From patchwork Thu Jan 5 11:07:56 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Anton Khirnov X-Patchwork-Id: 39883 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a20:bc95:b0:ad:ade2:bfd2 with SMTP id fx21csp297390pzb; Thu, 5 Jan 2023 03:08:25 -0800 (PST) X-Google-Smtp-Source: AMrXdXtm7gUIpbYNo7AyWeHQzHksUWwQKexk3oLrJAOj8ugYjFC/a2F9/0k45rmrusA8BGNhLGau X-Received: by 2002:a05:6402:5145:b0:462:7b85:33aa with SMTP id n5-20020a056402514500b004627b8533aamr42966825edd.2.1672916905473; Thu, 05 Jan 2023 03:08:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672916905; cv=none; d=google.com; s=arc-20160816; b=XRfnwg1pNXIhyd5JEw849i7hJUK5A1BpvM43OSzHFmHnF2NQ1RqWDdnxeVVA/whX0m cywWhQYy+EyBMZ4gB9DVvX/k+Zglsu61t9NgDG5rMpxrvt/rJTYwl/U4Si1MCUwTulVO i75LxLDngl/noXnLvW4bK7GkWYqI3fJQL38j5XyrOv8z53W3nx7g7vG4Zjii3Go7cLup PA+rD/8yq3x9HAn4bA6eGInqs80JW5mULV2413UMyfqfPrnx9bYNkqrBUOf3J+T0j8bm 0+BBG3wDzuNbMD9zKt1pS9pzheXmH9Zaml7qL1Yl+tsstFbf/oMf0491amjtgLt4yJ4r n1nA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:delivered-to; bh=C2QH21rYFyji23/usoVPGCedcTIerdvMk48QKh7/V64=; b=WfqrzFqHQFLUxqAfDVpNp+cs2j+08VQABJxfccuqLnCXdOx7Md+leowFD8TWCpWW8z C5zSDyYfOLRdtyAqB8wlSgNQA22Q9jIkTFMIWAVjoUKxn0uOBpwQJlnFd3Iic+rOQOMJ s59ReY281adSxLis59df9Olk9TIeXssHp1fouQEDTFVIpdyiLihu8cZ3RqAhlM+gyqFh T7lo0uZuN+9WXkbD9KFX+9qAbuaSYkFZzyhc499knncHhUM8v8Ssx1GkCdBiGBH0NLzo +bm8uijsYoi8z0Yg/z4qJaWYbddl0V9iwPgh+bkwp3ckpy3Gbh9/LLajAsGt9wWnBzEH sWVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id f16-20020a056402355000b004853521ef69si30333649edd.258.2023.01.05.03.08.18; Thu, 05 Jan 2023 03:08:25 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 96CDE68BCEB; Thu, 5 Jan 2023 13:08:07 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail0.khirnov.net (red.khirnov.net [176.97.15.12]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 1A53D68BC58 for ; Thu, 5 Jan 2023 13:08:00 +0200 (EET) Received: from localhost (localhost [IPv6:::1]) by mail0.khirnov.net (Postfix) with ESMTP id D5B52240499 for ; Thu, 5 Jan 2023 12:07:59 +0100 (CET) Received: from mail0.khirnov.net ([IPv6:::1]) by localhost (mail0.khirnov.net [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id EZnbS5MMldSn for ; Thu, 5 Jan 2023 12:07:59 +0100 (CET) Received: from libav.khirnov.net (libav.khirnov.net [IPv6:2a00:c500:561:201::7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "libav.khirnov.net", Issuer "smtp.khirnov.net SMTP CA" (verified OK)) by mail0.khirnov.net (Postfix) with ESMTPS id D8ABF2404F8 for ; Thu, 5 Jan 2023 12:07:58 +0100 (CET) Received: from libav.khirnov.net (libav.khirnov.net [IPv6:::1]) by libav.khirnov.net (Postfix) with ESMTP id A91693A034C for ; Thu, 5 Jan 2023 12:07:58 +0100 (CET) From: Anton Khirnov To: ffmpeg-devel@ffmpeg.org Date: Thu, 5 Jan 2023 12:07:56 +0100 Message-Id: <20230105110756.473-4-anton@khirnov.net> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20230105110756.473-1-anton@khirnov.net> References: <20230105110756.473-1-anton@khirnov.net> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 4/4] lavc/decode: validate frames output by decoders X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: AWy7heRooGu+ Make sure no frames with invalid parameters will be seen by the caller. --- libavcodec/decode.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/libavcodec/decode.c b/libavcodec/decode.c index 56ba06d5d5..0abc88737b 100644 --- a/libavcodec/decode.c +++ b/libavcodec/decode.c @@ -667,6 +667,33 @@ static int apply_cropping(AVCodecContext *avctx, AVFrame *frame) AV_FRAME_CROP_UNALIGNED : 0); } +// make sure frames returned to the caller are valid +static int frame_validate(AVCodecContext *avctx, AVFrame *frame) +{ + if (!frame->buf[0] || frame->format < 0) + goto fail; + + switch (avctx->codec_type) { + case AVMEDIA_TYPE_VIDEO: + if (frame->width <= 0 || frame->height <= 0) + goto fail; + break; + case AVMEDIA_TYPE_AUDIO: + if (!av_channel_layout_check(&frame->ch_layout) || + frame->sample_rate <= 0) + goto fail; + + break; + default: av_assert0(0); + } + + return 0; +fail: + av_log(avctx, AV_LOG_ERROR, "An invalid frame was output by a decoder. " + "This is a bug, please report it.\n"); + return AVERROR_BUG; +} + int ff_decode_receive_frame(AVCodecContext *avctx, AVFrame *frame) { AVCodecInternal *avci = avctx->internal; @@ -683,6 +710,10 @@ int ff_decode_receive_frame(AVCodecContext *avctx, AVFrame *frame) return ret; } + ret = frame_validate(avctx, frame); + if (ret < 0) + goto fail; + if (avctx->codec_type == AVMEDIA_TYPE_VIDEO) { ret = apply_cropping(avctx, frame); if (ret < 0)