From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 3323F4BA04
	for <ffmpegdev@gitmailbox.com>; Tue,  9 Jul 2024 13:37:20 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 863A468DC79;
	Tue,  9 Jul 2024 16:37:18 +0300 (EEST)
Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net
 [217.70.183.201])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6D3F968DC79
 for <ffmpeg-devel@ffmpeg.org>; Tue,  9 Jul 2024 16:37:11 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id CD8CA1BF206
 for <ffmpeg-devel@ffmpeg.org>; Tue,  9 Jul 2024 13:37:10 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1720532231;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=/01H5/5+9u5OlY1q4X0q3c+AHqUufvp9gxiQVBF1v7M=;
 b=pDkxgyTPM014Ldv6jcF0NGp8y4mnvwdHD+unoqF4eBWBnLig2YUqQLFD9+O8b/n6m5yRMh
 s6wd7CtVI/DINeC1D0nEEPwkasD6L6ZC7TD/LOuPgpBGLOcCTPVQjcdaFMJUAbVw88024H
 WFxvVwtYqgx7pVVPPIwBzkkGu5cM1RtBWdxFzWPRqB+QFPk6b1vSNpGJtq5eYc6LtdCbAn
 GiEE5WI/X1qOti4FljqjKPi4JM3Afnft5uVnZ9UHPdNC7bB5uYe47TUGa1Q8hSQFi36A9t
 0701OhRuDF+VFZskYCfY5cIWVTeFBZLAjGvuDhsCnu1fXdgjDpF7FIWxXSqn2A==
Date: Tue, 9 Jul 2024 15:37:10 +0200
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Message-ID: <20240709133710.GB4991@pb2>
References: <20240709113626.1836680-1-michael@niedermayer.cc>
 <172053107806.21847.11044848590089039731@lain.khirnov.net>
 <20240709132810.GA4991@pb2>
MIME-Version: 1.0
In-Reply-To: <20240709132810.GA4991@pb2>
X-GND-Sasl: michael@niedermayer.cc
Subject: Re: [FFmpeg-devel] [PATCH] avutil/imgutils: av_image_check_size2()
 ensure width and height fit in 32bit
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: multipart/mixed; boundary="===============6877687666958787124=="
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/20240709133710.GB4991@pb2/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>


--===============6877687666958787124==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="XqFDY9bHNWRmuMQr"
Content-Disposition: inline


--XqFDY9bHNWRmuMQr
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 09, 2024 at 03:28:10PM +0200, Michael Niedermayer wrote:
> On Tue, Jul 09, 2024 at 03:17:58PM +0200, Anton Khirnov wrote:
> > > ensure width and height fit in 32bit
> >=20
> > why?
>=20
> because not everyone wants undefined behavior
> because not everyone wants security issues
> because we dont support width and height > 32bit and its easier to check =
in a central place
> because the changed codes purpose is to check if the image paramaters are
>     within what we support, and width of 100 billion is not. You can try
>     all encoders with 100billion width. Then try to decode.
>     Iam curious, how many work, how many fail and how they fail
>     how many invalid bitstreams with no warning, how many undefined behav=
iors, ...
>=20
> Simply building FFmpeg on a platform with 64bit ints doesnt update
> ISO and ITU standards to allow larger values

but theres more :)
if we allow 64bit width and height, every check on the pixel number just
broke because w*(uint64_t)h just doesnt work anymore.
a 64bit int isnt giving us a int128_t. So many checks related to width
and height suddenly become more fragile as theres not a simply larger type

thx

[...]

--=20
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus

--XqFDY9bHNWRmuMQr
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZo09BgAKCRBhHseHBAsP
qwyGAJ9PBeD2e+xQC6AnYiBwSXJJZ3E21wCdFWZts32RSXO4Fw95Jtj3lXIeMoc=
=KjhO
-----END PGP SIGNATURE-----

--XqFDY9bHNWRmuMQr--

--===============6877687666958787124==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

--===============6877687666958787124==--