diff mbox

[FFmpeg-devel,1/2] avcodec/hap: pass texture-compression destination as argument, not in context

Message ID 20161108002153.66910-1-bangnoise@gmail.com
State Superseded
Headers show

Commit Message

Tom Butterworth Nov. 8, 2016, 12:21 a.m. UTC 
This allows a subsequent change to compress directly into the output packet when possible.
---
 libavcodec/hapenc.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

Comments

Michael Niedermayer Nov. 8, 2016, 12:44 p.m. UTC | #1 
On Tue, Nov 08, 2016 at 12:21:52AM +0000, Tom Butterworth wrote:
> This allows a subsequent change to compress directly into the output packet when possible.
> ---
>  libavcodec/hapenc.c | 5 ++---
>  1 file changed, 2 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/hapenc.c b/libavcodec/hapenc.c
> index 076923b..7056b62 100644
> --- a/libavcodec/hapenc.c
> +++ b/libavcodec/hapenc.c
> @@ -52,10 +52,9 @@ enum HapHeaderLength {
>      HAP_HDR_LONG = 8,
>  };
>  
> -static void compress_texture(AVCodecContext *avctx, const AVFrame *f)
> +static void compress_texture(AVCodecContext *avctx, uint8_t *out, const AVFrame *f)

passing an output array without array size into a function raises a
red security flag.

This should have some check or assert to protect against overwriting
beyond the array end.
And or the size requirements should be documented so that the code
allocating and te code writing stay in sync

Even if it never can overwrite ATM,  assumtations can easily get
broken or get out of sync by mistake ...

while this isnt exactly a problem introduced by this patch i think this
should be improved

[...]
Tom Butterworth Nov. 8, 2016, 1:28 p.m. UTC | #2 
On Tue, 8 Nov 2016 at 12:44 Michael Niedermayer <michael@niedermayer.cc>
wrote:
...

> > -static void compress_texture(AVCodecContext *avctx, const AVFrame *f)
> > +static void compress_texture(AVCodecContext *avctx, uint8_t *out, const
> AVFrame *f)
>
> passing an output array without array size into a function raises a
> red security flag.
>
> This should have some check or assert to protect against overwriting
> beyond the array end.
> And or the size requirements should be documented so that the code
> allocating and te code writing stay in sync
>
> Even if it never can overwrite ATM,  assumtations can easily get
> broken or get out of sync by mistake ...
>
> while this isnt exactly a problem introduced by this patch i think this
> should be improved
>

 Okay, revised patches will follow
diff mbox

Patch

diff --git a/libavcodec/hapenc.c b/libavcodec/hapenc.c
index 076923b..7056b62 100644
--- a/libavcodec/hapenc.c
+++ b/libavcodec/hapenc.c
@@ -52,10 +52,9 @@  enum HapHeaderLength {
     HAP_HDR_LONG = 8,
 };
 
-static void compress_texture(AVCodecContext *avctx, const AVFrame *f)
+static void compress_texture(AVCodecContext *avctx, uint8_t *out, const AVFrame *f)
 {
     HapContext *ctx = avctx->priv_data;
-    uint8_t *out = ctx->tex_buf;
     int i, j;
 
     for (j = 0; j < avctx->height; j += 4) {
@@ -201,7 +200,7 @@  static int hap_encode(AVCodecContext *avctx, AVPacket *pkt,
         return ret;
 
     /* DXTC compression. */
-    compress_texture(avctx, frame);
+    compress_texture(avctx, ctx->tex_buf, frame);
 
     /* Compress (using Snappy) the frame */
     final_data_size = hap_compress_frame(avctx, pkt->data + header_length);