[FFmpeg-devel] [PATCH 1/4] avcodec/notchlc: Check init_get_bits8() for failure

[FFmpeg-devel] [PATCH 1/4] avcodec/notchlc: Check init_get_bits8() for failure

[Michael Niedermayer]

Fixes: CID1500300 Unchecked return value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/notchlc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/notchlc.c b/libavcodec/notchlc.c
index 6dd3f884407..30427f4ba92 100644
--- a/libavcodec/notchlc.c
+++ b/libavcodec/notchlc.c
@@ -243,7 +243,9 @@ static int decode_blocks(AVCodecContext *avctx, AVFrame *p,
 
         bytestream2_seek(&dgb, s->y_data_offset + row_offset, SEEK_SET);
 
-        init_get_bits8(&bit, dgb.buffer, bytestream2_get_bytes_left(&dgb));
+        ret = init_get_bits8(&bit, dgb.buffer, bytestream2_get_bytes_left(&dgb));
+        if (ret < 0)
+            return ret;
         for (int x = 0; x < avctx->width; x += 4) {
             unsigned item = bytestream2_get_le32(gb);
             unsigned y_min = item & 4095;
-- 
2.43.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 2/4] avcodec/pcm-dvdenc: 64bit pkt-size

[Michael Niedermayer]

It seems nothing prevents such overflow even though odd

Fixes: CID1441934 Unintentional integer overflow

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/pcm-dvdenc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/pcm-dvdenc.c b/libavcodec/pcm-dvdenc.c
index 1e7ee644f66..71e9b6915ad 100644
--- a/libavcodec/pcm-dvdenc.c
+++ b/libavcodec/pcm-dvdenc.c
@@ -116,7 +116,7 @@ static int pcm_dvd_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
 {
     PCMDVDContext *s = avctx->priv_data;
     int samples = frame->nb_samples * avctx->ch_layout.nb_channels;
-    int64_t pkt_size = (frame->nb_samples / s->samples_per_block) * s->block_size + 3;
+    int64_t pkt_size = (int64_t)(frame->nb_samples / s->samples_per_block) * s->block_size + 3;
     int blocks = (pkt_size - 3) / s->block_size;
     const int16_t *src16;
     const int32_t *src32;
-- 
2.43.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 3/4] avcodec/proresenc_anatoliy: Assert that AV_PROFILE_UNKNOWN is replaced

[Michael Niedermayer]

If its not replaced we would have a negative index used in an array potentially

Helps: CID1440385 Negative array index read

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/proresenc_anatoliy.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libavcodec/proresenc_anatoliy.c b/libavcodec/proresenc_anatoliy.c
index 2fb96e9cf56..8709f400d04 100644
--- a/libavcodec/proresenc_anatoliy.c
+++ b/libavcodec/proresenc_anatoliy.c
@@ -857,7 +857,8 @@ static av_cold int prores_encode_init(AVCodecContext *avctx)
             avctx->profile = AV_PROFILE_PRORES_4444;
             av_log(avctx, AV_LOG_INFO,
                    "encoding with ProRes 4444+ (ap4h) profile\n");
-        }
+        } else
+            av_assert0(0);
     } else if (avctx->profile < AV_PROFILE_PRORES_PROXY
             || avctx->profile > AV_PROFILE_PRORES_XQ) {
         av_log(
-- 
2.43.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

[FFmpeg-devel] [PATCH 4/4] avcodec/qsvdec: Check av_image_get_buffer_size() for failure

[Michael Niedermayer]

Fixes: CID1477406 Improper use of negative value

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/qsvdec.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libavcodec/qsvdec.c b/libavcodec/qsvdec.c
index ed0bfe4c8b8..a51ddace622 100644
--- a/libavcodec/qsvdec.c
+++ b/libavcodec/qsvdec.c
@@ -379,9 +379,12 @@ static int qsv_decode_init_context(AVCodecContext *avctx, QSVContext *q, mfxVide
 
     q->frame_info = param->mfx.FrameInfo;
 
