[FFmpeg-devel,4/4] avcodec/photocd: Use ff_set_dimensions()

Message ID	20200920202608.11653-4-michael@niedermayer.cc
State	Accepted
Commit	34df97b0886c728e1ae430a7de8b3dfd2f1a5744
Headers	show Return-Path: <ffmpeg-devel-bounces@ffmpeg.org> From: Michael Niedermayer <michael@niedermayer.cc> To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> Date: Sun, 20 Sep 2020 22:26:08 +0200 Message-Id: <20200920202608.11653-4-michael@niedermayer.cc> In-Reply-To: <20200920202608.11653-1-michael@niedermayer.cc> References: <20200920202608.11653-1-michael@niedermayer.cc> Subject: [FFmpeg-devel] [PATCH 4/4] avcodec/photocd: Use ff_set_dimensions() Precedence: list Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Series	[FFmpeg-devel,1/4] avformat/wvdec: Check rate for overflow \| expand [FFmpeg-devel,1/4] avformat/wvdec: Check rate for overflow [FFmpeg-devel,2/4] avformat/vividas: Check for EOF in first loop in track_header() [FFmpeg-devel,3/4] avformat/moflex: Check pop_int() for overflow [FFmpeg-devel,4/4] avcodec/photocd: Use ff_set_dimensions()

Message ID

20200920202608.11653-4-michael@niedermayer.cc

State

Accepted

Commit

34df97b0886c728e1ae430a7de8b3dfd2f1a5744

Headers

From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun, 20 Sep 2020 22:26:08 +0200
Message-Id: <20200920202608.11653-4-michael@niedermayer.cc>
In-Reply-To: <20200920202608.11653-1-michael@niedermayer.cc>
References: <20200920202608.11653-1-michael@niedermayer.cc>
Subject: [FFmpeg-devel] [PATCH 4/4] avcodec/photocd: Use ff_set_dimensions()
Precedence: list
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Series

[FFmpeg-devel,1/4] avformat/wvdec: Check rate for overflow | expand

Context	Check	Description
andriy/default	pending
andriy/make	success	Make finished
andriy/make_fate	success	Make fate finished

Context

Check

Description

andriy/default

pending

andriy/make

success

Make finished

andriy/make_fate

success

Make fate finished

Commit Message

Michael Niedermayer Sept. 20, 2020, 8:26 p.m. UTC

Fixes: out of memory
Fixes: 25588/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PHOTOCD_fuzzer-6612945080156160

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/photocd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Paul B Mahol Sept. 20, 2020, 10:28 p.m. UTC | #1

On Sun, Sep 20, 2020 at 10:26:08PM +0200, Michael Niedermayer wrote:
> Fixes: out of memory
> Fixes: 25588/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PHOTOCD_fuzzer-6612945080156160
> 
> Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavcodec/photocd.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/libavcodec/photocd.c b/libavcodec/photocd.c
> index 057c9d33d4..07f10e28b7 100644
> --- a/libavcodec/photocd.c
> +++ b/libavcodec/photocd.c
> @@ -324,8 +324,9 @@ static int photocd_decode_frame(AVCodecContext *avctx, void *data,
>      else
>          s->resolution = av_clip(4 - s->lowres, 0, 4);
>  
> -    avctx->width  = img_info[s->resolution].width;
> -    avctx->height = img_info[s->resolution].height;
> +    ret = ff_set_dimensions(avctx, img_info[s->resolution].width, img_info[s->resolution].height);
> +    if (ret < 0)
> +        return ret;
>  
>      if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0)
>          return ret;

Why is this needed at all, dimensions are alway static and completely allocable.

