From patchwork Thu Mar 8 01:48:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jerome Martinez X-Patchwork-Id: 7855 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.2.181.170 with SMTP id m39csp244354jaj; Wed, 7 Mar 2018 17:48:23 -0800 (PST) X-Google-Smtp-Source: AG47ELvmc8o33efujmlNV0Z5w6YVN82EF9yJ4bSPNEetCfEZFrd8TpplDtdJWR76E6WRkziQPlMn X-Received: by 10.223.187.72 with SMTP id x8mr19905311wrg.217.1520473703050; Wed, 07 Mar 2018 17:48:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520473703; cv=none; d=google.com; s=arc-20160816; b=0H7TYrEI4z+y5JA8HbZ1Ihja6bp3nBNNk0YsiOHjIKoelYrIWz7sN8hXAfvpTza7N0 DwT5TG6uCVuXJ00NoESxuOMKLzLrkUbOYtNXTjxHQMWXgHwMAeX7TUaiS52TFhqLXVpQ t3gcmjF6L0xJdT0nz2U1Yk4UGj/9CPIDymVrRYkOzw6w1c95NKfrAj6Ul9Ath/PGIYtS gMmvty8gIuUZTVcoej9pyVOfU7m6ZzL5KI2ZJxuJqfU4o6vuEirnLnhkC/z5BfFI7VeZ bAnEXwb3DALn+TCeEUu72UZg4fqlV+k2rdx+gqvmWk8FqNNAZOKtfEcfshm161kptAJo duMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence:subject :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:delivered-to :arc-authentication-results; bh=Pb08js1YNz8Nzeha2VJedxjeumIc6v4wAZnyzCTHP94=; b=RXcmDSxzpoZRSndXzxjThbYFj40g2/7JUgqxj28ZfQNYfsHi/TUpE7RCL3btmSrJwa njS6gdaegqBKTgjSXZo5U8i1QqsVLPz2soEiRVl+ra+xAxQGh45YEKNCodISY8wiC16e QPUAUX3cssYQS8RzDcs1jblLxu8h91mPIIbYyGAGSyUBJBGod4HsV587Gxpu0woXD884 38jYvUC8I61gZIPafaM2+zw7yP6tEqy4wX5geyHqsOgoaMUmDpobUmSTxpG6d5R0gEsf SM99X0CZ3cQrVSqLvJzxClGvciKN40Df539OKnENg2b4H1JZv+JjmRlNyf89+V1qhyD3 liJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id e3si9967312wrg.61.2018.03.07.17.48.22; Wed, 07 Mar 2018 17:48:23 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E5D2368A3E6; Thu, 8 Mar 2018 03:48:11 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from 5.mo5.mail-out.ovh.net (5.mo5.mail-out.ovh.net [87.98.173.103]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C7D3068A393 for ; Thu, 8 Mar 2018 03:48:09 +0200 (EET) Received: from player778.ha.ovh.net (unknown [10.109.122.103]) by mo5.mail-out.ovh.net (Postfix) with ESMTP id 5EEE3190EB1 for ; Thu, 8 Mar 2018 02:48:17 +0100 (CET) Received: from [192.168.2.120] (p5DDB6D89.dip0.t-ipconnect.de [93.219.109.137]) (Authenticated sender: zen-lists@mediaarea.net) by player778.ha.ovh.net (Postfix) with ESMTPSA id 16C3F180085 for ; Thu, 8 Mar 2018 02:48:16 +0100 (CET) To: ffmpeg-devel@ffmpeg.org References: <4b0efe51-d6c0-9a37-ce34-155387d1a8e8@mediaarea.net> <909fd1a5-f76b-d981-37d7-f1998259c6d0@mediaarea.net> <20180308001727.GK23018@michaelspb> From: Jerome Martinez Message-ID: <5d1d2226-1a19-5268-dcdd-441d551b1809@mediaarea.net> Date: Thu, 8 Mar 2018 02:48:19 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 In-Reply-To: <20180308001727.GK23018@michaelspb> Content-Language: en-GB X-Ovh-Tracer-Id: 10835942179563311293 X-VR-SPAMSTATE: OK X-VR-SPAMSCORE: 0 X-VR-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedtfedrkeefgdefkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfqggfjpdevjffgvefmvefgnecuuegrihhlohhuthemuceftddtnecu Subject: Re: [FFmpeg-devel] [PATCH 1/7] avcodec/ffv1dec: add missing error messages when a frame is invalid X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" On 08/03/2018 01:17, Michael Niedermayer wrote: > > In the cases where the error is about a scalar value, that value should > be printed in the error message (unless it was alread printed elsewhere) Patch modified, showing the scalar value. From 13db9fc4da1d0e531e516bd87d084233e231f0e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Martinez?