diff mbox series

[FFmpeg-devel] avutil/imgutils: use INT64_MAX for alloc buffer check and image size check

Message ID 20210914111919.42032-1-lq@chinaffmpeg.org
State New
Headers show
Series [FFmpeg-devel] avutil/imgutils: use INT64_MAX for alloc buffer check and image size check
Related show

Checks

Context Check Description
andriy/make_x86 success Make finished
andriy/make_fate_x86 fail Make fate failed
andriy/make_ppc success Make finished
andriy/make_fate_ppc fail Make fate failed
andriy/makeppc warning New warnings during build

Commit Message

Steven Liu Sept. 14, 2021, 11:19 a.m. UTC
check alloc buffer size limit from INT_MAX to INT64_MAX
check stride and stride*(uint64_t)(h+128)
look into the Picture size condition using INT_MAX is smaller,
so make it to INT64_MAX maybe large enough for Picture.

Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
---
 libavutil/imgutils.c | 2 +-
 libavutil/imgutils.h | 2 +-
 libavutil/mem.c      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

Comments

James Almer Sept. 14, 2021, 8:41 p.m. UTC | #1
On 9/14/2021 8:19 AM, Steven Liu wrote:
> check alloc buffer size limit from INT_MAX to INT64_MAX
> check stride and stride*(uint64_t)(h+128)
> look into the Picture size condition using INT_MAX is smaller,
> so make it to INT64_MAX maybe large enough for Picture.
> 
> Signed-off-by: Steven Liu <lq@chinaffmpeg.org>
> ---
>   libavutil/imgutils.c | 2 +-
>   libavutil/imgutils.h | 2 +-
>   libavutil/mem.c      | 2 +-
>   3 files changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/libavutil/imgutils.c b/libavutil/imgutils.c
> index 9ab5757cf6..03abf1cece 100644
> --- a/libavutil/imgutils.c
> +++ b/libavutil/imgutils.c
> @@ -298,7 +298,7 @@ int av_image_check_size2(unsigned int w, unsigned int h, int64_t max_pixels, enu
>           stride = 8LL*w;
>       stride += 128*8;
>   
> -    if ((int)w<=0 || (int)h<=0 || stride >= INT_MAX || stride*(uint64_t)(h+128) >= INT_MAX) {
> +    if ((int)w<=0 || (int)h<=0 || stride >= INT64_MAX || stride*(uint64_t)(h+128) >= INT64_MAX) {

Linesizes are int everywhere, so this is obviously not ok.

>           av_log(&imgutils, AV_LOG_ERROR, "Picture size %ux%u is invalid\n", w, h);
>           return AVERROR(EINVAL);
>       }
> diff --git a/libavutil/imgutils.h b/libavutil/imgutils.h
> index cb2d74728e..5f1cac7579 100644
> --- a/libavutil/imgutils.h
> +++ b/libavutil/imgutils.h
> @@ -248,7 +248,7 @@ int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *lo
>   /**
>    * Check if the given dimension of an image is valid, meaning that all
>    * bytes of a plane of an image with the specified pix_fmt can be addressed
> - * with a signed int.
> + * with a int64.
>    *
>    * @param w the width of the picture
>    * @param h the height of the picture
> diff --git a/libavutil/mem.c b/libavutil/mem.c
> index dcc75945d4..10f4328164 100644
> --- a/libavutil/mem.c
> +++ b/libavutil/mem.c
> @@ -68,7 +68,7 @@ void  free(void *ptr);
>    * dynamic libraries and remove -Wl,-Bsymbolic from the linker flags.
>    * Note that this will cost performance. */
>   
> -static atomic_size_t max_alloc_size = ATOMIC_VAR_INIT(INT_MAX);
> +static atomic_size_t max_alloc_size = ATOMIC_VAR_INIT(INT64_MAX);

INT64_MAX may not fit in a size_t.

Also, av_max_alloc() exists for the purpose of changing this value at 
runtime.

>   
>   void av_max_alloc(size_t max){
>       atomic_store_explicit(&max_alloc_size, max, memory_order_relaxed);
>
diff mbox series

Patch

diff --git a/libavutil/imgutils.c b/libavutil/imgutils.c
index 9ab5757cf6..03abf1cece 100644
--- a/libavutil/imgutils.c
+++ b/libavutil/imgutils.c
@@ -298,7 +298,7 @@  int av_image_check_size2(unsigned int w, unsigned int h, int64_t max_pixels, enu
         stride = 8LL*w;
     stride += 128*8;
 
-    if ((int)w<=0 || (int)h<=0 || stride >= INT_MAX || stride*(uint64_t)(h+128) >= INT_MAX) {
+    if ((int)w<=0 || (int)h<=0 || stride >= INT64_MAX || stride*(uint64_t)(h+128) >= INT64_MAX) {
         av_log(&imgutils, AV_LOG_ERROR, "Picture size %ux%u is invalid\n", w, h);
         return AVERROR(EINVAL);
     }
diff --git a/libavutil/imgutils.h b/libavutil/imgutils.h
index cb2d74728e..5f1cac7579 100644
--- a/libavutil/imgutils.h
+++ b/libavutil/imgutils.h
@@ -248,7 +248,7 @@  int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *lo
 /**
  * Check if the given dimension of an image is valid, meaning that all
  * bytes of a plane of an image with the specified pix_fmt can be addressed
- * with a signed int.
+ * with a int64.
  *
  * @param w the width of the picture
  * @param h the height of the picture
diff --git a/libavutil/mem.c b/libavutil/mem.c
index dcc75945d4..10f4328164 100644
--- a/libavutil/mem.c
+++ b/libavutil/mem.c
@@ -68,7 +68,7 @@  void  free(void *ptr);
  * dynamic libraries and remove -Wl,-Bsymbolic from the linker flags.
  * Note that this will cost performance. */
 
-static atomic_size_t max_alloc_size = ATOMIC_VAR_INIT(INT_MAX);
+static atomic_size_t max_alloc_size = ATOMIC_VAR_INIT(INT64_MAX);
 
 void av_max_alloc(size_t max){
     atomic_store_explicit(&max_alloc_size, max, memory_order_relaxed);