From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id A906945EFC for ; Sun, 17 Sep 2023 00:08:31 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A9C2168C7F2; Sun, 17 Sep 2023 03:08:28 +0300 (EEST) Received: from EUR03-DBA-obe.outbound.protection.outlook.com (mail-dbaeur03olkn2032.outbound.protection.outlook.com [40.92.58.32]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 19EEF68C464 for ; Sun, 17 Sep 2023 03:08:23 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Idh6rpd7SeHVdWj97560CPS8NdUBuPBhiPzxceKbsDROWyUX2JAa/v8WpMkLSQ59cArIn2mm2MRQytkRW0NvENw4LpHBxRFJl5E0rOUS+4dJjIsFr1GlLH52FFKTJFJNQsxVQCj0ctA3Dvlf8cZseOcsHa2TwMIjevIhp9z188teD29PwJ/nUGHlqHN3trKYdhq+8x7v4XOYH5zGSA2BThzn6/JB/GTPVcYpRR9j+rrXbPoDqUV7MoP/SVDee2FP1DIpTRGscDoLqVpjlQHOGKYszEtfH4xCaVN5c3ur7RiOiaFRsZWMBoF1cnciGP9oLjuOS5PcFa3Hp1SaHsi1Yw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9cB/ofeq+kZgzYMzDDXmaxK3dL56XbLCwwFKtrNRmOc=; b=d3kOdxq+lJfzBrATI5Bn0WvtWzlsSATX/Atkxdjq7vkn3z9+6bU/C/yYXsweZxGix0ATrWKd2UzpqDP+eP+x3E6+GM0wTmqDmqNcZunxGyhyBG4abhdCfiwLZPZYEAoGnmjk3RLqAfAiGNffhSlSMoeRazEbfJtF9+V08WDKdvQdC9s1dJXMXgduS/PfarJikLWRXVqFCpz1DNpbdj6VfVPLvH2CB2tB/Fbl0X1YvqUI0qqAskzVy7d/kAnWSuZA20gAWiehFJvoKy89tMRyTGeSQpljvzx9vBkfqmPmg9HGgQEjCXpDGsogaxlWwMuVqOhG/GPk/aMoFDPOEx2nmg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9cB/ofeq+kZgzYMzDDXmaxK3dL56XbLCwwFKtrNRmOc=; b=MJO5SA/Mbe3t/yTWHSB+HNPaZhFQhxnUeD+qUhvD0wUl2//bHwaTrEd3OkeVW5svL3N/vMxhJAsKNFGWKYqkLKK1+T7Y1vXu1s+u4muN9+cZIeaNDsqyQmn36z0Z4MK38/szc6IfIv7G0FWd7TI00M+FZaCCyaaKaRS6xRE6RdkO+oCcRB+uFNYCagRUBluzrYrk5n02avofUEQ4Cz6EOPify7QnMgELbTrkxevVXuVXEPTueBKijGPlTKzVyvykaC0lyHGPA+Nf0awH/tn6Tnz3J5iZPm7ka3BsH8/ZGUP1xETC5TYHIqSx2wjvxF6UbjmHbPlygzrNOC0V31xCtQ== Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) by PR3P250MB0049.EURP250.PROD.OUTLOOK.COM (2603:10a6:102:14c::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.24; Sun, 17 Sep 2023 00:08:21 +0000 Received: from GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::3fff:eb7b:b8e2:4dba]) by GV1P250MB0737.EURP250.PROD.OUTLOOK.COM ([fe80::3fff:eb7b:b8e2:4dba%4]) with mapi id 15.20.6792.023; Sun, 17 Sep 2023 00:08:21 +0000 Message-ID: Date: Sun, 17 Sep 2023 02:09:34 +0200 To: ffmpeg-devel@ffmpeg.org References: Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: X-TMN: [ZH4Q3gvKtJgLtPrEseRzF+5WevRctWeF] X-ClientProxiedBy: ZR0P278CA0186.