Message ID | 20200131071614.715-1-ffmpeg@gyani.pro |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel,v2] avfilter/scale: fix CID 1457833 | expand |
Context | Check | Description |
---|---|---|
andriy/ffmpeg-patchwork | success | Make fate finished |
On Fri, Jan 31, 2020 at 12:46:13PM +0530, Gyan Doshi wrote: > Remove expressions with constant results and > improve overflow checks. > --- > libavfilter/vf_scale.c | 6 ++---- > 1 file changed, 2 insertions(+), 4 deletions(-) > > diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c > index 0348f19d33..b6c6414258 100644 > --- a/libavfilter/vf_scale.c > +++ b/libavfilter/vf_scale.c > @@ -497,10 +497,8 @@ static int config_props(AVFilterLink *outlink) > scale->force_original_aspect_ratio, > scale->force_divisible_by); > > - if (scale->w > INT_MAX || > - scale->h > INT_MAX || > - (scale->h * inlink->w) > INT_MAX || > - (scale->w * inlink->h) > INT_MAX) > + if ((scale->h > INT_MAX / inlink->w) || > + (scale->w > INT_MAX / inlink->h)) > av_log(ctx, AV_LOG_ERROR, "Rescaled value for width or height is too big.\n"); taking a very quick look at the history it seemed the w / h values where originally int64_t more specifically, av_rescale() produces int64_t and simply storing that in int might introduce a truncation of the results so there are maybe checks missing elsewhere since the variables changed to int Thanks [...]
diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c index 0348f19d33..b6c6414258 100644 --- a/libavfilter/vf_scale.c +++ b/libavfilter/vf_scale.c @@ -497,10 +497,8 @@ static int config_props(AVFilterLink *outlink) scale->force_original_aspect_ratio, scale->force_divisible_by); - if (scale->w > INT_MAX || - scale->h > INT_MAX || - (scale->h * inlink->w) > INT_MAX || - (scale->w * inlink->h) > INT_MAX) + if ((scale->h > INT_MAX / inlink->w) || + (scale->w > INT_MAX / inlink->h)) av_log(ctx, AV_LOG_ERROR, "Rescaled value for width or height is too big.\n"); outlink->w = scale->w;