From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 3EA2F496E4 for ; Tue, 19 Mar 2024 06:39:37 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C76E368D316; Tue, 19 Mar 2024 08:39:34 +0200 (EET) Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.17]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C397A68D272 for ; Tue, 19 Mar 2024 08:39:27 +0200 (EET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1710830374; x=1742366374; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=jsemoEa3/oEJ2OaUvQ3ouaVzXxRdtP46nGZQ8JIryFc=; b=RdC1yKmVvHbMEKpDaXfLxvH00QCNSGDzUxi0Vuc1W6GJjejZmIAIC7/Q zo6HOT5fq+AfcfwvV6e+z5JNRakS84VSigWMDs6Ov8VWfozxAxvrvIo1y Lo2W9cjgQ4zVKr3OXPpKPyuaxcRmkH0ehEjSF2QhY3AEuFrOamAI4VQo+ DIFVnQvy7gTHT+O/siORf5awHLwt+d4Y6bMAF6zSwFm6cGwUgZp8Wqdm1 /ouWQU8aaWdENbVv9xOFwp1COkibiEWbMunkxaZo5fdPxfvOT8QMMpKI4 sQ5R8TrwAr3bPxsH8z9wtSqkHgeHxTD9DNYAi+RyTt73XNMkbNYkZ2OJh Q==; X-IronPort-AV: E=McAfee;i="6600,9927,11017"; a="5799894" X-IronPort-AV: E=Sophos;i="6.07,136,1708416000"; d="scan'208";a="5799894" Received: from orviesa006.jf.intel.com ([10.64.159.146]) by orvoesa109.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2024 23:39:21 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,136,1708416000"; d="scan'208";a="14093384" Received: from fmsmsx603.amr.corp.intel.com ([10.18.126.83]) by orviesa006.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 18 Mar 2024 23:39:21 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx603.amr.corp.intel.com (10.18.126.83) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 18 Mar 2024 23:39:19 -0700 Received: from FMSEDG603.ED.cps.intel.com (10.1.192.133) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35 via Frontend Transport; Mon, 18 Mar 2024 23:39:19 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.168) by edgegateway.intel.com (192.55.55.68) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.35; Mon, 18 Mar 2024 23:39:18 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=hqOoRNZNiNhw8dQnX2LCcTYVk1YdGHOH+5JQH92v71g1zEjMOKxLQdq7bch94FEM82GEAh1o/xfHvS3EFcHGxUb6QnjoOw4Nw8TZblLdsvRRG0q4F+3hoNVKFsTmZCSGqp4xgOkJiUMU9HD9FfKXJxiBdnTXIs5wEYHOj2lC3swUgi5ovyVQryhORIQlyhZX8Ato/mv4/g0xrX+6er6ZskusN4nFDxO+kQfi2Ydrb5i/GhpqfvGw5JwSxBXqUpvHEuWev+Sh7Qf4qpRy2qCROZS5zvSttLVoSNX+3IwqoM3ft5MmLMCU9RiHU5k5emwgtz+Olxk0LKlCsF7iNVumug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iENQeWWvyzWY55UOeIKqRw4SM/OHBQ5p8IVTtXszuoc=; b=dYR1d91LUBR9ggLnj5of0Z97TUUnNBnvADFh7HP2U6/NoCApXT57w+wFbc77gZBv8Ss3Hs0jlwIRNYqnDQS0q+97JGa082HQl9bHLcNJveTWv3DsRa6i77ML/DK4ymtQCRvdFqQ5CHFvuEQXS2Pmi0UtsAik+IKtJAoVcQ8J4qeT6agvN3sPLbBzbay3vxrTm5KwflIuTbKIbjJ6uloMWMJKNz/zGthtr9unNuR7s2AZwUcJrbqS+w6btH9VwOyYRypdz1TutcuIV44pdYbe8MbZwNymXBnSA17JD9Zv30bXQ5eGUQZ1FMbieQJaQQW6qoh2akSYmsI1iGlsWNk8fw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from CH3PR11MB7937.namprd11.prod.outlook.com (2603:10b6:610:12c::15) by