From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 4B4684A261 for ; Mon, 25 Mar 2024 20:04:35 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6E6D468D4B1; Mon, 25 Mar 2024 22:04:33 +0200 (EET) Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A455B68CFFC for ; Mon, 25 Mar 2024 22:04:26 +0200 (EET) Received: by mail.gandi.net (Postfix) with ESMTPSA id 124BA60002 for ; Mon, 25 Mar 2024 20:04:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1711397066; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ujpCM6iWJ+kGDIrdZMlVi+JJpjCQI7Ai2OGU/fIq69I=; b=lH1emDzBTlmlWSsQXys7oxDzXJq4SdqeEPTvbxpo/rY5mRT1xnG97oMqIpXUgNV+cPRt9A 88YSsWriw95FS+rGkHmWHdd2tG03ZgK98MrR4WpRJmkDwiQZuqowU2vASVdPmBduG4HaNO 8mRSnU43u5rT+n0KQcQSzgB97JsB+jq2pQqOLNiYG3VgnHmmNwvGTkawZMYWl4SR99QOp9 3R+06esVuaPsXjB78oicUTtxOQwaq41bjAiLOa9zofeKVDdgTz8XeE9XpUhOctBGL8auRj L48CHcQVJj6JmVJQXRQW+Qz0Y7tZZ6sZimTfnrADPRhULOY+OJn61qo2hoozQg== Date: Mon, 25 Mar 2024 21:04:24 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240325200424.GQ6420@pb2> References: <20240320025923.3794-1-michael@niedermayer.cc> <092a8cd44e3074e2d0462052e715281c08eb31b9.camel@haerdin.se> <20240320131216.GR6420@pb2> <0e1355913d2f11aa14a712e1ea9a96781c10d290.camel@haerdin.se> <8f924f3320dd21fd5d41872c46566c6003f392bd.camel@haerdin.se> <20240325191313.GO6420@pb2> MIME-Version: 1.0 In-Reply-To: <20240325191313.GO6420@pb2> X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH 1/4] avcodec/jpeg2000htdec: Check M_b / magp before using it in a shift X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============1497729119837440902==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============1497729119837440902== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="+fYSKYX06MRStTLZ" Content-Disposition: inline --+fYSKYX06MRStTLZ Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 25, 2024 at 08:13:13PM +0100, Michael Niedermayer wrote: > On Thu, Mar 21, 2024 at 04:07:14PM +0100, Tomas H=E4rdin wrote: > > ons 2024-03-20 klockan 21:35 +0100 skrev Tomas H=E4rdin: > > > ons 2024-03-20 klockan 14:12 +0100 skrev Michael Niedermayer: > > > > On Wed, Mar 20, 2024 at 12:20:11PM +0100, Tomas H=E4rdin wrote: > > > > > ons 2024-03-20 klockan 03:59 +0100 skrev Michael Niedermayer: > > > > > > Fixes: shift exponent -1 is negative > > > > > > Fixes: 65378/clusterfuzz-testcase-minimized- > > > > > > ffmpeg_AV_CODEC_ID_JPEG2000_fuzzer-5457678193197056 > > > > > >=20 > > > > > > Found-by: continuous fuzzing process > > > > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > > > Signed-off-by: Michael Niedermayer > > > > > > --- > > > > > > =A0libavcodec/jpeg2000htdec.c | 3 +++ > > > > > > =A01 file changed, 3 insertions(+) > > > > > >=20 > > > > > > diff --git a/libavcodec/jpeg2000htdec.c > > > > > > b/libavcodec/jpeg2000htdec.c > > > > > > index 6b9898d3ff..0b94bb5da2 100644 > > > > > > --- a/libavcodec/jpeg2000htdec.c > > > > > > +++ b/libavcodec/jpeg2000htdec.c > > > > > > @@ -1193,6 +1193,9 @@ ff_jpeg2000_decode_htj2k(const > > > > > > Jpeg2000DecoderContext *s, Jpeg2000CodingStyle *c > > > > > > =A0 > > > > > > =A0=A0=A0=A0 int32_t M_b =3D magp; > > > > > > =A0 > > > > > > +=A0=A0=A0 if (magp >=3D 31) > > > > > > +=A0=A0=A0=A0=A0=A0=A0 return AVERROR_INVALIDDATA; > > > > >=20 > > > > > This isn't where the error is, assuming it even is an error. It's > > > > > either expn or nguardbits that are wrong, and they should be > > > > > detected > > > > > and reported as such in jpeg2000dec.c. Checking this in every > > > > > call > > > > > to > > > > > ff_jpeg2000_decode_htj2k() is wasteful. > > > > >=20 > > > > > nguardbits can be 0..7 and expn can be 0..31. Table A.11 > > > > > indicates > > > > > that > > > > > Ssize can be up to 38 bits, so M_b >=3D 31 is in fact perfectly > > > > > valid. > > > >=20 > > > > > A > > > > > more appropriate error might be AVERROR_PATCHWELCOME. > > > >=20 > > > > indeed, i will change it to AVERROR_PATCHWELCOME > > >=20 > > > Please also move it further up so as to not waste cycles checking it > > > every time > >=20 > > To be more precise, get_qcx() looks like the proper place for it >=20 > will apply with teh check moved there the values that are causing undefined behavior for htj2k are used in normal j2k knowing which type of j2k we have seems decided by COC/COD/COX so i dont think we can check in QCX, because a later COX could make it both invalid or valid and we cannot check in COX as a later QCX can similarly change it thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The worst form of inequality is to try to make unequal things equal. -- Aristotle --+fYSKYX06MRStTLZ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZgHYwQAKCRBhHseHBAsP q32PAJ0YErmFSRHJ/5E1PgT/bR5DAlLUJQCfbsmdGubCQqplRBMkppdkcf6W6X4= =lTy6 -----END PGP SIGNATURE----- --+fYSKYX06MRStTLZ-- --===============1497729119837440902== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============1497729119837440902==--