From patchwork Tue Sep 14 11:19:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liu Steven X-Patchwork-Id: 30242 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp4889099iov; Tue, 14 Sep 2021 04:19:42 -0700 (PDT) X-Google-Smtp-Source: ABdhPJymQTfN4kf2mgq/yvu45LAGT469WypyywIivzE4N6uNvvw+5y4Gdt0cbSrH6cTGJMejQuXZ X-Received: by 2002:a17:906:36d6:: with SMTP id b22mr17879045ejc.387.1631618382351; Tue, 14 Sep 2021 04:19:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631618382; cv=none; d=google.com; s=arc-20160816; b=GbX4praKwnEuFgO5j1b+huA4I73+JNiKAMgllzSL4CsjpPJIpFZrKk52U/Y0n/dFDZ fERT6eRZq1Rn6LlsVWTkUNlIjmsbg+cA3kxWq2I3AqlbaR/2FdAUyXLNHtINt3D7fEKG bEa8h4q/FZ7oCzk61Lxhawxv0OJOBpRmh0PGsifr+NEtPxYtuqHibbe55VCxiMWbC9iw E8R794QincPbu9pgO57KJ3vmCVdYc+F09BQwvXsznlT1y52/C+kY+83GDJdQ9vXfKcOx Cvrl/NTBwkBlt6xOdHzhQHkSax3HiGfzySoY9A3rozfd7oSCYqyfMu1vj/MnOICW1mwG lpmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:feedback-id:mime-version:message-id:date :to:from:delivered-to; bh=FTIm6Nnx+Ovhe7ccdE+nOPomNNgaMZNxCgYzkRdbhDc=; b=Ic6xUGmR8DLUVUNnjU0JCiObIw+uAOpqDIQp3m+P0oHo/7OAKIuqaq25/7j3BxDVzX zjwsj3kgzNK0IQ6RxBay/yFK46Wtez4TgutLjtOMSkUdlo1CMTW/atnd8a45/Yr4Zc2B HSxM0ZpkOXncpk2CSyXvgLRKL+nrf0IBMgneRi6HjBn3J/GhD9NSYr9Hl1huXFKFCM6U chTnRWe6ugYYEks/AcsPv/PLTJLr2G+8VNlsudjbIYKm4eas4uf0rDA7ZYKvklw9S5wd S+dvHoRW2OeNN3a+qMcR//TjPNMuMNiux6WfV+tQ8r/0A385AMyp7Cyyd9xRyh66b8dD pdQw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id bq16si9838251edb.303.2021.09.14.04.19.41; Tue, 14 Sep 2021 04:19:42 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 957F068AD93; Tue, 14 Sep 2021 14:19:36 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from smtpbg587.qq.com (smtpbg128.qq.com [106.55.201.39]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1112F68A94A for ; Tue, 14 Sep 2021 14:19:29 +0300 (EEST) X-QQ-mid: bizesmtp52t1631618363tovmgybv Received: from localhost (unknown [103.107.216.230]) by esmtp6.qq.com (ESMTP) with id ; Tue, 14 Sep 2021 19:19:23 +0800 (CST) X-QQ-SSF: 01100000002000Z0Z000000A0000000 X-QQ-FEAT: VMEq1UFETtyqc6BqLIEtrBhdHG0onkksupHdKPChZm49V7WDdDR+uxqiAJ2BQ TxnpbAdL83EfW77W5DSLJQr3V5GRYg+HmXcj+ZqSoxoih7uvZ0YrIs05oouN5OvQE8BDBPl uG2ZE662zsPFBk0PboDpUyl5utVfRNpNL4Jhja4ErlzjIefJSamH40FamEgnGE+CZajburR 8q4rxEYMYvlrLC43dF8IOsVJTxIk1eV1ulwkzHG3pH+OCY8YSLYD4K9in4cxYwgQz2tIEb8 qTju36dsIh9B6eRRh4EZUoKGWsqTmpFGomdV7RByORpAB0JcScfpTKm4X0Ccg2fHbX+yLIX LZHO/Si X-QQ-GoodBg: 0 From: Steven Liu To: ffmpeg-devel@ffmpeg.org Date: Tue, 14 Sep 2021 19:19:19 +0800 Message-Id: <20210914111919.42032-1-lq@chinaffmpeg.org> X-Mailer: git-send-email 2.25.0 MIME-Version: 1.0 X-QQ-SENDSIZE: 520 Feedback-ID: bizesmtp:chinaffmpeg.org:qybgspam:qybgspam5 Subject: [FFmpeg-devel] [PATCH] avutil/imgutils: use INT64_MAX for alloc buffer check and image size check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Steven Liu Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: d7XdtaR6YtYo check alloc buffer size limit from INT_MAX to INT64_MAX check stride and stride*(uint64_t)(h+128) look into the Picture size condition using INT_MAX is smaller, so make it to INT64_MAX maybe large enough for Picture. Signed-off-by: Steven Liu --- libavutil/imgutils.c | 2 +- libavutil/imgutils.h | 2 +- libavutil/mem.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/libavutil/imgutils.c b/libavutil/imgutils.c index 9ab5757cf6..03abf1cece 100644 --- a/libavutil/imgutils.c +++ b/libavutil/imgutils.c @@ -298,7 +298,7 @@ int av_image_check_size2(unsigned int w, unsigned int h, int64_t max_pixels, enu stride = 8LL*w; stride += 128*8; - if ((int)w<=0 || (int)h<=0 || stride >= INT_MAX || stride*(uint64_t)(h+128) >= INT_MAX) { + if ((int)w<=0 || (int)h<=0 || stride >= INT64_MAX || stride*(uint64_t)(h+128) >= INT64_MAX) { av_log(&imgutils, AV_LOG_ERROR, "Picture size %ux%u is invalid\n", w, h); return AVERROR(EINVAL); } diff --git a/libavutil/imgutils.h b/libavutil/imgutils.h index cb2d74728e..5f1cac7579 100644 --- a/libavutil/imgutils.h +++ b/libavutil/imgutils.h @@ -248,7 +248,7 @@ int av_image_check_size(unsigned int w, unsigned int h, int log_offset, void *lo /** * Check if the given dimension of an image is valid, meaning that all * bytes of a plane of an image with the specified pix_fmt can be addressed - * with a signed int. + * with a int64. * * @param w the width of the picture * @param h the height of the picture diff --git a/libavutil/mem.c b/libavutil/mem.c index dcc75945d4..10f4328164 100644 --- a/libavutil/mem.c +++ b/libavutil/mem.c @@ -68,7 +68,7 @@ void free(void *ptr); * dynamic libraries and remove -Wl,-Bsymbolic from the linker flags. * Note that this will cost performance. */ -static atomic_size_t max_alloc_size = ATOMIC_VAR_INIT(INT_MAX); +static atomic_size_t max_alloc_size = ATOMIC_VAR_INIT(INT64_MAX); void av_max_alloc(size_t max){ atomic_store_explicit(&max_alloc_size, max, memory_order_relaxed);