From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 9CC7543053 for ; Thu, 13 Jan 2022 14:00:03 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 96A5C68B77F; Thu, 13 Jan 2022 16:00:00 +0200 (EET) Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-oln040092069079.outbound.protection.outlook.com [40.92.69.79]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E907868B759 for ; Thu, 13 Jan 2022 15:59:53 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=NgXXbf9edZBqU9hvdGm+qO0Y2UKK4frpgCPdOfHPuXF7qQdId2aQKWKNNwfZvNoD1iX053IfKRj7pRUmC2dher96mbxnEQ9UM23qi15WEQua5ZaYZxgzATi/389EmKYziQj56dm9iGhCyvz86D3L4BIVaBZt0j7hUA92QmE/BEs7aEqVvBXzzfiQ5IwilksfMq/98PU4vlnNbzIFjbEA/ae7xyggI0gCl9zp7pVyA/rh5YNvMfxaZw5Fgu9vuT9wx6TA6YbyTTdwUUruPJ81HNUBHZGFPjaI8OG0yGMDy21+AmB3J9NXUbSdN3PEvnEgRofMXi9kJxOYjwr+NKawDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=QH7O58vdiYddGOd+KTh+DT+YjF1YfgypVpf6J58Y9Uk=; b=ZvkHkQq5txlAvsgWewHZ/AEVR0s3cR2z6/NC6GDms3uc4ns9ohy1DmxRBVg4VDUbQEixP0tjp3Ikc5BhD0i6JJKYnCIvQt6zwd6JYNCTTICZdBADEOWsX4fxElUJX4fAjqPUJNKJ4FYH1/YrkWn9UlcnW5b4wwG01Zxds70cyZL9bHb0SHgN+N0PARIAnKsKo3d1huHp8jX2E+8vHdkV7oOSqMDpEzzPKKLZ0WBu37796pwmbNXBCwtEIk9he/IFzvSIt3TkhQvt1KZ9p2ct01pry5HiRI52z91C/psQVfrDhkzBLZSjwr7etzfHfSVnTzR/naIwUwK9oQr5uhxh7w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QH7O58vdiYddGOd+KTh+DT+YjF1YfgypVpf6J58Y9Uk=; b=mEmMgFLLVog8CfAv28B6p6icK8RVpVemk7H5zUjyc7EATUbOVizDihw8onhjJf/xUGYn4jwWnZJnGgTQI100jckz5PdsFCgHK6g7k+prQasUC7OTE+koM9WNV4KQwRlfZn1DOhOY6dCXddmKDHMW86PITrZmYkkjze9NyT2/c82igtKZJGRZq73h9+kkXrHDUZOiEuNr8zLH42MGsEe+KAVTDd2ahPl1yRkiNi0NH3FBQLGdD1cEAfdhL2IqSiakMrnqJRWd2Uq1KR+wYOGobKM7Ko4piorsgUtO/Fg2lbScbCSGSNjW0tep60z9q/6SKSy3qvB/gvW3if0GcncR2w== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by HE1PR0301MB2441.eurprd03.prod.outlook.com (2603:10a6:3:6f::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4888.11; Thu, 13 Jan 2022 13:59:51 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::19fc:be9f:2c9c:53f5]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::19fc:be9f:2c9c:53f5%9]) with mapi id 15.20.4888.010; Thu, 13 Jan 2022 13:59:51 +0000 Message-ID: Date: Thu, 13 Jan 2022 14:59:49 +0100 Content-Language: en-US To: ffmpeg-devel@ffmpeg.org References: <20220111204610.14262-1-anton@khirnov.net> From: Andreas Rheinhardt In-Reply-To: <20220111204610.14262-1-anton@khirnov.net> X-TMN: [TnpmSHSW/pkia8FLotUGh+BphfCPshYS] X-ClientProxiedBy: