From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 41B4E40419 for ; Mon, 24 Jan 2022 14:46:44 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C5BEB68B042; Mon, 24 Jan 2022 16:46:42 +0200 (EET) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-oln040092070031.outbound.protection.outlook.com [40.92.70.31]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 998FE68AEB1 for ; Mon, 24 Jan 2022 16:46:36 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AVHyJs7nOpUQ5/8A4M2wQvHAtxQi+xKFN0JfIxIjfi5fVv8vptakY6xjYKu7S/8cu2kBvD8FKW9yq4vH0PJOHRolnihRM9/Nc34LHWWlqdqIHaH1cBT8UWbI4l1r7TJM5DNbVY03kTUlCWNrEKpI4kEBo4h4zgq9emhZa0lurld9orBAzEt1s8Lz2s2ESeyfNYkKfL0umiUyKj8ofWASbwx0yU358cGXbrOaLKiehdZn7z9+X+GcL5XaUqyVB+cYN3/kCVsNtRCmknbMHqmr777l1XwR4vS1Xu2S2ezxhan4TO2YH55Eko4tFaxqZdlSLZXJytNqaONfV6v0OvfwLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h+P3sXEjGcXBM5BMxNYT3AX1XUK21+xn0U6bS/eZZac=; b=drvovigLxnjlSUG2lBAIdSyV2V60EheWvqK02u2Z8vEZOa4WFteFpDU2cqZnGtQEypcfUzNx2XCeZmDvtLnhIdBQ59mRLyrSMntJfOnrJAnstNzHYbQsT3Z+vsRQKADBVN9p0S8sO9RMXH+LYPwHOK3vQy4BoYaliWx6mAC+536sW1NIR2Le2Th6ukrUc1IPCZcZlveqPlewkB1bz5kwbUIJUs36XBuIR5ylY0XDFYfE1vG3C9umvo0VY7/ZNHjuEktN5QL9s8ttvF87rPlEQsYGRyktrm3hvaEiKoWVvRTxg5O/GnIyt73IXWMggnE3HHXZkh03kLYb0hU4/Z699A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h+P3sXEjGcXBM5BMxNYT3AX1XUK21+xn0U6bS/eZZac=; b=pMlFgQqahZkQmnbpvqO1q9okI/N4AJ4BftLfr6t3ahPr6I4G2bZ5/OVdhCEsmMw+aA3/2/YPpJuimixNQW2vFG36n88jiPX/FKPxASOzEP5F7SwKZKcEEE5a0D0zOFe5taVuWhka7O9qF1MLWdXPsDfCTPAoZbSCeWvs5XhKHTPF2cBoCm8QHig2K+YfkgDiS7ieE54pY16AFiKGpy+mC/WN2f/Yv7XwseCS/9S/x/f7YWR8cp8FJZ46CqxQTKERMtXU6TOGOdds095Lx7bgjsy8O3JNUgd5n/xqMBx6mRHBZD6MXuitZG1gPzPSqBqjggNco18N9tMtk858cQ+qWA== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by AM6PR03MB5236.eurprd03.prod.outlook.com (2603:10a6:20b:c4::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.17; Mon, 24 Jan 2022 14:46:35 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::ac56:2ff4:d304:ab22]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::ac56:2ff4:d304:ab22%4]) with mapi id 15.20.4909.017; Mon, 24 Jan 2022 14:46:35 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 24 Jan 2022 15:45:47 +0100 Message-ID: X-Mailer: git-send-email 2.32.0 In-Reply-To: References: X-TMN: [DWGErfsEzh8vBar9koPtmlMpA4ERK1dY] X-ClientProxiedBy: AM5PR0201CA0016.eurprd02.prod.outlook.com (2603:10a6:203:3d::26) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <20220124144616.559446-2-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 805e8dbd-70c3-4bc4-ee97-08d9df4851c6 X-MS-TrafficTypeDiagnostic: AM6PR03MB5236:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LWu85VxEnOhqa+z7Z0ixth/2ftLFFctPEBL6Zk5T7pBUcfV0+LUdl2J5CahbpRVPAEWTwK4HqdVC4n/Ozfz9oYB9BJ0Z4K5h79VMsN3CP0GR0UgtuRB2FWMbDcnZ30rqyfyFvIh6UrKUSyha3KtpCwBUwOXqv0aSRvlC5aRbjWJ/rAfMBXp8hdKrcd9HEJmouEo0pTdy+spYmvpMOtfYhXpMgN1plBWv78CU/hkLlZfsgAZ0aqdqsDDr7Ldspiw4DR64+kcGpcKkemJl4NBEzhEX163ejPEdjypm8jaxM+pi/p1q7yf1CarsFGYCAR/XTedKqR4vmFijL8MTdnVsEwdtGxgnWT/cbJjEJvgEys+D5Iec6t26fnyzNB2wwwsGl9GQClySKBX8TGlwmcwTNXd+Xiur5ApmIz5RjLLVRWXVy0x9+yCzT/zWiZslhSSlCjE1tO0nIDIGu2E2pOuiHOXcyAT7KL8LoAZeoV/o+ydKaUTOPxH3W5OZYky5Aa/G2z0lrczMr5Zg61PCWfh4w5CwWufWklKuDk0TeOZzV0aPgT6yYaNids4Jb3cg4A5fnZg9slkV2dah3zpJvGvCrA== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?BOdNHLS4R+Bzd9WvYclX4TRxN9M2Xy/TKrc0/IdKbNiCe8MoySp2AIADsVTH?= =?us-ascii?Q?iKf8Fi4H/Lx+0YTh9oAODI1Nb8PMeFucYgUb0/wlc/gUF8Bu93v8FOFplmXz?= =?us-ascii?Q?XL1SVIlribT+9GeZ+yY+ZRcAtEEsYcrOWbkeS34DR+fKVxWCeZq9WzRdFiEM?= =?us-ascii?Q?1LQrRezYutA2Sy/51i81EtGxfp+RxrgZtO8+leKb0E6VbAd2mZvWqpTvwJu6?= =?us-ascii?Q?jA9ztGO/oqimgnLVzu7thPZP7e1yakhlNOfBtuOO+OCfn3I9vrCG21OmKnYa?= =?us-ascii?Q?ypqZIuabfNT+PH33kw+uE7ENr8IqK36J6Gbqqc/dnu+4EeN+uZaFS1hsODGy?= =?us-ascii?Q?taL2SCDvOOUWNCNs4z28/A1sJkacimE+jPdLivqPreejIdcxdI/C/YuInXqZ?= =?us-ascii?Q?YJICtgL4ie5YDdg0AXkxBJ1XvOak+lhVB2chgmr5RSm8jZVdrWOl2RqOmL+a?= =?us-ascii?Q?sJjMDCbsqWZ37oHJn4BT4rOarl6FFXRpDjVk05KIu2vBBCNgKt10N81Pl6g+?= =?us-ascii?Q?u/ld+SIQDnWJ75XF8SYN2XkWs0OWiQtWsWqY1+Vp42i6gV/A2wHjiEop/PsD?= =?us-ascii?Q?b/pOI1Ite0raecZd17/AWN8pQgy6DeCRIaC40bcJjbvB8Gluh36GHN8xqvD6?= =?us-ascii?Q?7jjLdB69bAbvRJdDZOmLRbLzZJ1VxKyWJCnSYa/kiy6vG+a48bkAZvSu154U?= =?us-ascii?Q?PUpFwFrSksFhTVyh0YWd2eEqb3R65JTo4yc0Rzbrx0NmYCVpJ7eOegpvhC3/?= =?us-ascii?Q?lonhTm7rlpW427gIWiSI0S+xMv35kJSBsRs9RkhLpd4bFgaLLIja/Tm063Sc?= =?us-ascii?Q?PzOkcVrR3OQm7LZ5m0wHeVHWZqVzCJs/V07llveKNutkBqNiPf0HwIyt34Ox?= =?us-ascii?Q?O1Y/ZTOqMMhjKqb5HSiO73+cOcYfmriBsGbI1agP2gShpHI/N5P76BeLnaln?= =?us-ascii?Q?G29IPcmSynHcHnWOK7hTcg=3D=3D?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 805e8dbd-70c3-4bc4-ee97-08d9df4851c6 X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2022 14:46:35.4297 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR03MB5236 Subject: [FFmpeg-devel] [PATCH v2 02/31] lavu/fifo: disallow overly large fifo sizes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Anton Khirnov Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: From: Anton Khirnov The API currently allows creating FIFOs up to - UINT_MAX: av_fifo_alloc(), av_fifo_realloc(), av_fifo_grow() - SIZE_MAX: av_fifo_alloc_array() However the usable limit is determined by - rndx/wndx being uint32_t - av_fifo_[size,space] returning int so no FIFO should be larger than the smallest of - INT_MAX - UINT32_MAX - SIZE_MAX (which should be INT_MAX an all commonly used platforms). Return an error on trying to allocate FIFOs larger than this limit. --- libavutil/fifo.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavutil/fifo.c b/libavutil/fifo.c index e1f2175530..55621f0dca 100644 --- a/libavutil/fifo.c +++ b/libavutil/fifo.c @@ -20,14 +20,23 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#include + #include "avassert.h" #include "common.h" #include "fifo.h" +#define OLD_FIFO_SIZE_MAX (size_t)FFMIN3(INT_MAX, UINT32_MAX, SIZE_MAX) + AVFifoBuffer *av_fifo_alloc_array(size_t nmemb, size_t size) { AVFifoBuffer *f; - void *buffer = av_realloc_array(NULL, nmemb, size); + void *buffer; + + if (nmemb > OLD_FIFO_SIZE_MAX / size) + return NULL; + + buffer = av_realloc_array(NULL, nmemb, size); if (!buffer) return NULL; f = av_mallocz(sizeof(AVFifoBuffer)); @@ -82,6 +91,9 @@ int av_fifo_realloc2(AVFifoBuffer *f, unsigned int new_size) { unsigned int old_size = f->end - f->buffer; + if (new_size > OLD_FIFO_SIZE_MAX) + return AVERROR(EINVAL); + if (old_size < new_size) { size_t offset_r = f->rptr - f->buffer; size_t offset_w = f->wptr - f->buffer; -- 2.32.0 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".