From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
To: ffmpeg-devel@ffmpeg.org
Subject: Re: [FFmpeg-devel] [PATCH v6] avcodec: add farbfeld encoder
Date: Wed, 5 Jun 2024 13:14:01 +0200
Message-ID: <GV1P250MB073720F6E3B9BD230C1666B78FF92@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM> (raw)
In-Reply-To: <ZmBFMr+o5TI1+B/x@mariano>
Stefano Sabatini:
> On date Wednesday 2024-06-05 12:02:08 +0200, Andreas Rheinhardt wrote:
>> Stefano Sabatini:
>>> On date Tuesday 2024-06-04 17:28:35 -0500, Marcus B Spencer wrote:
> [...]
>>>> +#define HEADER_SIZE 16
>>>> +
>>>> +static int farbfeld_encode_frame(AVCodecContext *ctx, AVPacket *pkt,
>>>> + const AVFrame *p, int *got_packet)
>>>> +{
>>>
>>>> + int raw_img_size = av_image_get_buffer_size(
>>>> + p->format,
>>>> + p->width,
>>>> + p->height,
>>>> + 1
>>>> + );
>>>
>>>> + int64_t buf_size = (int64_t)raw_img_size + HEADER_SIZE;
>>>
>>> not yet, this might change the sign for a negative raw_img_size, you
>>> need two separate checks (one is not enough), as in the following:
>>>
>>> int raw_img_size = av_image_get_buffer_size(p->format, p->width,p->height, 1);
>>>
>>> if (raw_image_size < 0)
>>> return raw_image_size;
>>>
>>> int buf_size = raw_img_size + HEADER_SIZE;
>>> if (buf_size < 0)
>>> return AVERROR(EINVAL);
>>
>
>> This is absolutely wrong: raw_img_size is nonnegative here as is
>> HEADER_SIZE and the addition will be performed as an int, so that
>> overflow would be UB which implies that the compiler can optimize this
>> check away.
>
> Correct, the following should avoid the UB if I'm not mistaken again:
>
> if (HEADER_SIZE > (INT_MAX - raw_img_size))
> return AVERROR(EINVAL);
> int buf_size = raw_img_size + HEADER_SIZE;
> ...
>
>> One does not need two checks as long as int is 32 bits (because then one
>> can just perform the addition in 64bits).
>
> sizeof(int) is not defined by the C standard, so you cannot assume it
> is 32 bits (even if on most platforms/compilers it will be)
>
Did you even read the following? It handles the case where simply using
64bits is not enough.
>> Just use the following (#if
>> has been used because compilers have a tendency to emit warnings if a
>> particular check is tautologically false):
>>
>> #if INT_MAX > INT64_MAX - HEADER_SIZE
>> if (raw_img_size > INT64_MAX - HEADER_SIZE)
>> return AVERROR(ERANGE);
>> #endif
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
next prev parent reply other threads:[~2024-06-05 11:14 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-04 22:28 Marcus B Spencer
2024-06-05 9:51 ` Stefano Sabatini
2024-06-05 10:02 ` Andreas Rheinhardt
2024-06-05 11:00 ` Stefano Sabatini
2024-06-05 11:14 ` Andreas Rheinhardt [this message]
2024-06-05 13:21 ` Stefano Sabatini
2024-06-05 13:22 ` Andreas Rheinhardt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=GV1P250MB073720F6E3B9BD230C1666B78FF92@GV1P250MB0737.EURP250.PROD.OUTLOOK.COM \
--to=andreas.rheinhardt@outlook.com \
--cc=ffmpeg-devel@ffmpeg.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git