AS9PR06CA0271.eurprd06.prod.outlook.com (2603:10a6:20b:45a::25) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <0278dd49-625f-6894-23d1-ab545b343335@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 3d829237-1d36-4fad-f2e5-08d9d69cf78b X-MS-TrafficTypeDiagnostic: HE1PR0301MB2441:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: z/5px1qaL16LNbAajEuM+JUB1DprvYVmdNgAnuB/cigYoaN/bVCvFZUFzX9j2xBeRcJvqio9/7hBxun79yWSY4I/6Douod/4VJOP0/FJsXhKRye2EY5S3LCIUAFiCGOyGIegKxTEajSiMYOY57o1FNiJTtYzCAgIjSXuaVLDyE9csHu86HMiWfroOzElmtmZIoKbx6g5SP+zW9yzIKVg4GUGMC0mmBVl2mP5uBjxSe6pvSjjaJgGLWHXOEhkJceSQEJf2mWcEwlM9G+SRDmSATBO94fHNz4JdDOFWb2BZKvpD6DAKPh1cOsmNTNIrC8UHkwCrtS+VrTjDn/Pr408xkjacu+UC/6105CIQTzRoh2LdSCiN1Icsw/wplC4KNKWvy0VLHIWSp7G3nQhD5adCK78AYlZZCvSTqOhA5WqNgZFy5VCyK4/ssvVf31fg47zVCYIQ5JG8YS/Oeccc6Z4A/jTXsN69rIRRpH+ajK0tS7nlTLU7HFD6dIMbIGg8zjxKFIE2oPGfOwNrLsp2yfzHYi9DNnfavhdZzObFFidv5ETDuK1+VVU2TO8cf2mWC43Ufi1ORzLTBVaUdDRAH/rXQ== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?TXUxWHo3TjBYY2NEMnovUU1velFKNVN5SlFBWWpQQXQ3bi9IOXVDOE1hK2to?= =?utf-8?B?QTZ1TUtMeGlhQ2daZ3cvcmhiaGE4Wk9KMDFkSGNHVkhUK25XRmduaXRqRlRk?= =?utf-8?B?MnNBU09VUWJjNVZEWk1yaCtibW1oUlBuaHdYbkdWVGZSa1JQYmI3OHgzNG1v?= =?utf-8?B?WGI0NzdnR0dvd2xheEpxS1BQU08ydXZsZlczVHhYcjAwUXF4NUVUNDZJNm4r?= =?utf-8?B?cldKTkVwOXdUZkZnQkkvR3pkcXNxZWdpYWlkN2hCRy8yMnhOZUd0Y3EyZVFE?= =?utf-8?B?bGwwQ0FuNzdtdmtkZitsREJkZ2ZwakZGS0hSdG9kUytNZll3bEU5dWtLZWZ2?= =?utf-8?B?QTNMNC8vd0pHanE5OEMyYTVvM1EwSSs3c2RyMloxTWV1VWk0Nm5GcXBqU0cz?= =?utf-8?B?bmsreTY0SzFHM01xcGhMdWd4NGpweHpQUXk2K1gydzBueEFaMDhlRUdteVVk?= =?utf-8?B?SzhtcGVjNTFNeFdkM0VvZjRUWXhieWpseTJCem9JR0d3S0NhQytqMDJta1Fv?= =?utf-8?B?U1dLaGJxZXc3VUo3VGFod0JZaGpkckpucGtuZXpXemxLUFR6c1QrVnM0Y01X?= =?utf-8?B?S1dtcXVzUWVrcm5tY1J0Y0tXRGwvQVZ3YkFPdGl3Nk9paU0yL2lncUN0aEpI?= =?utf-8?B?ZTdsRGJnMXpqZFNqdzM2cnYrSmdLb0RvR1ZBaEQ2VjJOWnpPVGZJdHNHazJT?= =?utf-8?B?Tzl6VWlvRUF3bGdSWnZZc29selltaHZZTWtVd0RIRjhUU1JjbU1kUFQ5a3Nq?= =?utf-8?B?VytnTEEycCtNdi91Y1dmS09tRzcrMGJ4UDhPL0Z6SjE3Q0JDWG1YRlhtcHhB?= =?utf-8?B?ZVNuckVWaVZTaWtpN01kSFBiNGp4NlV0UTZPbkZZNXl6UXMvdmlBS0VsUTNI?= =?utf-8?B?SVlkREdMT0FzTS92Q1B0TUdQckNaR0VmVkd4eHZ1RC9oeVBkaG9ET2NDbEI3?= =?utf-8?B?ZE1sZ0N5Rmd3eWdVbXJYRXpxM0VNY2hZV0lzZ0ZzR0V1YmVCZ2tVOUg0clRu?= =?utf-8?B?dXBzL0xueUZwaTZKSlcrVEFzRFFMTW9DZ3pRbnNqVGJHQnVGZW1KK0xJM1Bj?= =?utf-8?B?YmVQeXltbU1QSVd3UTJkWGduVlZzWUZRV1ZsVjA5OU0wVkViaDAwNm9wRC93?