Michael Niedermayer Oct. 10, 2020, 11 a.m. UTC | #2

On Mon, Sep 21, 2020 at 12:28:37AM +0200, Paul B Mahol wrote:
> On Sun, Sep 20, 2020 at 10:26:08PM +0200, Michael Niedermayer wrote:
> > Fixes: out of memory
> > Fixes: 25588/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PHOTOCD_fuzzer-6612945080156160
> > 
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > ---
> >  libavcodec/photocd.c | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> > 
> > diff --git a/libavcodec/photocd.c b/libavcodec/photocd.c
> > index 057c9d33d4..07f10e28b7 100644
> > --- a/libavcodec/photocd.c
> > +++ b/libavcodec/photocd.c
> > @@ -324,8 +324,9 @@ static int photocd_decode_frame(AVCodecContext *avctx, void *data,
> >      else
> >          s->resolution = av_clip(4 - s->lowres, 0, 4);
> >  
> > -    avctx->width  = img_info[s->resolution].width;
> > -    avctx->height = img_info[s->resolution].height;
> > +    ret = ff_set_dimensions(avctx, img_info[s->resolution].width, img_info[s->resolution].height);
> > +    if (ret < 0)
> > +        return ret;
> >  
> >      if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0)
> >          return ret;
> 
> Why is this needed at all, dimensions are alway static and completely allocable.

ff_set_dimensions() sets more than width and height, for example 
it also sets coded_width and coded_height. And it checks dimension validity and
compliance to the users requirements.
There are multiple things here the previous code failed to do and which could
cause problems.

I would suggest to simply always use ff_set_dimensions().

Thanks


[...]

Michael Niedermayer Oct. 18, 2020, 6:33 p.m. UTC | #3

On Sat, Oct 10, 2020 at 01:00:14PM +0200, Michael Niedermayer wrote:
> On Mon, Sep 21, 2020 at 12:28:37AM +0200, Paul B Mahol wrote:
> > On Sun, Sep 20, 2020 at 10:26:08PM +0200, Michael Niedermayer wrote:
> > > Fixes: out of memory
> > > Fixes: 25588/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_PHOTOCD_fuzzer-6612945080156160
> > > 
> > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> > > ---
> > >  libavcodec/photocd.c | 5 +++--
> > >  1 file changed, 3 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/libavcodec/photocd.c b/libavcodec/photocd.c
> > > index 057c9d33d4..07f10e28b7 100644
> > > --- a/libavcodec/photocd.c
> > > +++ b/libavcodec/photocd.c
> > > @@ -324,8 +324,9 @@ static int photocd_decode_frame(AVCodecContext *avctx, void *data,
> > >      else
> > >          s->resolution = av_clip(4 - s->lowres, 0, 4);
> > >  
> > > -    avctx->width  = img_info[s->resolution].width;
> > > -    avctx->height = img_info[s->resolution].height;
> > > +    ret = ff_set_dimensions(avctx, img_info[s->resolution].width, img_info[s->resolution].height);
> > > +    if (ret < 0)
> > > +        return ret;
> > >  
> > >      if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0)
> > >          return ret;
> > 
> > Why is this needed at all, dimensions are alway static and completely allocable.
> 
> ff_set_dimensions() sets more than width and height, for example 
> it also sets coded_width and coded_height. And it checks dimension validity and
> compliance to the users requirements.
> There are multiple things here the previous code failed to do and which could
> cause problems.
> 
> I would suggest to simply always use ff_set_dimensions().

will apply patch


[...]

diff --git a/libavcodec/photocd.c b/libavcodec/photocd.c
index 057c9d33d4..07f10e28b7 100644
--- a/libavcodec/photocd.c
+++ b/libavcodec/photocd.c
@@ -324,8 +324,9 @@  static int photocd_decode_frame(AVCodecContext *avctx, void *data,
     else
         s->resolution = av_clip(4 - s->lowres, 0, 4);
 
-    avctx->width  = img_info[s->resolution].width;
-    avctx->height = img_info[s->resolution].height;
+    ret = ff_set_dimensions(avctx, img_info[s->resolution].width, img_info[s->resolution].height);
+    if (ret < 0)
+        return ret;
 
     if ((ret = ff_thread_get_buffer(avctx, &frame, 0)) < 0)
         return ret;

[FFmpeg-devel,4/4] avcodec/photocd: Use ff_set_dimensions()

Checks

Commit Message

Comments

Patch