SA1PR11MB6661.namprd11.prod.outlook.com (2603:10b6:806:255::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.11; Tue, 19 Mar 2024 06:39:16 +0000 Received: from CH3PR11MB7937.namprd11.prod.outlook.com ([fe80::f1a:a315:bd44:113d]) by CH3PR11MB7937.namprd11.prod.outlook.com ([fe80::f1a:a315:bd44:113d%5]) with mapi id 15.20.7409.010; Tue, 19 Mar 2024 06:39:16 +0000 From: "Dai, Jianhui J" To: FFmpeg development discussions and patches Thread-Topic: [FFmpeg-devel] [PATCH v1] avcodec/cbs_vp8: Improve the bitstream position check Thread-Index: AdpPI2nmVPdD6Fl2TZKSQ05lzo+fBAqBORkAACfxjxA= Date: Tue, 19 Mar 2024 06:39:15 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-traffictypediagnostic: CH3PR11MB7937:EE_|SA1PR11MB6661:EE_ x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Tib/aHyEu2w12cyOZmjxgJ3nTGM9gLa2CgOFnlpdEV1u21e55aWNf6lP2PgbHALx12xAzFwAuz/t4qvZxe7v1ZmyGO6aBEurX7iFEAAloul+RoE6Pq1V0L9fGTAXVp3lobmBLKoUZmVDMK7ImIM9hxjmDo9wXox8B5yicAWwwTiQuXbzaTc8OBMYjiMdP3tRaDkOUV+C9aVJLd3V0Vj3rc1udqJGz2y2CZslnsj0c1Eni8d0OtYyP3aBSMi4ztvxZDox6h0lCdDmKtTouPGY6SwehMZpnQ/DQXaDyd5fM6sarrMywyOVarMH510REJkq3MPdWXxq5mpL1dcXzvQQ4ipT+gF462or7TzKFQzPrsj+MDLi2GnvI1tOCWCK024/38N39vRvKBwQWzNhJ/B8L6mXOk0U+pXh2etXmjC1XrqDKQ9iQPnAwsAaeFOCPXJ0IxhKYhR4NCIs9SDKDht3dMohKsqZuHpVv4/BNutiSZHuRFNywSzKP7gR7h7cs/eHcNis2Lf8t/a0TA5hQm3hm2gDqi/ogHCDFiyPVqisPjbFoqJOp453m8YsZuELpp+Mt87uhrYNM4tIF3AlZUkZCnC6hL3opmSKm5L8ZyNQ36A= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH3PR11MB7937.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(1800799015)(376005)(366007); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?HqjdkGDD9f3AOQ41uiWzXGDrXIekXfqgHb5EMUWV2W9xU4jQaFbVxLwrXxJw?= =?us-ascii?Q?V6g47VEi0z4hxW6iKP809yRjlMlmvpndV4OHrK0wA6iFxAjuFYNVaucWGpXu?= =?us-ascii?Q?R1VQxqI4XLKKDnt4oOHFiPSU7twt1PpNlYSlfwHaZBeOoaUk3DBY02w6AxQ5?= =?us-ascii?Q?jLPJ1RIwAbmIjYSYw4kFlP//qfry0XuO8ljvu8Eji7MB/NVMIqmTe0JWsiKj?= =?us-ascii?Q?kzziflMgsIImjutri5CKMgKUmaGehJXhAzTYbtcRgAelhi8tRjzRqbHg+7gU?= =?us-ascii?Q?+uWtR/TiXVQp78mYrYA7iGB94XL2jEEhsGYlcJh2Fpeg+XQSd+qo5+lMoZiw?= =?us-ascii?Q?/B3lKMBlwgzsfkTN7F5p/zJytDWPIkKAYEui94jz95LXLf5I2zJmUgB3QAFM?= =?us-ascii?Q?v60wBRtWaco5uyI5NX6jyAvodzdXq6TuZGa6RkmtYGgqNJPQzCD8vurVI8j7?= =?us-ascii?Q?XSI41DZAYrQCkX+pE7zuVEaSfj24KC5XXJWIFA2viSvabDAUdRdC2zAZzp9h?= =?us-ascii?Q?f+SDLJMj5jpDJD26q3eSVIGtnWNIsOqirxyI6VoEDlj1A5c9k8jVVuKE9qib?= =?us-ascii?Q?vTCQVD5xxAcMmmQBV+/RDDFLV0xKlT9jOyRvdkUrhX9n8tV5ZZCFHmbNPOiF?= =?us-ascii?Q?r8Jzw4kw/Hw5Eq3hTf7VbGH64U3l0PawNAfBUk5XUQ5yorn+WnfIS3Ar91b4?= =?us-ascii?Q?PaJlysdJyoEAUXjm3xZMVGgnWZVAABMp7EAcn6KRmwmiczEDeFC0CDyVFmkh?= =?us-ascii?Q?+kQagXFy4/UJxj2jEJhabcYKWRdWeG15fKZq1Re1FXtxRE1KVsAvR9TZ9HlD?= =?us-ascii?Q?mOltZhWekdWCpIb990e+0ulRpJX92yUciwYbwUAnJLzozJDcYWIMIM8/0ihi?= =?us-ascii?Q?UbofzBUoV0yx2ILsI6ARuMjbWkYZ/lyt0i4GqAdwsYIVMhJXBJvD2mB2YKYd?= =?us-ascii?Q?S3Ud0hCfv9WwYWjFkVu5zLyVYWQFJ8Zy7dqfWs063wJkbWHIsLcb9g38YsOr?