= =?utf-8?B?TkJza2hES2dzdHdBVW1SY0NtSnlwL2xLMzVBem9IekFCVGRTSlU1SmtuYnJM?= =?utf-8?B?NSs2dGZReGh4MWdyZDVSeTRxSGZSU1ZlV1g2blp5enp5VkpqMmtkeXhlUU9p?= =?utf-8?B?QUNxSE1TcDZDV21wcW5GVDMyVXZVeFBXaTJGN0ZmSWRGZGJWQT09?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3d829237-1d36-4fad-f2e5-08d9d69cf78b X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Jan 2022 13:59:51.2739 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0301MB2441 Subject: Re: [FFmpeg-devel] [PATCH 01/35] lavu/fifo: disallow overly large fifo sizes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Anton Khirnov: > The API currently allows creating FIFOs up to > - UINT_MAX: av_fifo_alloc(), av_fifo_realloc(), av_fifo_grow() > - SIZE_MAX: av_fifo_alloc_array() > However the usable limit is determined by > - rndx/wndx being uint32_t > - av_fifo_[size,space] returning int > so no FIFO should be larger than the smallest of > - INT_MAX > - UINT32_MAX > - SIZE_MAX > (which should be INT_MAX an all commonly used platforms). > Return an error on trying to allocate FIFOs larger than this limit. > --- > libavutil/fifo.c | 14 +++++++++++++- > 1 file changed, 13 insertions(+), 1 deletion(-) > > diff --git a/libavutil/fifo.c b/libavutil/fifo.c > index d741bdd395..f2f046b1f3 100644 > --- a/libavutil/fifo.c > +++ b/libavutil/fifo.c > @@ -20,14 +20,23 @@ > * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA > */ > > +#include > + > #include "avassert.h" > #include "common.h" > #include "fifo.h" > > +#define FIFO_SIZE_MAX FFMIN3((uint64_t)INT_MAX, (uint64_t)UINT32_MAX, (uint64_t)SIZE_MAX) Aren't these casts unnecessary? And actually dangerous? (They add the implicit requirement that INT_MAX and SIZE_MAX fit into an uint64_t.) > + > AVFifoBuffer *av_fifo_alloc_array(size_t nmemb, size_t size) > { > AVFifoBuffer *f; > - void *buffer = av_realloc_array(NULL, nmemb, size); > + void *buffer; > + > + if (nmemb > FIFO_SIZE_MAX / size) > + return NULL; > + > + buffer = av_realloc_array(NULL, nmemb, size); > if (!buffer) > return NULL; > f = av_mallocz(sizeof(AVFifoBuffer)); > @@ -82,6 +91,9 @@ int av_fifo_realloc2(AVFifoBuffer *f, unsigned int new_size) > { > unsigned int old_size = f->end - f->buffer; > > + if (new_size > FIFO_SIZE_MAX) > + return AVERROR(EINVAL); > + > if (old_size < new_size) { > size_t offset_r = f->rptr - f->buffer; > size_t offset_w = f->wptr - f->buffer; > _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".