= Date: Thu, 8 Mar 2018 02:40:21 +0100 Subject: [PATCH] avcodec/ffv1dec: add missing error messages when a frame is invalid --- libavcodec/ffv1dec.c | 39 +++++++++++++++++++++++++++++++-------- 1 file changed, 31 insertions(+), 8 deletions(-) diff --git a/libavcodec/ffv1dec.c b/libavcodec/ffv1dec.c index 3d2ee2569f..06509dae60 100644 --- a/libavcodec/ffv1dec.c +++ b/libavcodec/ffv1dec.c @@ -182,11 +182,22 @@ static int decode_slice_header(FFV1Context *f, FFV1Context *fs) fs->slice_y /= f->num_v_slices; fs->slice_width = fs->slice_width /f->num_h_slices - fs->slice_x; fs->slice_height = fs->slice_height/f->num_v_slices - fs->slice_y; - if ((unsigned)fs->slice_width > f->width || (unsigned)fs->slice_height > f->height) + if ((unsigned)fs->slice_width > f->width) { + av_log(f->avctx, AV_LOG_ERROR, "slice_width %d out of range\n", (unsigned)fs->slice_width); return -1; - if ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width - || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height) + } + if ((unsigned)fs->slice_height > f->height) { + av_log(f->avctx, AV_LOG_ERROR, "slice_height %d out of range\n", (unsigned)fs->slice_height); + return -1; + } + if ((unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width) { + av_log(f->avctx, AV_LOG_ERROR, "slice_x+slice_width %lld out of range\n", (unsigned)fs->slice_x + (uint64_t)fs->slice_width, (unsigned)fs->slice_y); return -1; + } + if ((unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height) { + av_log(f->avctx, AV_LOG_ERROR, "slice_y+slice_height %lld out of range\n", (unsigned)fs->slice_y + (uint64_t)fs->slice_height); + return -1; + } for (i = 0; i < f->plane_count; i++) { PlaneContext * const p = &fs->plane[i]; @@ -432,8 +443,10 @@ static int read_extra_header(FFV1Context *f) if (f->version > 2) { c->bytestream_end -= 4; f->micro_version = get_symbol(c, state, 0); - if (f->micro_version < 0) + if (f->micro_version < 0) { + av_log(f->avctx, AV_LOG_ERROR, "Invalid micro_version %i in global header\n", f->micro_version); return AVERROR_INVALIDDATA; + } } f->ac = get_symbol(c, state, 0); @@ -758,12 +771,22 @@ static int read_header(FFV1Context *f) fs->slice_y /= f->num_v_slices; fs->slice_width = fs->slice_width / f->num_h_slices - fs->slice_x; fs->slice_height = fs->slice_height / f->num_v_slices - fs->slice_y; - if ((unsigned)fs->slice_width > f->width || - (unsigned)fs->slice_height > f->height) + if ((unsigned)fs->slice_width > f->width) { + av_log(f->avctx, AV_LOG_ERROR, "slice_width %d out of range\n", (unsigned)fs->slice_width); return AVERROR_INVALIDDATA; - if ( (unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width - || (unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height) + } + if ((unsigned)fs->slice_height > f->height) { + av_log(f->avctx, AV_LOG_ERROR, "slice_height %d out of range\n", (unsigned)fs->slice_height); + return AVERROR_INVALIDDATA; + } + if ((unsigned)fs->slice_x + (uint64_t)fs->slice_width > f->width) { + av_log(f->avctx, AV_LOG_ERROR, "slice_x+slice_width %lld out of range\n", (unsigned)fs->slice_x + (uint64_t)fs->slice_width, (unsigned)fs->slice_y); return AVERROR_INVALIDDATA; + } + if ((unsigned)fs->slice_y + (uint64_t)fs->slice_height > f->height) { + av_log(f->avctx, AV_LOG_ERROR, "slice_y+slice_height %lld out of range\n", (unsigned)fs->slice_y + (uint64_t)fs->slice_height); + return AVERROR_INVALIDDATA; + } } for (i = 0; i < f->plane_count; i++) {