On Tue, Jul 09, 2024 at 03:28:10PM +0200, Michael Niedermayer wrote:
> On Tue, Jul 09, 2024 at 03:17:58PM +0200, Anton Khirnov wrote:
> > > ensure width and height fit in 32bit
> > 
> > why?
> 
> because not everyone wants undefined behavior
> because not everyone wants security issues
> because we dont support width and height > 32bit and its easier to check in a central place
> because the changed codes purpose is to check if the image paramaters are
>     within what we support, and width of 100 billion is not. You can try
>     all encoders with 100billion width. Then try to decode.
>     Iam curious, how many work, how many fail and how they fail
>     how many invalid bitstreams with no warning, how many undefined behaviors, ...
> 
> Simply building FFmpeg on a platform with 64bit ints doesnt update
> ISO and ITU standards to allow larger values

but theres more :)
if we allow 64bit width and height, every check on the pixel number just
broke because w*(uint64_t)h just doesnt work anymore.
a 64bit int isnt giving us a int128_t. So many checks related to width
and height suddenly become more fragile as theres not a simply larger type

thx

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus