From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 9F5CA4426C for ; Sat, 3 Sep 2022 21:10:36 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 8DB6568BA0E; Sun, 4 Sep 2022 00:10:34 +0300 (EEST) Received: from mail-yw1-f179.google.com (mail-yw1-f179.google.com [209.85.128.179]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D734068B9B3 for ; Sun, 4 Sep 2022 00:10:27 +0300 (EEST) Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-333a4a5d495so42974427b3.10 for ; Sat, 03 Sep 2022 14:10:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date; bh=9TxWsDIs8TBhEy/rltl2iAQeUzjjeErzyNOeoiUgORQ=; b=YDe8TAPlbHsmL+9pyHjb4mCP1lFI6de118RNb8OPhiEci/ySMD4qPRDJ/x2dNxY/L6 DNIQra//MPC4xYlyZv3LjP6jzY+p7z/Yz6xCtH8lVR5G4zaX8A+92Fo/E+c132u5umlb bGn0bxD4yClbhpz85bqa0KSkal+DlJ174ZbzPLh8+SYS8nGhuKMnXKHT6Qo+SAdBJzvg L88CAchGQLp+tI1prC9bsCKF8+9Scckd8EhWT8zXyrUJGbzBvmTzf//VB+4amxRLpbkK 3dCpkCffWeVV8li9FSPbpPuh8kxiJPiCi5Gs77zLEd9pBF0WBu6qeFt+oLKLC6VmZLLS BERA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date; bh=9TxWsDIs8TBhEy/rltl2iAQeUzjjeErzyNOeoiUgORQ=; b=NfgppsWxnd9xp4F+UlxHeMbMqzsmtfTay4uLbkLQQ5/7qo9xs5pLpGHI/I/p/kzyAY eIG2GDCSkr50RCCDV5H2kM980ZXKDLKxNuTQqVOJH/6JZTL2WMAlfdMJucbIEQg3Ox7A GPCxvG+jXjI2sbeaFpWyJ0YZMIpyiMxmevJZ6qLDONQMZgNgprLsaCw885iLqDuf6sSC XzutiSX6nQjoCGnP1NY06JUqL/4AXzb2/yyDj/nkp/NBczYVnj1gm7VpqGiuThM5u+fs pWh9N9of9vu4fLZgYR4tY1xj5/oUn2KSaAVaxWCf1gst2dG5qoidRDlTv6pfJNkggjwQ sqSw== X-Gm-Message-State: ACgBeo0T0s76tuB1bHhIfa5tEazeFO1i4ScItP7UJ3+Wiyz7jNztzB9g W3mz7OORRXhrK1kU2INT8eTXOInoRy+q4OfitSrN6aZb X-Google-Smtp-Source: AA6agR5gfxAmvQHWfvWFOl0FR0dMCFHctAYH8mEs99SlFK8I/clHPJUdwgBMsCR52GJpBQ28szYxz9v/szob5LXG/8M= X-Received: by 2002:a0d:c283:0:b0:335:7a81:f61e with SMTP id e125-20020a0dc283000000b003357a81f61emr32461777ywd.220.1662239426427; Sat, 03 Sep 2022 14:10:26 -0700 (PDT) MIME-Version: 1.0 References: <166210225946.3205.13102915136711192823@lain.khirnov.net> In-Reply-To: <166210225946.3205.13102915136711192823@lain.khirnov.net> From: Carl Eugen Hoyos Date: Sat, 3 Sep 2022 23:03:45 +0200 Message-ID: To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="0000000000008b55c805e7cc46ca" Subject: Re: [FFmpeg-devel] [PATCH]lavfi/rotate: Fix undefined behaviour X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --0000000000008b55c805e7cc46ca Content-Type: text/plain; charset="UTF-8" Am Fr., 2. Sept. 2022 um 09:04 Uhr schrieb Anton Khirnov : > > Quoting Carl Eugen Hoyos (2022-09-01 21:28:08) > > Hi! > > > > Attached patch fixes ticket #9799. > > > > Please comment, Carl Eugen > > > > From 2cce687961c3b56a92d88184269bf9fa075ae297 Mon Sep 17 00:00:00 2001 > > From: Carl Eugen Hoyos > > Date: Thu, 1 Sep 2022 20:55:54 +0200 > > Subject: [PATCH] lavfi/rotate: Avoid undefined behaviour. > > > > Fixes the following integer overflows: > > libavfilter/vf_rotate.c:273:13: runtime error: signed