From patchwork Wed Sep 18 03:26:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 15128 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id D9FC3449FBC for ; Wed, 18 Sep 2019 06:32:39 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C75C46897B4; Wed, 18 Sep 2019 06:32:39 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 6087A687FD3 for ; Wed, 18 Sep 2019 06:32:32 +0300 (EEST) Received: by mail-wm1-f67.google.com with SMTP id 7so719300wme.1 for ; Tue, 17 Sep 2019 20:32:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=dy8yMZnGyPzIVDFTgF31hBgvok94kk3aGE+vWHIrzc8=; b=M11goIWLcgmOlFvYkpdXRhcrb7gItR9eCsjNUp7vDS9qmWJVPWddxpGyF7RFgKxOV2 I6qnyGPfnloNgCVdcEXVH3i9+ukGk1fo3bsJUXhOox5JZZ1mMfj6eiJXtwXe42up/QBH NQknUwFU4D0dd5hw3WSx3UpqNZKOvZLjItOLwMOKaCXaQEA0YPCDRW/AWurlUzucX/2q 4MqUlfv3oT/lpKLSs99uc/oNT75ZpoMRyX01FNoQ9m0YT13MGsVPa6Pqmlmp+FAqS91i ObxKoOzcLp/2hfLCdl2VwxkQn9snkZkWvYwO6VLqN7qM9N2E0iS6p3+1A8aBW7aZ1C2K S38w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=dy8yMZnGyPzIVDFTgF31hBgvok94kk3aGE+vWHIrzc8=; b=gyO0YBBPGkpKJvRZKsWTfE8faXVV+LLWAWr3f0mXXSoGFe5y1V0Kh8VPUZJz+J1L+Z Dhlx64XHJV3u1rBwqtrON1CeGbq90uvgUqSUTBITGIl8d9ALqEkfVv+1yp2Vrpk/nOpS th8xyrIDSQBVpiqoy5RLdFWMhfeTgPw1NPjSlmgXFqsyDVX2THBwN6c+McEhI19ZFrV5 DjDKvygPmdqQVHmpv5heJE4FYtbye1vRNLHEDT4+3R1Oy35wJ5POsviwYZpWVIvH0vMI b4mFGh9ox6jWt+om8suqpQdp15athjZfB/yxtgyg8y+AXZrA1UIXXWqq/aQJ1lm7d5zd Y2AQ== X-Gm-Message-State: APjAAAWSULw95rjZmNdnyd3QLBWjS737rVvTzR9/zegVY0wMdy7r0Ex3 h6xMuUSUGCvq2SFcjmP0qIXEdG8Qh5k= X-Google-Smtp-Source: APXvYqwywHIr7kzsKYEjBPtb73lBWcJK/Ib0wS2ey4Hiikl6ZYzjzmcShiDRHAtWPCb34SQvl821cQ== X-Received: by 2002:a1c:7319:: with SMTP id d25mr816512wmb.56.1568777551736; Tue, 17 Sep 2019 20:32:31 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc0f857.dynamic.kabel-deutschland.de. [188.192.248.87]) by smtp.gmail.com with ESMTPSA id 189sm806891wmz.19.2019.09.17.20.32.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 17 Sep 2019 20:32:31 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 18 Sep 2019 05:26:01 +0200 Message-Id: <20190918032607.11774-4-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190918032607.11774-1-andreas.rheinhardt@gmail.com> References: <20190918032607.11774-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 04/10] avcodec/cbs_av1: Make overread check more robust X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" When performing a comparison of a signed int and an unsigned int, the signed int is first converted to an unsigned int, so that negative values are being treated as big, positive values. This can become a problem in an overread check, namely when an overread already happened. So change the type of the variable containing the amount of bits that need to be left to signed. Signed-off-by: Andreas Rheinhardt --- I am not aware of any situation where cbs overreads, but robustness is nevertheless valueable. libavcodec/cbs_av1.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/cbs_av1.c b/libavcodec/cbs_av1.c index 0ff6d60ae2..84998e1e8c 100644 --- a/libavcodec/cbs_av1.c +++ b/libavcodec/cbs_av1.c @@ -211,8 +211,8 @@ static int cbs_av1_read_ns(CodedBitstreamContext *ctx, GetBitContext *gbc, uint32_t n, const char *name, const int *subscripts, uint32_t *write_to) { - uint32_t w, m, v, extra_bit, value; - int position; + uint32_t m, v, extra_bit, value; + int position, w; av_assert0(n > 0);