From patchwork Fri Dec 24 03:09:01 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: rcombs <rcombs@rcombs.me>
X-Patchwork-Id: 32886
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp7805533iog;
        Thu, 23 Dec 2021 19:11:25 -0800 (PST)
X-Google-Smtp-Source: 
 ABdhPJyeUclVVOGr/20N+zwWIlJWZZ6AZneaAskfx4Ad6fmziDDOG0tqfhSoiRTFbLdaywSLk7Qd
X-Received: by 2002:a17:907:6e25:: with SMTP id
 sd37mr3985961ejc.529.1640315485219;
        Thu, 23 Dec 2021 19:11:25 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1640315485; cv=none;
        d=google.com; s=arc-20160816;
        b=q+FGj/NyHHZFTfJzWp0Iv9vdgQEj/LoWdz1i9qJ1dkDnYowIuRdQGqHoHLikoEv7Ql
         kdlrOprpUc/mMVF+OYZcyqeYTOG1XlXupDTybCXmoahk3Cdv1wHGqnpG7d8eCaSijXYd
         5PHPNJN/9AvVHtiEXNs1t/Poeub4WQ+vdtbZ/DHLbnJlkvEhq77NTvTw98zH6llg6N9U
         Qf0P0X9RwvP+zTs20u2Fw6Oulspo0uiBYc0OE7/nRuA4l9oU07FfohmEmB41fjAqJ1Cq
         wu5CQMglIdbaVgyviofut3z/Wn/4z/G3srmVK59dicCkrxi7ZaeCTUNFgvDyx21Wtnfi
         SPdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=dSWmBSIjwYLfJBD9urxlLnPJbjbAvE9clTKQhMTD6xY=;
        b=txlSwEBfpyBOHnh6XMtrhLLNzTbVwk6dcD6HK9pSuEfD3b31RTHVnHsVmha8bxlH5x
         6tO6Q9e8uzP2izeygrS4puq9fvCT9XtdzRvRLbr9ul1GWfyk3aHyumTlQYDYlDv1pdgx
         6xKp22xCbB33jWGJu6HJAgrxZ8XgmEJcf8qB86sTGNyvQRa2RhSYsXFkxD4NRxhvhvwq
         DMcDzxGTDgiV5hB+fLaV4vGV14uW2TXWPFMHna5yXDf7kH5RvQKTmUi41kAAS1XT9/gh
         6xAPSDJSA++KFDNNSjXXdliOLFPaXnhVFq09a8FiUp21q4vZEUZpTsqnOQGDSjTYyDe9
         L/Ug==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@rcombs.me
 header.s=google header.b=gHB1C7j7;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=rcombs.me
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 bd13si2839536edb.397.2021.12.23.19.11.24;
        Thu, 23 Dec 2021 19:11:25 -0800 (PST)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@rcombs.me
 header.s=google header.b=gHB1C7j7;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=rcombs.me
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id A7BFB68B243;
	Fri, 24 Dec 2021 05:09:35 +0200 (EET)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-qt1-f174.google.com (mail-qt1-f174.google.com
 [209.85.160.174])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7939568A656
 for <ffmpeg-devel@ffmpeg.org>; Fri, 24 Dec 2021 05:09:27 +0200 (EET)
Received: by mail-qt1-f174.google.com with SMTP id z9so6619152qtj.9
 for <ffmpeg-devel@ffmpeg.org>; Thu, 23 Dec 2021 19:09:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rcombs.me; s=google;
 h=from:to:subject:date:message-id:in-reply-to:references:mime-version