integer overflow: 92951468 + 2058533568 cannot be represented in type 'int' > > libavfilter/vf_rotate.c:273:37: runtime error: signed integer overflow: 39684 * 54149 cannot be represented in type 'int' > > libavfilter/vf_rotate.c:272:13: runtime error: signed integer overflow: 247587320 + 1900985032 cannot be represented in type 'int' > > libavfilter/vf_rotate.c:272:37: runtime error: signed integer overflow: 42584 * 50430 cannot be represented in type 'int' > > libavfilter/vf_rotate.c:272:50: runtime error: signed integer overflow: 65083 * 52912 cannot be represented in type 'int' > > libavfilter/vf_rotate.c:273:50: runtime error: signed integer overflow: 65286 * 38044 cannot be represented in type 'int' > > > > Fixes ticket #9799, different output with different compilers. > > --- > > libavfilter/vf_rotate.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/libavfilter/vf_rotate.c b/libavfilter/vf_rotate.c > > index 4429e3d543..d319dfe3d9 100644 > > --- a/libavfilter/vf_rotate.c > > +++ b/libavfilter/vf_rotate.c > > @@ -269,8 +269,8 @@ static uint8_t *interpolate_bilinear16(uint8_t *dst_color, > > int s01 = AV_RL16(&src[src_linestep * int_x1 + i + src_linesize * int_y ]); > > int s10 = AV_RL16(&src[src_linestep * int_x + i + src_linesize * int_y1]); > > int s11 = AV_RL16(&src[src_linestep * int_x1 + i + src_linesize * int_y1]); > > - int s0 = (((1<<16) - frac_x)*s00 + frac_x*s01); > > - int s1 = (((1<<16) - frac_x)*s10 + frac_x*s11); > > + int64_t s0 = (((int64_t)(1<<16) - frac_x)*s00 + (int64_t)frac_x*s01); > > + int64_t s1 = (((int64_t)(1<<16) - frac_x)*s10 + (int64_t)frac_x*s11); > > Given that the same casts also appear in the AV_WL16 below, it seems > better to just change the types of frac_x/frac_y. Definitely, new patch attached. > Also, shouldn't the same change be done also to interpolate_bilinear8? I was unable to reproduce with 8-bit input. Thank you, Carl Eugen --0000000000008b55c805e7cc46ca Content-Type: text/plain; charset="US-ASCII"; name="0001-lavfi-rotate-Avoid-undefined-behaviour.patch.txt" Content-Disposition: attachment; filename="0001-lavfi-rotate-Avoid-undefined-behaviour.patch.txt" Content-Transfer-Encoding: base64 Content-ID: X-Attachment-Id: f_l7me6w140 RnJvbSAwNjJiOGEzYTIwMmY3MjEyNWZhMDU1ODJjMmEzYzBhYmM4MzA1ODg3IE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBDYXJsIEV1Z2VuIEhveW9zIDxjZWZmbXBlZ0BnbWFpbC5jb20+ CkRhdGU6IFNhdCwgMyBTZXAgMjAyMiAyMjo1MDoxOSArMDIwMApTdWJqZWN0OiBbUEFUQ0hdIGxh dmZpL3JvdGF0ZTogQXZvaWQgdW5kZWZpbmVkIGJlaGF2aW91ci4KCkZpeGVzIHRoZSBmb2xsb3dp bmcgaW50ZWdlciBvdmVyZmxvd3M6CmxpYmF2ZmlsdGVyL3ZmX3JvdGF0ZS5jOjI3MzoxMzogcnVu dGltZSBlcnJvcjogc2lnbmVkIGludGVnZXIgb3ZlcmZsb3c6IDkyOTUxNDY4ICsgMjA1ODUzMzU2 OCBjYW5ub3QgYmUgcmVwcmVzZW50ZWQgaW4gdHlwZSAnaW50JwpsaWJhdmZpbHRlci92Zl9yb3Rh dGUuYzoyNzM6Mzc6IHJ1bnRpbWUgZXJyb3I6IHNpZ25lZCBpbnRlZ2VyIG92ZXJmbG93OiAzOTY4 