[FFmpeg-devel] lavc/gifdec: Do not error out on resolution bigger than screen size

Submitted by Carl Eugen Hoyos on Nov. 27, 2017, 2:05 a.m.

Details

Message ID CAB0OVGrXfMF07wU+RTtxuoZqi-N8apdno=sqViW_394Ek6nhww@mail.gmail.com
State Superseded
Headers show

Commit Message

Carl Eugen Hoyos Nov. 27, 2017, 2:05 a.m.
Hi!

Attached patch fixes ticket #6874 for me.
I don't think it makes much sense to discuss what the specification
means with "logical screen size" and "raster screen size" and
"physical display": Not only do other decoders accept such files, our
decoder already contains the necessary code to crop the image.
I believe that it could at least be argued that the specification
allows such files.

Please comment, Carl Eugen

Comments

Michael Niedermayer Nov. 27, 2017, 12:29 p.m.
On Mon, Nov 27, 2017 at 03:05:27AM +0100, Carl Eugen Hoyos wrote:
> Hi!
> 
> Attached patch fixes ticket #6874 for me.
> I don't think it makes much sense to discuss what the specification
> means with "logical screen size" and "raster screen size" and
> "physical display": Not only do other decoders accept such files, our
> decoder already contains the necessary code to crop the image.
> I believe that it could at least be argued that the specification
> allows such files.
> 
> Please comment, Carl Eugen

>  gifdec.c |    4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 120f9d9fde11cb243440c9c4ba2051904bfc2c9c  0001-lavc-gifdec-Do-not-error-out-if-resolution-is-bigger.patch
> From 47f5d312461a0d30cd1e70d819ae1daefbb5eebb Mon Sep 17 00:00:00 2001
> From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
> Date: Mon, 27 Nov 2017 02:57:50 +0100
> Subject: [PATCH] lavc/gifdec: Do not error out if resolution is bigger than
>  screen dimension.
> 
> This is what other decoders do.
> 
> Fixes ticket #6874.

this makes the decoder crash

[gif @ 0x25588b40] LZW decode failed
[gif @ 0x25588b40] LZW decode failedtime=00:00:00.10 bitrate=N/A speed=0.171x
    Last message repeated 2 times
[gif @ 0x25588b40] Image too wide by 16384, truncating.
==1782== Invalid write of size 1
==1782==    at 0x978928: ff_lzw_decode (in ffmpeg/ffmpeg_g)
==1782==    by 0x893C47: gif_decode_frame (in ffmpeg/ffmpeg_g)
==1782==    by 0x7F8976: decode_receive_frame_internal (in ffmpeg/ffmpeg_g)
==1782==    by 0x7F9537: avcodec_send_packet (in ffmpeg/ffmpeg_g)
==1782==    by 0x4C93CB: decode_video (in ffmpeg/ffmpeg_g)
==1782==    by 0x4CC332: process_input (in ffmpeg/ffmpeg_g)
==1782==    by 0x4AB176: main (in ffmpeg/ffmpeg_g)
==1782==  Address 0x257565db is 0 bytes after a block of size 91 alloc'd
==1782==    at 0x4C2A6C5: memalign (vg_replace_malloc.c:727)
==1782==    by 0x4C2A760: posix_memalign (vg_replace_malloc.c:876)
==1782==    by 0x108446C: av_fast_malloc (in ffmpeg/ffmpeg_g)
==1782==    by 0x8937D3: gif_decode_frame (in ffmpeg/ffmpeg_g)
==1782==    by 0x7F8976: decode_receive_frame_internal (in ffmpeg/ffmpeg_g)
==1782==    by 0x7F9537: avcodec_send_packet (in ffmpeg/ffmpeg_g)
==1782==    by 0x4C93CB: decode_video (in ffmpeg/ffmpeg_g)
==1782==    by 0x4CC332: process_input (in ffmpeg/ffmpeg_g)
==1782==    by 0x4AB176: main (in ffmpeg/ffmpeg_g)


[...]

Patch hide | download patch | download mbox

From 47f5d312461a0d30cd1e70d819ae1daefbb5eebb Mon Sep 17 00:00:00 2001
From: Carl Eugen Hoyos <ceffmpeg@gmail.com>
Date: Mon, 27 Nov 2017 02:57:50 +0100
Subject: [PATCH] lavc/gifdec: Do not error out if resolution is bigger than
 screen dimension.

This is what other decoders do.

Fixes ticket #6874.
---
 libavcodec/gifdec.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/gifdec.c b/libavcodec/gifdec.c
index 2eeed4c..59d866b 100644
--- a/libavcodec/gifdec.c
+++ b/libavcodec/gifdec.c
@@ -179,11 +179,11 @@  static int gif_read_image(GifState *s, AVFrame *frame)
     }
 
     /* verify that all the image is inside the screen dimensions */
-    if (!width || width > s->screen_width || left >= s->screen_width) {
+    if (!width || left >= s->screen_width) {
         av_log(s->avctx, AV_LOG_ERROR, "Invalid image width.\n");
         return AVERROR_INVALIDDATA;
     }
-    if (!height || height > s->screen_height || top >= s->screen_height) {
+    if (!height || top >= s->screen_height) {
         av_log(s->avctx, AV_LOG_ERROR, "Invalid image height.\n");
         return AVERROR_INVALIDDATA;
     }
-- 
1.7.10.4