 :content-transfer-encoding;
 bh=XPYYopJZsarXhfC8ftQ3REXxvC1jf9E4ycIhV/cmeks=;
 b=gHB1C7j7Q7HahA18kAII9yrL9LMhIidVuXY5HA+jn4sUdZiOnzesGLQYAAGhqzgTBa
 cD6sFzwics+XQlx2wuE6JbKLhQjFdPM6jrfcvkbN0i2OLbq/FvRy5jfcDVV61ZYIc+0L
 68YAb0pclH30yFaQP1LYr6t5vwl3xrooNiNagfF+CzNxSs/yGFy5dio/PlVXqqIOY25D
 H5luU19ZB3Ox9LlmUgreG4BpILJTgMHsvrcVpH2e/FPWKbdUe0LALoEogXWaVLRXX+o9
 Zg9aI8KKUUE5pd+aBQc6BlI1c1Q2vwrJFU0FUxEEB77/Db9NjRM2SiSU/OBVE1xADNOt
 oo5A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
 :references:mime-version:content-transfer-encoding;
 bh=XPYYopJZsarXhfC8ftQ3REXxvC1jf9E4ycIhV/cmeks=;
 b=Y2NeskEsq0fZBmxHtB9gp1WLFFfDlzN+/Xygc1R2ny1AuqXlvNSLavuNectB22P+iQ
 gLFt9k37+koxlz/us3xz9FdGbMsnh0xw0vFQMNB7dCM/EYz66pyAajx+cxpIS2lSiIJ7
 AYVot6Nu14XQ6HumpjIXG6zkq8+xw9DVboRgJXyU9WhzgmVcbGux2m4HWa54Z1WcvgHJ
 /e/sdeg9t0x5mYnW9IsLk+Wo2YwqEn7Fm8Dgu4kzID2AiKzggXyhp+sgWUjC6QCXE/vl
 vk/pQixn5uGlvJjNb60h7S1GrZaOAIoODhezuLTe7qBbM+XaOTXbDORMi0bfPSsbUeb+
 l2EA==
X-Gm-Message-State: AOAM533EnYVQTgPQjueXwFdVbeBD8Xf4KP7GzJQrTsGJzODKXVAQdV71
 6rRVOEckY0EzvecRNGGZXZHj/eazNayfHn0=
X-Received: by 2002:ac8:57cc:: with SMTP id w12mr4213049qta.82.1640315365981;
 Thu, 23 Dec 2021 19:09:25 -0800 (PST)
Received: from rcombs-mbp.localdomain ([2601:243:2000:5ac:cd8d:58a:de7b:88f1])
 by smtp.gmail.com with ESMTPSA id
 e15sm5162479qtq.83.2021.12.23.19.09.25 for <ffmpeg-devel@ffmpeg.org>
 (version=TLS1_3 cipher=TLS_CHACHA20_POLY1305_SHA256 bits=256/256);
 Thu, 23 Dec 2021 19:09:25 -0800 (PST)
From: rcombs <rcombs@rcombs.me>
To: ffmpeg-devel@ffmpeg.org
Date: Thu, 23 Dec 2021 21:09:01 -0600
Message-Id: <20211224030904.1196-14-rcombs@rcombs.me>
X-Mailer: git-send-email 2.33.1
In-Reply-To: <20211224030904.1196-1-rcombs@rcombs.me>
References: <20211224030904.1196-1-rcombs@rcombs.me>
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 13/16] lavfi/drawutils: ensure we can't
 overflow a component
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: tmalYgbIxHpl

---
 libavfilter/drawutils.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/libavfilter/drawutils.c b/libavfilter/drawutils.c
index 99c124822d..bcdb669bd3 100644
--- a/libavfilter/drawutils.c
+++ b/libavfilter/drawutils.c
@@ -112,6 +112,8 @@ int ff_draw_init(FFDrawContext *draw, enum AVPixelFormat format, unsigned flags)
         if (depthb && (depthb != db))
             return AVERROR(ENOSYS);
         depthb = db;
+        if (db * (c->offset + 1) > 16)
+            return AVERROR(ENOSYS);
         /* strange interleaving */
         if (pixelstep[c->plane] != 0 &&
             pixelstep[c->plane] != c->step)