diff mbox series

[FFmpeg-devel,12/23] dnn/dnn_backend_native: Don't use asserts for checks

Message ID 20210310215446.1396386-3-andreas.rheinhardt@gmail.com
State Accepted
Headers show
Series [FFmpeg-devel,1/8] avcodec/cbs: Remove redundant checks for CodedBitstreamContext.codec | expand

Commit Message

Andreas Rheinhardt March 10, 2021, 9:54 p.m. UTC 
asserts should not be used instead of ordinary input checks.
Yet the native DNN backend did it: get_input_native() asserted that
the first dimension was one, despite this value coming directly from
the input file without having been sanitized.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
get_input_native() only asserts this for input operands; so it might be
that the check below should also check for this (depending upon whether
1 is a valid value for output operands).

 libavfilter/dnn/dnn_backend_native.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Guo, Yejun March 11, 2021, 2:23 a.m. UTC | #1 
> -----Original Message-----
> From: ffmpeg-devel <ffmpeg-devel-bounces@ffmpeg.org> On Behalf Of
> Andreas Rheinhardt
> Sent: 2021年3月11日 5:55
> To: ffmpeg-devel@ffmpeg.org
> Cc: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> Subject: [FFmpeg-devel] [PATCH 12/23] dnn/dnn_backend_native: Don't use
> asserts for checks
> 
> asserts should not be used instead of ordinary input checks.
> Yet the native DNN backend did it: get_input_native() asserted that
> the first dimension was one, despite this value coming directly from
> the input file without having been sanitized.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
> get_input_native() only asserts this for input operands; so it might be
> that the check below should also check for this (depending upon whether
> 1 is a valid value for output operands).
> 
>  libavfilter/dnn/dnn_backend_native.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/libavfilter/dnn/dnn_backend_native.c
> b/libavfilter/dnn/dnn_backend_native.c
> index fd1f9e299d..b3c41af94e 100644
> --- a/libavfilter/dnn/dnn_backend_native.c
> +++ b/libavfilter/dnn/dnn_backend_native.c
> @@ -231,6 +231,8 @@ DNNModel *ff_dnn_load_model_native(const char
> *model_filename, DNNFunctionType f
>              oprd->dims[dim] = (int32_t)avio_rl32(model_file_context);
>              dnn_size += 4;
>          }
> +        if (oprd->dims[0] != 1)
> +            goto fail;

Thanks, the operands here include input, output and intermediate whose dims[0]
could be any other values, so, the fix here can be:

        if (oprd->dims[0] != 1 && oprd->type == DOT_INPUT)
            goto fail;
diff mbox series

Patch

diff --git a/libavfilter/dnn/dnn_backend_native.c b/libavfilter/dnn/dnn_backend_native.c
index fd1f9e299d..b3c41af94e 100644
--- a/libavfilter/dnn/dnn_backend_native.c
+++ b/libavfilter/dnn/dnn_backend_native.c
@@ -231,6 +231,8 @@  DNNModel *ff_dnn_load_model_native(const char *model_filename, DNNFunctionType f
             oprd->dims[dim] = (int32_t)avio_rl32(model_file_context);
             dnn_size += 4;
         }
+        if (oprd->dims[0] != 1)
+            goto fail;
 
         oprd->isNHWC = 1;
     }