From patchwork Tue Jan 11 20:45:36 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Khirnov X-Patchwork-Id: 33236 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:cd86:0:0:0:0:0 with SMTP id d128csp4047728iog; Tue, 11 Jan 2022 12:47:49 -0800 (PST) X-Google-Smtp-Source: ABdhPJwySZ0AFlNZqZho43avbeJZ7SdcpKAVerx2OqjI2QJiIS7sJfGrsecmJO/T9UMybPbDGy2T X-Received: by 2002:a17:906:a1d1:: with SMTP id bx17mr5082809ejb.602.1641934069417; Tue, 11 Jan 2022 12:47:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1641934069; cv=none; d=google.com; s=arc-20160816; b=Q754AnofnWjw7k02de2MLLpIyXWgBV3NbQdsi2KhmYnXmgTQEQbYXXwp6VvK07Gp5G yXvermbCEE9mSxQCJ2m6VJYWqdSqGVkeR/igNBkw4pP8G+4PdUBKMoqjaUebn7aqVPxf Tb2VcvS3KkeYIZnVBcd59CzqDKBc1b1Xd/f4T8ceelxHj3vxszorHam6p09aPWsjHBmt GhvwdPknGvtGNFODhge16Udk22OFdcTk6pitU9OxR604qy9Ht5zlY5hyzZwGIQwKZdRa kM9HSX+NJDKwsrVTyrEFPMdydPs1pxmmr114SinBt8NwWKhDDgi1dBTuhNzY9JBnuhXE P0FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :delivered-to; bh=kzL7R9hjWq1zXNLLH7UIKSlH0YOm4qpo/XHsIFXcolY=; b=lol1RJxdpuSjJpJTlt1inCmMHtmLBCHVnVNOt8oJ71/BxlQNe4rZB4bp+kAfEN7Uhi lw6IXQW9I63zXOm7+SBffrvhCPr3bJ/g7dMxJusuAMhd+wxdB4B/QkPqGRHI/rv/+OF/ rogcOr/I1Oo9fkKxOJ8M1qBGwjhQO8Mt19X3S40V+lE8dM67Zxs+TqqBpZsrVYkQYrTP /wOdtrjWPNC8QIL1I3erlmA3QythB1uIGf7BaFcPX9oaX5zHARsPNycfdVluaQX2Es1U L7Db+N/cjdrqg2P8L8Qe0IcL4sSfbh0qZjd1w4Cw0kmkrNjIo4zZBUsB58P2qKoAtUCF YkEA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id l10si5428589edc.327.2022.01.11.12.47.48; Tue, 11 Jan 2022 12:47:49 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3F83368AEB1; Tue, 11 Jan 2022 22:47:34 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail0.khirnov.net (unknown [176.97.15.12]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BCA0268A6E0 for ; Tue, 11 Jan 2022 22:47:26 +0200 (EET) Received: from localhost (localhost [IPv6:::1]) by mail0.khirnov.net (Postfix) with ESMTP id 9D5CA24056A for ; Tue, 11 Jan 2022 21:47:25 +0100 (CET) Received: from mail0.khirnov.net ([IPv6:::1]) by localhost (mail0.khirnov.net [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 1SPfFdU9-pmD for ; Tue, 11 Jan 2022 21:47:25 +0100 (CET) Received: from libav.khirnov.net (libav.khirnov.net [IPv6:2a00:c500:561:201::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "libav.khirnov.net", Issuer "smtp.khirnov.net SMTP CA" (verified OK)) by mail0.khirnov.net (Postfix) with ESMTPS id 181EA240179 for ; Tue, 11 Jan 2022 21:47:25 +0100 (CET) Received: by libav.khirnov.net (Postfix, from userid 1000) id E15683A0631; Tue, 11 Jan 2022 21:47:24 +0100 (CET) From: Anton Khirnov To: ffmpeg-devel@ffmpeg.org Date: Tue, 11 Jan 2022 21:45:36 +0100 Message-Id: <20220111204610.14262-1-anton@khirnov.net> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 01/35] lavu/fifo: disallow overly large fifo sizes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: EPN67fHlgi6F The API currently allows creating FIFOs up to - UINT_MAX: av_fifo_alloc(), av_fifo_realloc(), av_fifo_grow() - SIZE_MAX: av_fifo_alloc_array() However the usable limit is determined by - rndx/wndx being uint32_t - av_fifo_[size,space] returning int so no FIFO should be larger than the smallest of - INT_MAX - UINT32_MAX - SIZE_MAX (which should be INT_MAX an all commonly used platforms). Return an error on trying to allocate FIFOs larger than this limit. --- libavutil/fifo.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavutil/fifo.c b/libavutil/fifo.c index d741bdd395..f2f046b1f3 100644 --- a/libavutil/fifo.c +++ b/libavutil/fifo.c @@ -20,14 +20,23 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#include + #include "avassert.h" #include "common.h" #include "fifo.h" +#define FIFO_SIZE_MAX FFMIN3((uint64_t)INT_MAX, (uint64_t)UINT32_MAX, (uint64_t)SIZE_MAX) + AVFifoBuffer *av_fifo_alloc_array(size_t nmemb, size_t size) { AVFifoBuffer *f; - void *buffer = av_realloc_array(NULL, nmemb, size); + void *buffer; + + if (nmemb > FIFO_SIZE_MAX / size) + return NULL; + + buffer = av_realloc_array(NULL, nmemb, size); if (!buffer) return NULL; f = av_mallocz(sizeof(AVFifoBuffer)); @@ -82,6 +91,9 @@ int av_fifo_realloc2(AVFifoBuffer *f, unsigned int new_size) { unsigned int old_size = f->end - f->buffer; + if (new_size > FIFO_SIZE_MAX) + return AVERROR(EINVAL); + if (old_size < new_size) { size_t offset_r = f->rptr - f->buffer; size_t offset_w = f->wptr - f->buffer;