NCAqIDU0MTQ5IGNhbm5vdCBiZSByZXByZXNlbnRlZCBpbiB0eXBlICdpbnQnCmxpYmF2ZmlsdGVy L3ZmX3JvdGF0ZS5jOjI3MjoxMzogcnVudGltZSBlcnJvcjogc2lnbmVkIGludGVnZXIgb3ZlcmZs b3c6IDI0NzU4NzMyMCArIDE5MDA5ODUwMzIgY2Fubm90IGJlIHJlcHJlc2VudGVkIGluIHR5cGUg J2ludCcKbGliYXZmaWx0ZXIvdmZfcm90YXRlLmM6MjcyOjM3OiBydW50aW1lIGVycm9yOiBzaWdu ZWQgaW50ZWdlciBvdmVyZmxvdzogNDI1ODQgKiA1MDQzMCBjYW5ub3QgYmUgcmVwcmVzZW50ZWQg aW4gdHlwZSAnaW50JwpsaWJhdmZpbHRlci92Zl9yb3RhdGUuYzoyNzI6NTA6IHJ1bnRpbWUgZXJy b3I6IHNpZ25lZCBpbnRlZ2VyIG92ZXJmbG93OiA2NTA4MyAqIDUyOTEyIGNhbm5vdCBiZSByZXBy ZXNlbnRlZCBpbiB0eXBlICdpbnQnCmxpYmF2ZmlsdGVyL3ZmX3JvdGF0ZS5jOjI3Mzo1MDogcnVu dGltZSBlcnJvcjogc2lnbmVkIGludGVnZXIgb3ZlcmZsb3c6IDY1Mjg2ICogMzgwNDQgY2Fubm90 IGJlIHJlcHJlc2VudGVkIGluIHR5cGUgJ2ludCcKCkZpeGVzIHRpY2tldCAjOTc5OSwgZGlmZmVy ZW50IG91dHB1dCB3aXRoIGRpZmZlcmVudCBjb21waWxlcnMuCi0tLQogbGliYXZmaWx0ZXIvdmZf cm90YXRlLmMgfCAxMCArKysrKy0tLS0tCiAxIGZpbGUgY2hhbmdlZCwgNSBpbnNlcnRpb25zKCsp LCA1IGRlbGV0aW9ucygtKQoKZGlmZiAtLWdpdCBhL2xpYmF2ZmlsdGVyL3ZmX3JvdGF0ZS5jIGIv bGliYXZmaWx0ZXIvdmZfcm90YXRlLmMKaW5kZXggNDQyOWUzZDU0My4uOTZjMjUwYTQ1OSAxMDA2 NDQKLS0tIGEvbGliYXZmaWx0ZXIvdmZfcm90YXRlLmMKKysrIGIvbGliYXZmaWx0ZXIvdmZfcm90 YXRlLmMKQEAgLTI1OCw4ICsyNTgsOCBAQCBzdGF0aWMgdWludDhfdCAqaW50ZXJwb2xhdGVfYmls aW5lYXIxNih1aW50OF90ICpkc3RfY29sb3IsCiB7CiAgICAgaW50IGludF94ID0gYXZfY2xpcCh4 Pj4xNiwgMCwgbWF4X3gpOwogICAgIGludCBpbnRfeSA9IGF2X2NsaXAoeT4+MTYsIDAsIG1heF95 KTsKLSAgICBpbnQgZnJhY194ID0geCYweEZGRkY7Ci0gICAgaW50IGZyYWNfeSA9IHkmMHhGRkZG OworICAgIGludDY0X3QgZnJhY194ID0geCYweEZGRkY7CisgICAgaW50NjRfdCBmcmFjX3kgPSB5 JjB4RkZGRjsKICAgICBpbnQgaTsKICAgICBpbnQgaW50X3gxID0gRkZNSU4oaW50X3grMSwgbWF4 X3gpOwogICAgIGludCBpbnRfeTEgPSBGRk1JTihpbnRfeSsxLCBtYXhfeSk7CkBAIC0yNjksMTAg KzI2OSwxMCBAQCBzdGF0aWMgdWludDhfdCAqaW50ZXJwb2xhdGVfYmlsaW5lYXIxNih1aW50OF90 ICpkc3RfY29sb3IsCiAgICAgICAgIGludCBzMDEgPSBBVl9STDE2KCZzcmNbc3JjX2xpbmVzdGVw ICogaW50X3gxICsgaSArIHNyY19saW5lc2l6ZSAqIGludF95IF0pOwogICAgICAgICBpbnQgczEw ID0gQVZfUkwxNigmc3JjW3NyY19saW5lc3RlcCAqIGludF94ICArIGkgKyBzcmNfbGluZXNpemUg KiBpbnRfeTFdKTsKICAgICAgICAgaW50IHMxMSA9IEFWX1JMMTYoJnNyY1tzcmNfbGluZXN0ZXAg KiBpbnRfeDEgKyBpICsgc3JjX2xpbmVzaXplICogaW50X3kxXSk7Ci0gICAgICAgIGludCBzMCA9 ICgoKDE8PDE2KSAtIGZyYWNfeCkqczAwICsgZnJhY194KnMwMSk7Ci0gICAgICAgIGludCBzMSA9 ICgoKDE8PDE2KSAtIGZyYWNfeCkqczEwICsgZnJhY194KnMxMSk7CisgICAgICAgIGludDY0X3Qg czAgPSAoKCgxPDwxNikgLSBmcmFjX3gpKnMwMCArIGZyYWNfeCpzMDEpOworICAgICAgICBpbnQ2 NF90IHMxID0gKCgoMTw8MTYpIC0gZnJhY194KSpzMTAgKyBmcmFjX3gqczExKTsKIAotICAgICAg ICBBVl9XTDE2KCZkc3RfY29sb3JbaV0sICgoaW50NjRfdCkoKDE8PDE2KSAtIGZyYWNfeSkqczAg KyAoaW50NjRfdClmcmFjX3kqczEpID4+IDMyKTsKKyAgICAgICAgQVZfV0wxNigmZHN0X2NvbG9y W2ldLCAoKCgxPDwxNikgLSBmcmFjX3kpKnMwICsgZnJhY195KnMxKSA+PiAzMik7CiAgICAgfQog CiAgICAgcmV0dXJuIGRzdF9jb2xvcjsKLS0gCjIuMTcuMQoK --0000000000008b55c805e7cc46ca Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --0000000000008b55c805e7cc46ca--