > > > > +    int32_t *sample_buf;
> > > > > +    uint8_t *block_states;
> > > > > +
> > > > > +    int32_t n, val;             // Post-processing
> > > > > +
> > > > > +    int32_t M_b = magp;
> > > > > +    av_assert0(width <= 1024U && height <= 1024U);
> > > > > +    av_assert0(width * height <= 4096);
> > > > > +    av_assert0(width * height > 0);
> > > >
> > > > Has this decoder been tested with some fuzzer ?
> > >
> > > Yes.
> >
> > ok
> >
> >
> > >
> > > > I see a bunch of asserts in it and i dont immedeatly see what would
> > prevent them from
> > > > triggering
> >
> > > maybe you can add comments to the asserts that explain why these are
> > > guranteed to be true thx
> >
> >
> These ones  are to check code block constraints, the jpeg2000 spec limits
> code blocks to be between 2^2 and 2^10.

The spec isnt that important here. The important part is that our code checks
this, so no input can trigger the asserts.

I think we do check this, so i think the asserts are ok

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If you think the mosad wants you dead since a long time then you are either
wrong or dead since a long time.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

  reply	other threads:[~2023-04-04 14:54 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-03-31 15:29 [FFmpeg-devel] [PATCH v1 1/3] avcodec/jpeg2000dec: move decoder structs to a header file pal
2023-03-31 15:29 ` [FFmpeg-devel] [PATCH v1 2/3] avcodec/jpeg2000dec: add support for HTJ2K block decoding pal
2023-04-02 22:17   ` Michael Niedermayer
2023-04-02 22:21     ` Pierre-Anthony Lemieux
2023-04-03 14:27       ` Michael Niedermayer
2023-04-03 16:20         ` Caleb Etemesi
2023-04-04 14:54           ` Michael Niedermayer [this message]
2023-04-05 12:34   ` Tomas Härdin
2023-04-05 13:16     ` Caleb Etemesi
2023-04-05 13:45       ` Tomas Härdin
2023-04-11 17:57         ` Pierre-Anthony Lemieux
2023-03-31 15:29 ` [FFmpeg-devel] [PATCH v1 3/3] fate/jpeg2000: add JPEG 2000 tests using ITU/ISO conformance materials pal
2023-04-02 19:27   ` Michael Niedermayer
2023-04-02 19:31     ` Michael Niedermayer
2023-04-03  5:05       ` Pierre-Anthony Lemieux
2023-04-05  4:38       ` Pierre-Anthony Lemieux
2023-04-03 17:40     ` Pierre-Anthony Lemieux

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230404145434.GV1164690@pb2 \
    --to=michael@niedermayer.cc \
    --cc=ffmpeg-devel@ffmpeg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git