| Message ID | 20210423125245.586-1-jamrial@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [FFmpeg-devel] avfilter/af_adelay: make per channel delay argument an int64_t | expand |
| Context | Check | Description |
|---|---|---|
| andriy/x86_make | success | Make finished |
| andriy/x86_make_fate | success | Make fate finished |
| andriy/PPC64_make | success | Make finished |
| andriy/PPC64_make_fate | success | Make fate finished |
On 2021-04-23 18:22, James Almer wrote: > Should fix ticket #9196 > > Signed-off-by: James Almer <jamrial@gmail.com> > --- > libavfilter/af_adelay.c | 11 +++++++---- > 1 file changed, 7 insertions(+), 4 deletions(-) > > diff --git a/libavfilter/af_adelay.c b/libavfilter/af_adelay.c > index 6ac81c2a3e..1229bf5bc7 100644 > --- a/libavfilter/af_adelay.c > +++ b/libavfilter/af_adelay.c > @@ -28,9 +28,9 @@ > #include "internal.h" > > typedef struct ChanDelay { > - int delay; > - unsigned delay_index; > - unsigned index; > + int64_t delay; > + size_t delay_index; > + size_t index; > uint8_t *samples; > } ChanDelay; > > @@ -152,7 +152,7 @@ static int config_input(AVFilterLink *inlink) > > p = NULL; > > - ret = av_sscanf(arg, "%d%c", &d->delay, &type); > + ret = av_sscanf(arg, "%"SCNd64"%c", &d->delay, &type); > if (ret != 2 || type != 'S') { > div = type == 's' ? 1.0 : 1000.0; > if (av_sscanf(arg, "%f", &delay) != 1) { > @@ -194,6 +194,9 @@ static int config_input(AVFilterLink *inlink) > if (!d->delay) > continue; > > + if (d->delay > SIZE_MAX) > + return AVERROR(ENOMEM); If this can occur due to user input, it should be reported back to the user. > + > d->samples = av_malloc_array(d->delay, s->block_align); > if (!d->samples) > return AVERROR(ENOMEM); Regards, Gyan
On 4/23/2021 10:09 AM, Gyan Doshi wrote: > > > On 2021-04-23 18:22, James Almer wrote: >> Should fix ticket #9196 >> >> Signed-off-by: James Almer <jamrial@gmail.com> >> --- >> libavfilter/af_adelay.c | 11 +++++++---- >> 1 file changed, 7 insertions(+), 4 deletions(-) >> >> diff --git a/libavfilter/af_adelay.c b/libavfilter/af_adelay.c >> index 6ac81c2a3e..1229bf5bc7 100644 >> --- a/libavfilter/af_adelay.c >> +++ b/libavfilter/af_adelay.c >> @@ -28,9 +28,9 @@ >> #include "internal.h" >> typedef struct ChanDelay { >> - int delay; >> - unsigned delay_index; >> - unsigned index; >> + int64_t delay; >> + size_t delay_index; >> + size_t index; >> uint8_t *samples; >> } ChanDelay; >> @@ -152,7 +152,7 @@ static int config_input(AVFilterLink *inlink) >> p = NULL; >> - ret = av_sscanf(arg, "%d%c", &d->delay, &type); >> + ret = av_sscanf(arg, "%"SCNd64"%c", &d->delay, &type); >> if (ret != 2 || type != 'S') { >> div = type == 's' ? 1.0 : 1000.0; >> if (av_sscanf(arg, "%f", &delay) != 1) { >> @@ -194,6 +194,9 @@ static int config_input(AVFilterLink *inlink) >> if (!d->delay) >> continue; >> + if (d->delay > SIZE_MAX) >> + return AVERROR(ENOMEM); > > If this can occur due to user input, it should be reported back to the > user. It could even before this patch, as you can see in the existing av_malloc_array() check below, but sure, i can print an av_log() error. > > >> + >> d->samples = av_malloc_array(d->delay, s->block_align); >> if (!d->samples) >> return AVERROR(ENOMEM); > > Regards, > Gyan > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
On 2021-04-23 19:05, James Almer wrote: > On 4/23/2021 10:09 AM, Gyan Doshi wrote: >> >> >> On 2021-04-23 18:22, James Almer wrote: >>> Should fix ticket #9196 >>> >>> Signed-off-by: James Almer <jamrial@gmail.com> >>> --- >>> libavfilter/af_adelay.c | 11 +++++++---- >>> 1 file changed, 7 insertions(+), 4 deletions(-) >>> >>> diff --git a/libavfilter/af_adelay.c b/libavfilter/af_adelay.c >>> index 6ac81c2a3e..1229bf5bc7 100644 >>> --- a/libavfilter/af_adelay.c >>> +++ b/libavfilter/af_adelay.c >>> @@ -28,9 +28,9 @@ >>> #include "internal.h" >>> typedef struct ChanDelay { >>> - int delay; >>> - unsigned delay_index; >>> - unsigned index; >>> + int64_t delay; >>> + size_t delay_index; >>> + size_t index; >>> uint8_t *samples; >>> } ChanDelay; >>> @@ -152,7 +152,7 @@ static int config_input(AVFilterLink *inlink) >>> p = NULL; >>> - ret = av_sscanf(arg, "%d%c", &d->delay, &type); >>> + ret = av_sscanf(arg, "%"SCNd64"%c", &d->delay, &type); >>> if (ret != 2 || type != 'S') { >>> div = type == 's' ? 1.0 : 1000.0; >>> if (av_sscanf(arg, "%f", &delay) != 1) { >>> @@ -194,6 +194,9 @@ static int config_input(AVFilterLink *inlink) >>> if (!d->delay) >>> continue; >>> + if (d->delay > SIZE_MAX) >>> + return AVERROR(ENOMEM); >> >> If this can occur due to user input, it should be reported back to >> the user. > > It could even before this patch, as you can see in the existing > av_malloc_array() check below, but sure, i can print an av_log() error. That's best. Since the user inputs a string, avutil/opt can't enforce a range. Thanks, Gyan
diff --git a/libavfilter/af_adelay.c b/libavfilter/af_adelay.c index 6ac81c2a3e..1229bf5bc7 100644 --- a/libavfilter/af_adelay.c +++ b/libavfilter/af_adelay.c @@ -28,9 +28,9 @@ #include "internal.h" typedef struct ChanDelay { - int delay; - unsigned delay_index; - unsigned index; + int64_t delay; + size_t delay_index; + size_t index; uint8_t *samples; } ChanDelay; @@ -152,7 +152,7 @@ static int config_input(AVFilterLink *inlink) p = NULL; - ret = av_sscanf(arg, "%d%c", &d->delay, &type); + ret = av_sscanf(arg, "%"SCNd64"%c", &d->delay, &type); if (ret != 2 || type != 'S') { div = type == 's' ? 1.0 : 1000.0; if (av_sscanf(arg, "%f", &delay) != 1) { @@ -194,6 +194,9 @@ static int config_input(AVFilterLink *inlink) if (!d->delay) continue; + if (d->delay > SIZE_MAX) + return AVERROR(ENOMEM); + d->samples = av_malloc_array(d->delay, s->block_align); if (!d->samples) return AVERROR(ENOMEM);
Should fix ticket #9196 Signed-off-by: James Almer <jamrial@gmail.com> --- libavfilter/af_adelay.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-)