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:44::7) To GV1P250MB0737.EURP250.PROD.OUTLOOK.COM (2603:10a6:150:8e::17) X-Microsoft-Original-Message-ID: <94f46945-90a3-5e3b-1c5b-4a94c46fb983@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: GV1P250MB0737:EE_|PR3P250MB0049:EE_ X-MS-Office365-Filtering-Correlation-Id: 52417e08-d905-4962-7f3e-08dbb71233a7 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: UfGj7Vcj+Vnae5HnPBVdLNoKK50PDKNUBlcAoYn31ZczB6rA4bCtqw6zwkI9l4EFNEDMiOW8CKhD+LiNqluZhqzZSlOb5UGU6OWW9QA0tzJ4YFWVFncNpla+5V6xhaYOk7IuR2yS3EmDXqipiOaCBsSbCQWl9YAdnnPbOyKc5f+LMMuTxAcAeqSaqbUJmZYpwiUcTMKb4u0Ln4RKUyZS2VUcrucW8tS4sQOHPC+8tjvFAz2REEexYUjvYEK/9FAUTATtaYaE8taCbbnFgDw9Kf8dF9ISoYPaS126RmMQ/u3KHGBWfeYJ+Umjt0kl5W48XBX5XN/rHrZq3YnAV7R4L4I6YSIlgtV9U8S0OoWap3HLO+xIg4kGINa7cLv1FUaBD2E651xzeFie1VZd2rP6Km49BKj/NYLwsYF61KBg0FcfInVfTX9QbITRhmkj2v65DIuc8A2y5lSHucLhAEfKn/0dGVQRfDTMUdytPVaBY1w/eyzlHYKAWUCrLPk5vSQcaiFw7WoVHk+qw81kCD6j9vF33iu1rDjTwgvWv4npQuq0H2HRXlsQWRJuVp0xNXZe X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ak1uakpEVkY3Zk83ZjZLOC9PMk4wV2szRXFBM3FhQVlqYlNCYUs1MTY5Wnlr?= =?utf-8?B?a2p0TG9QUmxOT0k0WUQ1K1Nkd1RLelNqYWV5VkJCV0V2T3locDBERG5SOFNv?= =?utf-8?B?NWtXVlhWdmpWUG5OTjV0YnNBVXlETDg0UzZnRkdqTHJCVTN3azBTSldDWXZO?= =?utf-8?B?U2JVYWpQRVk5S0VaZlllZ3BNSWJMSU1xWS94NzI3STBBRTJwV0lSK2UzMXBC?= =?utf-8?B?aFU2RUpQY0VxZ0ZXb3JXNktEU08xazlteGpnaXVPbXUySTJZRm1MOWtmMSsx?= =?utf-8?B?VGExUkFrOXVaZ2RNdkdwZGE0dWpQM0FWL3c2Q0dtVlJqSlZmY2RucGVUNnR5?= =?utf-8?B?UHFDNmtSeUxIeHB6NW9ZZE1TVlBYa09zSWg0K3BOT0QwUWNRZytjS0RmYjg2?= =?utf-8?B?dy9rY0NVb21FRnQ0MkRGU3dJT1FrRGpvWk5hMURwRUdRSWFTYnVXS1daVG1G?= =?utf-8?B?SDVTcHBOejVwNzE2a1JWTWE0OExjZXMyeXFxeEpsbkkveG90Z0ZjRXFrMGgv?= =?utf-8?B?ekZUQU5kWWkyYmpObUhEc2NuWWJpTDk2NGg1NERyMXFmOSt5QXdwcVpVWVlY?= =?utf-8?B?a0tUcm1ySWFyeDJsRTVtLzVrd0swdUk5MXhsVjAwUWRNbU5FdnU1RXNZWEJ3?= =?utf-8?B?RWFOeDhEMm9tWUkxdWsyaG9SUTJlMnhzcHpmaWpnRkdlc1I4ODVyMUZqdHdz?= =?utf-8?B?cVI1amJaSHZJdGZZTVY5QnhzUWdDbWY0cW12RXlscmh6WFh1YjhRWVV5RWZ1?= =?utf-8?B?T2JOdDNqMXUzSGZyYWZrOGY3dlFSYVoyaXNPaG1QM0pnUzJ6QnlmWUNQZUlM?= =?utf-8?B?cTYvS1dnSmpsemZlaDJvSXl2MllheGlCUk03VWUvTjRZZUpzUlVKVWJVZDBj?= =?utf-8?B?YTlsQ0c0a09qaGJIa0tRSmdGTVRIanZ2L0EwTXU2Q056SStkZ1h2amd0VmNa?= =?utf-8?B?OGNlWDcxTTJ0Q3dRdUZVVUg3T2x3dkd6a0FvV1Vab01IOG1xRE5GYVhtaGlQ?= =?utf-8?B?a0JISEV0ZHpBY2J5T0JUaERpVTRkcHp4RVZTZW5CUEowdFhUb2U1ZVRROTRy?= =?utf-8?B?S0FjWXVzK0xXaVB3YmswdGpzNkpKWHY2aytCMU1JV1o0aGJ4emlZZFQ2VVFs?= =?utf-8?B?bW9PaUl2cXp2N0JSd3Flc2hSdDl5a2Y1SkVxSVZnR3ExM3FzZVNIN2l1RnV2?= =?utf-8?B?RUh3Y2J0ZlFxaEh6a3ZGRHpOYVpRUzF2TlczMDRUYkxRNEs2NklPcldsT3V2?= =?utf-8?B?ZlBTSmx5aHJxMGJVVDlkN3pUMXlub2VPditYWmZQbHhHSjlCQVFyMnVjZUJ4?= =?utf-8?B?c3R1ekwwZWhxQ2djUVo2WGVzN2R0am5YV01OQ1VEOTZrTlJYRFpHZko3ejNH?= =?utf-8?B?amJCQVFvaTVWam5hcjRHYjNaVDZvclpOWDJwV1E3allTWG5EUm5ta0VnMCtF?