Re: [FFmpeg-devel] [RFC] av_rescale() coverity

From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [RFC] av_rescale() coverity
Date: Wed, 3 Jul 2024 00:27:54 +0200
Message-ID: <20240702222754.GB4991@pb2> (raw)
In-Reply-To: <20240701133923.GF4991@pb2>

[-- Attachment #1.1: Type: text/plain, Size: 2809 bytes --]

On Mon, Jul 01, 2024 at 03:39:23PM +0200, Michael Niedermayer wrote:

latest coverity fun:

CID 1604534: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression gain, which is equal to 4294967295, where get_bits1(gb) ? get_bits(gb, 4) - 7U : 4294967295U is known to be equal to 4294967295, overflows the type that receives it, a signed integer 32 bits wide.
371        int gain = get_bits1(gb) ? get_bits(gb, 4) - 7 : -1;

In case you dont see it:
storing -1 in an int is a overflow

(yes i see its unsigned intermediate but that doesnt matter, thats normal code
 and perfectly well defined)

 and another one:

CID 1604357: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
overflow_const: Expression state << 8, which is equal to 17179869184, where state is known to be equal to 72057594105036800, overflows the type that receives it, an unsigned integer 64 bits wide.
 61        state = (state << 8) | buf[i];

Just to clarify this, there is NOTHING else here, nothing explains why coverity
"thinks" this has value 72057594105036800 before
of course either way this doesnt matter and is perfectly fine code

More fun:
     	5. known_value_assign: chunk_type = bytestream2_get_le32(&gb), its value is now 0.
361        chunk_type = bytestream2_get_le32(&gb);
     	6. Condition !chunk_type, taking false branch.
362        if (!chunk_type)
363            break;

do you spot the brilliant logic ?

6. known_value_assign: segments = segments, its value is now 4294967295.
CID 1604539: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
7. overflow_const: Expression segments--, which is equal to 4294967295, where segments is known to be equal to 0, underflows the type that receives it, an unsigned integer 32 bits wide.
 82    while (segments--) {

my god the loop reached 0, can you imagine

coverity reallly is cracking down on unsigned
heres another:

4. function_return: Function bytestream2_get_byte(gbc) returns 0.
CID 1604484: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
5. overflow_const: Expression version_major, which is equal to 4294967295, where bytestream2_get_byte(gbc) - 1U is known to be equal to 4294967295, overflows the type that receives it, a signed integer 32 bits wide.
version_major = bytestream2_get_byte(gbc) - 1;

ohh my god storing -1 in a signed integer

these new issues are almost hillarious and entertaining, if they wouldnt
cost time to investigate each and close

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Breaking DRM is a little like attempting to break through a door even
though the window is wide open and the only thing in the house is a bunch
of things you dont want and which you would get tomorrow for free anyway

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".