From patchwork Thu Mar  7 01:45:12 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jun Zhao <mypopydev@gmail.com>
X-Patchwork-Id: 12230
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
X-Original-To: patchwork@ffaux-bg.ffmpeg.org
Delivered-To: patchwork@ffaux-bg.ffmpeg.org
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by ffaux.localdomain (Postfix) with ESMTP id B9D774478EC
	for <patchwork@ffaux-bg.ffmpeg.org>;
	Thu,  7 Mar 2019 03:45:25 +0200 (EET)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9150968A0FA;
	Thu,  7 Mar 2019 03:45:25 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-pg1-f174.google.com (mail-pg1-f174.google.com
	[209.85.215.174])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id EA61568053A
	for <ffmpeg-devel@ffmpeg.org>; Thu,  7 Mar 2019 03:45:18 +0200 (EET)
Received: by mail-pg1-f174.google.com with SMTP id 125so9670293pgc.12
	for <ffmpeg-devel@ffmpeg.org>; Wed, 06 Mar 2019 17:45:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id;
	bh=we+din31RzHCZkMm89gb0t6zr6RGj8GIljgxUYRILDo=;
	b=cS9qtF9Yo8i4rBpvXeRkrbcW4ctAsg9NvsfwpTd7TB0Vfz54ydm9l6qO+1bbfVLYh1
	mVx4WSC/BgutyL7qCq0lDBcuaX0F4nlx7JRLd1LKBov84ZcdP/5Gfe0/e9KQWho76rlr
	cCZfBoxtH/RBUiewY1BMKQ4GssCb0ixB+5Mnn/pS2UX4NuFXSJuGxoFWUyp41aCEkCxS
	vZfFkSiHhHaxuzeLeibP5V8ITvVfNpGmfP9g80kBh37hh4bTUZ1iNH/d8rL8QKuDqBn6
	yu5k1DYTDgJoBaQ7V8/V2fBK9GHeDoZTsed75SaUz7aBTRqqBj52JsECMDyiR2yOaV3z
	684A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=we+din31RzHCZkMm89gb0t6zr6RGj8GIljgxUYRILDo=;
	b=Acz5ylkffo1Ufy1scuuNqbi+0utJdts1OcftuZk1MruL6zl63v40fCQxegYIQVlzPL
	isq+tPmI5LVIosmuZjsKfpqfWEGItKlMu4+NV85XJWddw4et8gFlM7nW/lK8bT2SJv3W
	uYbH4IWoBRweowD1x8bImBMdCswigLBA3Or5iMCR9Is7eXvqfM22Q4AsPBzLL76RMSMX
	NngHZE0U8Hcl5hLCkZImZ8uNTdqo6j/eQ2qxughnG5ThaP6mCWaJ5ruIVF5zECodhD9X
	tNZGdMM1gixmv4yDDt9Z8nyPO7BG+1FxNEDkeR/Yye6R9dqCfLsX9Xrwkt4QTdj0duw+
	kr/A==
X-Gm-Message-State: APjAAAWRUg7u0xmQ90fv9xvIVTfhX2W++KQ0WGEM9tSwZlfx2lzSPM0p
	1/Hq5GyLiro0T0InMMLhdX0l85G7urU=
X-Google-Smtp-Source: 
 APXvYqyDkB6v0eKkQeAD8M4bEaejeiZyNyoYc7JvRebU8ciuxlv1FVOztIKMVB301XjgZtP3X3ZzFQ==
X-Received: by 2002:a65:64d5:: with SMTP id
	t21mr8954963pgv.266.1551923116991;
	Wed, 06 Mar 2019 17:45:16 -0800 (PST)
Received: from localhost.localdomain ([47.90.47.25])
	by smtp.gmail.com with ESMTPSA id
	63sm8279359pfs.65.2019.03.06.17.45.15
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 06 Mar 2019 17:45:16 -0800 (PST)
From: Jun Zhao <mypopydev@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Thu,  7 Mar 2019 09:45:12 +0800
Message-Id: <1551923112-22459-1-git-send-email-mypopydev@gmail.com>
X-Mailer: git-send-email 1.7.1
Subject: [FFmpeg-devel] [PATCH V3] lavfi/nlmeans: Checking number precision
	when computing integral images
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: Jun Zhao <barryjzhao@tencent.com>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

From: Jun Zhao <barryjzhao@tencent.com>

accumulation of 8-bits uint_8 (uint8_t *src) into 32-bits (uint32_t *ii)
data type, it will have a risk of an integral value becoming larger than
the 32-bits integer capacity and resulting in an integer overflow. For
this risk, add a checking with warning message.

Signed-off-by: Jun Zhao <barryjzhao@tencent.com>
---
 libavfilter/vf_nlmeans.c |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/libavfilter/vf_nlmeans.c b/libavfilter/vf_nlmeans.c
index dcb5a03..9876aae 100644
--- a/libavfilter/vf_nlmeans.c
+++ b/libavfilter/vf_nlmeans.c
@@ -236,6 +236,13 @@ static void compute_ssd_integral_image(const NLMeansDSPContext *dsp,
     // adjusted end x position of the safe area after width of the safe area gets aligned
     const int endx_safe = startx_safe + safe_pw;
 
+    // accumulation of 8-bits uint_8 (uint8_t *src) into 32-bits (uint32_t *ii)
+    // data type, it will have a risk of an integral value becoming larger than
+    // the 32-bits integer capacity and resulting in an integer overflow.
+    if ((UINT32_MAX / (uint64_t)w) < (255 * (uint64_t)h))
+        av_log(NULL, AV_LOG_WARNING,
+               "image (%d x %d) integral value may overflow.\n", w ,h);
+
     // top part where only one of s1 and s2 is still readable, or none at all
     compute_unsafe_ssd_integral_image(ii, ii_linesize_32,
                                       0, 0,