= =?utf-8?B?bEZwdWZFSVoxRE1rZWp5ZEJFV0diN21oWElkdGt3PT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 52417e08-d905-4962-7f3e-08dbb71233a7 X-MS-Exchange-CrossTenant-AuthSource: GV1P250MB0737.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Sep 2023 00:08:21.0523 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P250MB0049 Subject: Re: [FFmpeg-devel] [PATCH 4/6] avcodec/vp3: Fix undefined pointer arithmetic X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Andreas Rheinhardt: > When decoding a keyframe, last_frame and golden_frame are > not used at all and (at least when starting decoding) > are not set at all. But due to code sharing pointer arithmetic > on the NULL data-pointers of these frames has nevertheless > been performed. This is undefined behaviour and causes e.g. > "runtime error: applying non-zero offset 173440 to null pointer" > from UBSan in the vp31, vp4, theora-coeff-level64 and theora-offset > FATE-tests. > > Fix this by reusing the current frame for unavailable frames. > > Signed-off-by: Andreas Rheinhardt > --- > libavcodec/vp3.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c > index 33c120a58e..5ce1ecfce7 100644 > --- a/libavcodec/vp3.c > +++ b/libavcodec/vp3.c > @@ -2056,6 +2056,14 @@ static void render_slice(Vp3DecodeContext *s, int slice) > { > int16_t *block = s->block; > int motion_x = 0xdeadbeef, motion_y = 0xdeadbeef; > + /* When decoding keyframes, the earlier frames may not be available, > + * so to avoid using undefined pointer arithmetic on them we just > + * use the current frame instead. Nothing is ever read from these > + * frames in case of a keyframe. */ > + const AVFrame *last_frame = s->last_frame.f->data[0] ? > + s->last_frame.f : s->current_frame.f; > + const AVFrame *golden_frame = s->golden_frame.f->data[0] ? > + s->golden_frame.f : s->current_frame.f; > int motion_halfpel_index; > int first_pixel; > > @@ -2065,9 +2073,9 @@ static void render_slice(Vp3DecodeContext *s, int slice) > for (int plane = 0; plane < 3; plane++) { > uint8_t *output_plane = s->current_frame.f->data[plane] + > s->data_offset[plane]; > - const uint8_t *last_plane = s->last_frame.f->data[plane] + > + const uint8_t *last_plane = last_frame->data[plane] + > s->data_offset[plane]; > - const uint8_t *golden_plane = s->golden_frame.f->data[plane] + > + const uint8_t *golden_plane = golden_frame->data[plane] + > s->data_offset[plane]; > ptrdiff_t stride = s->current_frame.f->linesize[plane]; > int plane_width = s->width >> (plane && s->chroma_x_shift); Will apply the remaining patches of this patchset tomorrow unless there are objections. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".