From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 3D0724BA18 for ; Tue, 9 Jul 2024 22:00:43 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 0EB8368DBA3; Wed, 10 Jul 2024 01:00:41 +0300 (EEST) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 56D0F68D9EA for ; Wed, 10 Jul 2024 01:00:34 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id AD568E0006 for ; Tue, 9 Jul 2024 22:00:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1720562433; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=5ZllqU9SE+1k1URNV7jqmB82AmXD6OzHMSL7JOL6BNQ=; b=UTS9dJkr2cOVPTstmE77xMR8QxNe6nj1YFmi+AoY82v3858Qf9Io/mlyyz4IH35YP7xm6K Z0GxhmUzpATEcplQZh6zStyICke3JfWmwunj5yI6p76l4Kp+kB1fyyo0FqBgWN+f5eo7qh neF7saB6Wtxi/OkZRkcWSH/3hVqKg6fqgpxPYVwb0mW77ArMcNzIpp5qh2i3FPpUm+Y4Gz KcjRkvIWd9uLiiionrSmlYxfzEl8vXeWOuzeu4gPrrU8VhuLXLxJxvhcisDMLHLPoO11Mp B03AkH/ON36oXbkr52ooQCLqfSB824ilWTHLG7QrEDV1EQVo7CBpsFog7dEGXw== Date: Wed, 10 Jul 2024 00:00:32 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240709220032.GE4991@pb2> References: <20240709113626.1836680-1-michael@niedermayer.cc> <172053107806.21847.11044848590089039731@lain.khirnov.net> <20240709132810.GA4991@pb2> <172053807774.21847.8430412564103918732@lain.khirnov.net> MIME-Version: 1.0 In-Reply-To: <172053807774.21847.8430412564103918732@lain.khirnov.net> X-GND-Sasl: michael@niedermayer.cc Subject: Re: [FFmpeg-devel] [PATCH] avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============4347335566753357521==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============4347335566753357521== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="BhxIwg67zh/LWMpM" Content-Disposition: inline --BhxIwg67zh/LWMpM Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 09, 2024 at 05:14:37PM +0200, Anton Khirnov wrote: > Quoting Michael Niedermayer (2024-07-09 15:28:10) > > On Tue, Jul 09, 2024 at 03:17:58PM +0200, Anton Khirnov wrote: > > > > ensure width and height fit in 32bit > > >=20 > > > why? > >=20 > > because not everyone wants undefined behavior > > because not everyone wants security issues > > because we dont support width and height > 32bit and its easier to chec= k in a central place > > because the changed codes purpose is to check if the image paramaters a= re > > within what we support, and width of 100 billion is not. You can try > > all encoders with 100billion width. Then try to decode. > > Iam curious, how many work, how many fail and how they fail > > how many invalid bitstreams with no warning, how many undefined beh= aviors, ... > >=20 > > Simply building FFmpeg on a platform with 64bit ints doesnt update > > ISO and ITU standards to allow larger values >=20 > Quoting Michael Niedermayer (2020-10-07 16:45:56): > > At least in code i wrote and write i consider it a bug if it would > > assume sizeof(int/unsigned) =3D=3D 4 >=20 > Make up your mind. Where do you see a contradiction ? 2020: assuming sizeof(int/unsigned) =3D=3D 4 is a bug 2024: we do not support more than 32bit width and height, nor is that supported by the majority of codec bitsterams and formats -> We thus should in a central place check that instead of generating undefined behavior and security issues What i suggest IS actually fixing a "sizeof(int/unsigned) =3D=3D 4" bug If someone wants to make the codebase work with 64bit width and height, this should not be limited to "int is 64bit" systems that would be a very seriou= sly broken design and also very illogic. Also your terse replies feel a bit rude thx [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB No great genius has ever existed without some touch of madness. -- Aristotle --BhxIwg67zh/LWMpM Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZo2y/QAKCRBhHseHBAsP qz5rAJ9PbP1in2Vab/jpWSxJrWmkmIhTfgCeIBcH0pycd9oSVdQ56qxou/5xRWA= =/t4B -----END PGP SIGNATURE----- --BhxIwg67zh/LWMpM-- --===============4347335566753357521== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============4347335566753357521==--