From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 2735E4B407 for ; Wed, 5 Jun 2024 11:00:13 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4341768D723; Wed, 5 Jun 2024 14:00:11 +0300 (EEST) Received: from mail-ej1-f46.google.com (mail-ej1-f46.google.com [209.85.218.46]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C63E768D6EC for ; Wed, 5 Jun 2024 14:00:04 +0300 (EEST) Received: by mail-ej1-f46.google.com with SMTP id a640c23a62f3a-a6266ffdba8so213850166b.1 for ; Wed, 05 Jun 2024 04:00:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717585204; x=1718190004; darn=ffmpeg.org; h=user-agent:in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:to:from:date:from:to:cc:subject :date:message-id:reply-to; bh=FHt5rcBIWYYWn/Reinzb1/KRIkqmVxu47DGLbUrDACw=; b=Mjq4quXIfuiHis80lpVre968ZiVOH+A3oYrHm8wN7Ak1uVJIdeuDEe+YUs62QZdU+q 3MSEAn/km/NxSzAc99TPkom+El19kbmxZMPR/qQ2ZUtTB4VzknXqBk4sswxchIKXB6+i MXtjBBpWFeZswZ8BR7tZVjF+nmpmdpuTI3qR7c+AIS6ATLyqQX/Ok4nTh4TrZA4PN8dz Y9MfsP8dIcolEokgB5QjgmNHIABo6HARQWm4nTGD5wfjkb3pUglps6o/xHTA7QQYzHb2 BsFesb5vbw971JTz+f1cQ1SriAKRBdvX2MZz+3scfv5ZCS+LCZEhbsWHFIPxqsUsktJQ i84A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717585204; x=1718190004; h=user-agent:in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=FHt5rcBIWYYWn/Reinzb1/KRIkqmVxu47DGLbUrDACw=; b=vOWrgfpD+Q27mMnRaV5DeI5nuHmjXwSzZMtThQLZATBYd8juENTHd22I9GUmr65ek2 miMn99woTPXVMP95G+vrNosLeY1XFKPAchbHemGlorOlzfjTQhNKkMvh8GZ0bZU+x+k6 zlQ7nGT5Dl8lmtDCK0FdFb/SobDu6QFPpQ5DNLAv4wYR5lYfM+wzU4lyyjwpcVhJDAxx u8DROa6j1f/SSFOcBd5dxHweWWd3NkPQjaVhcFJp90Xr7sWPVQC0BjKt78duVcZKObWa P58nBynj3QttPxihnUs3CP29fxlidv0T0yoSTcL+nnvC14M63ev8jEDSiYh2SqYd0z4T U8pQ== X-Gm-Message-State: AOJu0YwvWgDx9Mmz9maRqAcOc1i0jAozQ5m+xkgRlnQMXcf/CxUA+cJv gduNExLq2CFlA83GQ86VjnGcpJ6U43o5P+LwHAfhokKUMCHGfSusi4GmjA== X-Google-Smtp-Source: AGHT+IFan/rrG2YQoLdv02DFd/0TmUjIy3kbJ23VRNe4aATsRl0MHVODpOn4oIIVDyqYmEqE0vD6Ew== X-Received: by 2002:a17:906:4915:b0:a66:d1a1:f92f with SMTP id a640c23a62f3a-a699f34da1emr147742366b.14.1717585203494; Wed, 05 Jun 2024 04:00:03 -0700 (PDT) Received: from mariano (dynamic-adsl-84-220-189-10.clienti.tiscali.it. [84.220.189.10]) by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a69089e774csm431603866b.8.2024.06.05.04.00.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 05 Jun 2024 04:00:03 -0700 (PDT) Received: by mariano (Postfix, from userid 1000) id 204F8BFCE8; Wed, 5 Jun 2024 13:00:02 +0200 (CEST) Date: Wed, 5 Jun 2024 13:00:02 +0200 From: Stefano Sabatini To: FFmpeg development discussions and patches Message-ID: Mail-Followup-To: FFmpeg development discussions and patches References: <20240604222835.166462-1-marcus@marcusspencer.xyz> MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: User-Agent: Mutt/2.1.4 (2021-12-11) Subject: Re: [FFmpeg-devel] [PATCH v6] avcodec: add farbfeld encoder X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On date Wednesday 2024-06-05 12:02:08 +0200, Andreas Rheinhardt wrote: > Stefano Sabatini: > > On date Tuesday 2024-06-04 17:28:35 -0500, Marcus B Spencer wrote: [...] > >> +#define HEADER_SIZE 16 > >> + > >> +static int farbfeld_encode_frame(AVCodecContext *ctx, AVPacket *pkt, > >> + const AVFrame *p, int *got_packet) > >> +{ > > > >> + int raw_img_size = av_image_get_buffer_size( > >> + p->format, > >> + p->width, > >> + p->height, > >> + 1 > >> + ); > > > >> + int64_t buf_size = (int64_t)raw_img_size + HEADER_SIZE; > > > > not yet, this might change the sign for a negative raw_img_size, you > > need two separate checks (one is not enough), as in the following: > > > > int raw_img_size = av_image_get_buffer_size(p->format, p->width,p->height, 1); > > > > if (raw_image_size < 0) > > return raw_image_size; > > > > int buf_size = raw_img_size + HEADER_SIZE; > > if (buf_size < 0) > > return AVERROR(EINVAL); > > This is absolutely wrong: raw_img_size is nonnegative here as is > HEADER_SIZE and the addition will be performed as an int, so that > overflow would be UB which implies that the compiler can optimize this > check away. Correct, the following should avoid the UB if I'm not mistaken again: if (HEADER_SIZE > (INT_MAX - raw_img_size)) return AVERROR(EINVAL); int buf_size = raw_img_size + HEADER_SIZE; ... > One does not need two checks as long as int is 32 bits (because then one > can just perform the addition in 64bits). sizeof(int) is not defined by the C standard, so you cannot assume it is 32 bits (even if on most platforms/compilers it will be) > Just use the following (#if > has been used because compilers have a tendency to emit warnings if a > particular check is tautologically false): > > #if INT_MAX > INT64_MAX - HEADER_SIZE > if (raw_img_size > INT64_MAX - HEADER_SIZE) > return AVERROR(ERANGE); > #endif _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".