From patchwork Sat May 30 16:05:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 20001 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 80C7D44A6AD for ; Sat, 30 May 2020 19:06:35 +0300 (EEST) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 697FD68B035; Sat, 30 May 2020 19:06:35 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-wr1-f68.google.com (mail-wr1-f68.google.com [209.85.221.68]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E942E68AEEB for ; Sat, 30 May 2020 19:06:28 +0300 (EEST) Received: by mail-wr1-f68.google.com with SMTP id p5so1257033wrw.9 for ; Sat, 30 May 2020 09:06:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=FmCvo+R03bx9krm5ySr5EDT1IbNqt4jsT14cvMZ1fJM=; b=QVLqb1cp1mHKk9lVeC5ely0XfR/hgInbKpD5ien+EH2c7Ami6Hoyj8NDbc+sGDtFlt FTa4ucMRnJRGtFndU4JJpB5M5MH0tXrIKywFAAuUpmNwxkRz+/PAG5nOGdI3tN2rqNtp ATwCnFoc5wAFE8Rfla6Pw4rHGZFFkErr9LqqJayIFiqZVekoUr27XWwtIEwUNmqhqFGU boPjpTawQ2Vfqe2CAR9QvQy6mv5ubnt0Pg/l/DxQ2+LVVZCcj/cga89IN7uCimqaHo8q RfIZgHz82WRdrsugH6EjqwvJQfJY/wRhVJBqRy8jeQAbfptIf3Losw66Ux8Zj6EJ92CG Sehw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=FmCvo+R03bx9krm5ySr5EDT1IbNqt4jsT14cvMZ1fJM=; b=kxrEg2X1uwguwq+TT8AHeqYCSOSx+0pXN/V3hCSgwG4giiwuZ26DSSw9UgU5iIkWct y1Wgt7JXLECJqgOu1/Iit9gMHjxEE+1yogmx5Ofm5maSJcrj9IkXmZL9zkBF6z/fTcCD CnoMgAInwbxYU//22AIELcy8gRaXZ8E2wOfbDEqHV4/mkPK0X4z8w5vXdvQEORvh0Svp 2JbLCu3rzqJlvoQ3+VdiIqpPPQGmpXDRXhw1D0fEUE/ItkajB/NTaVzgHFDOeHH/Bhy0 iJtoHcqGB94FUk5WKDJDUYuAAEOvrzREK0B/awLFPlWgfIwgTg4nAehPYzSs9pqPoDn6 wyww== X-Gm-Message-State: AOAM533x62g3r9pqeTVg5NtvrZZ/kXwQaVXoWMnz2SjPN6sb8S0Pik6c Qv7Y39NAj0g6ACAiIOiKtReqPc0k X-Google-Smtp-Source: ABdhPJwSrrjtatdomlws4uwxx8K3pfaV1CnRTfXBRa7cAr2SsIXwvb2rVzDx38Wt8VmIcFT8MdE3Yw== X-Received: by 2002:a5d:52c6:: with SMTP id r6mr13610268wrv.74.1590854787872; Sat, 30 May 2020 09:06:27 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc1ab57.dynamic.kabel-deutschland.de. [188.193.171.87]) by smtp.gmail.com with ESMTPSA id v27sm15186517wrv.81.2020.05.30.09.06.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 30 May 2020 09:06:26 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Sat, 30 May 2020 18:05:19 +0200 Message-Id: <20200530160541.29517-14-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200530160541.29517-1-andreas.rheinhardt@gmail.com> References: <20200530160541.29517-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 14/36] avcodec/mjpega_dump_header_bsf: Make code more robust wrt overflow X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Signed-off-by: Andreas Rheinhardt --- libavcodec/mjpega_dump_header_bsf.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libavcodec/mjpega_dump_header_bsf.c b/libavcodec/mjpega_dump_header_bsf.c index ab68f9c3e9..40c4c690ab 100644 --- a/libavcodec/mjpega_dump_header_bsf.c +++ b/libavcodec/mjpega_dump_header_bsf.c @@ -42,7 +42,7 @@ static int mjpega_dump_header(AVBSFContext *ctx, AVPacket *out) if (ret < 0) return ret; - ret = av_new_packet(out, in->size + 44); + ret = av_new_packet(out, in->size + 44U); if (ret < 0) goto fail; @@ -58,29 +58,29 @@ static int mjpega_dump_header(AVBSFContext *ctx, AVPacket *out) bytestream_put_be16(&out_buf, 42); /* size */ bytestream_put_be32(&out_buf, 0); bytestream_put_buffer(&out_buf, "mjpg", 4); - bytestream_put_be32(&out_buf, in->size + 44); /* field size */ - bytestream_put_be32(&out_buf, in->size + 44); /* pad field size */ + bytestream_put_be32(&out_buf, in->size + 44U); /* field size */ + bytestream_put_be32(&out_buf, in->size + 44U); /* pad field size */ bytestream_put_be32(&out_buf, 0); /* next ptr */ for (i = 0; i < in->size - 1; i++) { if (in->data[i] == 0xff) { switch (in->data[i + 1]) { - case DQT: dqt = i + 46; break; - case DHT: dht = i + 46; break; - case SOF0: sof0 = i + 46; break; + case DQT: dqt = i + 46U; break; + case DHT: dht = i + 46U; break; + case SOF0: sof0 = i + 46U; break; case SOS: bytestream_put_be32(&out_buf, dqt); /* quant off */ bytestream_put_be32(&out_buf, dht); /* huff off */ bytestream_put_be32(&out_buf, sof0); /* image off */ - bytestream_put_be32(&out_buf, i + 46); /* scan off */ - bytestream_put_be32(&out_buf, i + 46 + AV_RB16(in->data + i + 2)); /* data off */ + bytestream_put_be32(&out_buf, i + 46U); /* scan off */ + bytestream_put_be32(&out_buf, i + 46U + AV_RB16(in->data + i + 2)); /* data off */ bytestream_put_buffer(&out_buf, in->data + 2, in->size - 2); /* skip already written SOI */ out->size = out_buf - out->data; av_packet_free(&in); return 0; case APP1: - if (i + 8 < in->size && AV_RL32(in->data + i + 8) == AV_RL32("mjpg")) { + if (i + 8U < in->size && AV_RL32(in->data + i + 8) == AV_RL32("mjpg")) { av_log(ctx, AV_LOG_ERROR, "bitstream already formatted\n"); av_packet_unref(out); av_packet_move_ref(out, in);