= =?us-ascii?Q?idLWchGnYHVotXfEhZDzCl2WxE9Jr3b3Ai7LPX9EVnPZe/thhxqkLnqUzxvz?= =?us-ascii?Q?BAHnaIFQFd/5O//KRVVIhfKLQiZEQyIVvhEFNlycgwGf0UsSP7xTVxW6z2fk?= =?us-ascii?Q?cSzpA9L01ir7e6T3tHEPFKD6I8KWOazD60dTF6e2YKH2ZlRe4+emnYcoL4x8?= =?us-ascii?Q?2/K5oywBbBR6jOp545KLbeuvu4u2iJxVQCaTKzOQZvQModoT2Q+4PnT3X4Im?= =?us-ascii?Q?78XSIWy+BskYytXj1r2SVlltfCek7GJMzd3z/m9SKu8uetlfeqoDd+aiMe3I?= =?us-ascii?Q?UftUlQw61B9QbSz6fri6ad1mOaTUMytoBxsuDJSeBU36Kh/dQifj/5QEg1MW?= =?us-ascii?Q?tus1yB+BhNmg0CEKaBt83XvHV2EEcYLb2wkdO+OkrzCS020a4jsEwOlDkFs4?= =?us-ascii?Q?lcLYLVWXOz9UPicXAdHuVVOiisBqDE9wRWtqE7DQhGIbYmfcC2q95ofpnxy7?= =?us-ascii?Q?osSJXxMJmj8TmsyF+/0ijTX/ry5xRpMNV1GbbGmO4gHTAEIDx8bEXEJzNouL?= =?us-ascii?Q?jkqesIosfIEPQlrINAztAu+Iv8Pv5Vo9oiU8BfYP?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CH3PR11MB7937.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4932a1f7-1672-4f1e-085f-08dc47df4c0e X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Mar 2024 06:39:15.8475 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: D9MXspjy2vAaULwpUjPrYQG2BCqGGhhHP89R1ncBFXNlu4dNGzCfxHBXyYHzWNyXk0PGIjaIwFfoF+c2Qta0zg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB6661 X-OriginatorOrg: intel.com Subject: Re: [FFmpeg-devel] [PATCH v1] avcodec/cbs_vp8: Improve the bitstream position check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: > -----Original Message----- > From: ffmpeg-devel On Behalf Of > Andreas Rheinhardt > Sent: Monday, March 18, 2024 7:35 PM > To: ffmpeg-devel@ffmpeg.org > Subject: Re: [FFmpeg-devel] [PATCH v1] avcodec/cbs_vp8: Improve the > bitstream position check > > Dai, Jianhui J: > > The VP8 compressed header may not be byte-aligned due to boolean > > coding. Use bitwise comparison to prevent the potential overread. > > > > Signed-off-by: Jianhui Dai > > --- > > libavcodec/cbs_vp8.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/libavcodec/cbs_vp8.c b/libavcodec/cbs_vp8.c index > > 065156c248..13acad3724 100644 > > --- a/libavcodec/cbs_vp8.c > > +++ b/libavcodec/cbs_vp8.c > > @@ -327,9 +327,10 @@ static int cbs_vp8_read_unit(CodedBitstreamContext > *ctx, > > if (err < 0) > > return err; > > > > + // Position may not be byte-aligned after compressed header; using bits > > + // count comparison for accuracy. > > pos = get_bits_count(&gbc); > > - pos /= 8; > > - av_assert0(pos <= unit->data_size); > > + av_assert0(pos <= unit->data_size * 8); > > (pos + 7U) / 8 seems better to avoid potential overflow issues (not an issue atm, > but if we ever were to use e.g. 64bit for bitcount of the GetBit API, then the > multiplication on the right could overflow a 32bit size_t). Thanks. Fixed it in PATCH v2. Please take a look. > > > > > frame->data_ref = av_buffer_ref(unit->data_ref); > > if (!frame->data_ref) > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org > with subject "unsubscribe". _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".