-    if (!avctx->hw_frames_ctx)
-        q->pool = av_buffer_pool_init(av_image_get_buffer_size(avctx->pix_fmt,
-                    FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64), 1), av_buffer_allocz);
+    if (!avctx->hw_frames_ctx) {
+        ret = av_image_get_buffer_size(avctx->pix_fmt, FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64), 1);
+        if (ret < 0)
+            return ret;
+        q->pool = av_buffer_pool_init(ret, av_buffer_allocz);
+    }
     return 0;
 }
 
-- 
2.43.2

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/4] avcodec/qsvdec: Check av_image_get_buffer_size() for failure

[Xiang, Haihao]

On Ma, 2024-05-13 at 03:20 +0200, Michael Niedermayer wrote:
> Fixes: CID1477406 Improper use of negative value
> 
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/qsvdec.c | 9 ++++++---
>  1 file changed, 6 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/qsvdec.c b/libavcodec/qsvdec.c
> index ed0bfe4c8b8..a51ddace622 100644
> --- a/libavcodec/qsvdec.c
> +++ b/libavcodec/qsvdec.c
> @@ -379,9 +379,12 @@ static int qsv_decode_init_context(AVCodecContext *avctx,
> QSVContext *q, mfxVide
>  
>      q->frame_info = param->mfx.FrameInfo;
>  
> -    if (!avctx->hw_frames_ctx)
> -        q->pool = av_buffer_pool_init(av_image_get_buffer_size(avctx-
> >pix_fmt,
> -                    FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64),
> 1), av_buffer_allocz);
> +    if (!avctx->hw_frames_ctx) {
> +        ret = av_image_get_buffer_size(avctx->pix_fmt, FFALIGN(avctx->width,
> 128), FFALIGN(avctx->height, 64), 1);
> +        if (ret < 0)
> +            return ret;
> +        q->pool = av_buffer_pool_init(ret, av_buffer_allocz);
> +    }
>      return 0;
>  }
>  

LGTM, thx

- Haihao




_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 4/4] avcodec/qsvdec: Check av_image_get_buffer_size() for failure

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 1560 bytes --]

On Mon, May 13, 2024 at 01:47:36AM +0000, Xiang, Haihao wrote:
> On Ma, 2024-05-13 at 03:20 +0200, Michael Niedermayer wrote:
> > Fixes: CID1477406 Improper use of negative value
> > 
> > Sponsored-by: Sovereign Tech Fund
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/qsvdec.c | 9 ++++++---
> >  1 file changed, 6 insertions(+), 3 deletions(-)
> > 
> > diff --git a/libavcodec/qsvdec.c b/libavcodec/qsvdec.c
> > index ed0bfe4c8b8..a51ddace622 100644
> > --- a/libavcodec/qsvdec.c
> > +++ b/libavcodec/qsvdec.c
> > @@ -379,9 +379,12 @@ static int qsv_decode_init_context(AVCodecContext *avctx,
> > QSVContext *q, mfxVide
> >  
> >      q->frame_info = param->mfx.FrameInfo;
> >  
> > -    if (!avctx->hw_frames_ctx)
> > -        q->pool = av_buffer_pool_init(av_image_get_buffer_size(avctx-
> > >pix_fmt,
> > -                    FFALIGN(avctx->width, 128), FFALIGN(avctx->height, 64),
> > 1), av_buffer_allocz);
> > +    if (!avctx->hw_frames_ctx) {
> > +        ret = av_image_get_buffer_size(avctx->pix_fmt, FFALIGN(avctx->width,
> > 128), FFALIGN(avctx->height, 64), 1);
> > +        if (ret < 0)
> > +            return ret;
> > +        q->pool = av_buffer_pool_init(ret, av_buffer_allocz);
> > +    }
> >      return 0;
> >  }
> >  
> 
> LGTM, thx

will apply

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Elect your leaders based on what they did after the last election, not
based on what they say before an election.


[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH 1/4] avcodec/notchlc: Check init_get_bits8() for failure

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 512 bytes --]

On Mon, May 13, 2024 at 03:20:08AM +0200, Michael Niedermayer wrote:
> Fixes: CID1500300 Unchecked return value
> 
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/notchlc.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)

will apply the remaining patches of this set

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

What does censorship reveal? It reveals fear. -- Julian Assange

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".