| Message ID | 20240516231932.6950-4-michael@niedermayer.cc |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,1/5] avcodec/rv34: assert that size is not 0 in rv34_gen_vlc_ext() | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
Michael Niedermayer: > Fixes: CID1473562 Unchecked return value > Fixes: CID1473592 Unchecked return value > > Sponsored-by: Sovereign Tech Fund > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavcodec/sga.c | 10 ++++++++-- > 1 file changed, 8 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/sga.c b/libavcodec/sga.c > index 0f42cf912b2..aca941e057e 100644 > --- a/libavcodec/sga.c > +++ b/libavcodec/sga.c > @@ -254,11 +254,14 @@ static int decode_palmapdata(AVCodecContext *avctx) > const int bits = (s->nb_pal + 1) / 2; > GetByteContext *gb = &s->gb; > GetBitContext pm; > + int ret; > > bytestream2_seek(gb, s->palmapdata_offset, SEEK_SET); > if (bytestream2_get_bytes_left(gb) < s->palmapdata_size) > return AVERROR_INVALIDDATA; > - init_get_bits8(&pm, gb->buffer, s->palmapdata_size); > + ret = init_get_bits8(&pm, gb->buffer, s->palmapdata_size); > + if (ret < 0) > + return ret; > > for (int y = 0; y < s->tiles_h; y++) { > uint8_t *dst = s->palmapindex_data + y * s->tiles_w; > @@ -277,11 +280,14 @@ static int decode_tiledata(AVCodecContext *avctx) > SGAVideoContext *s = avctx->priv_data; > GetByteContext *gb = &s->gb; > GetBitContext tm; > + int ret; > > bytestream2_seek(gb, s->tiledata_offset, SEEK_SET); > if (bytestream2_get_bytes_left(gb) < s->tiledata_size) > return AVERROR_INVALIDDATA; > - init_get_bits8(&tm, gb->buffer, s->tiledata_size); > + ret = init_get_bits8(&tm, gb->buffer, s->tiledata_size); > + if (ret < 0) > + return ret; > > for (int n = 0; n < s->nb_tiles; n++) { > uint8_t *dst = s->tileindex_data + n * 64; Both of these can not fail and could be checked via av_assert1: palmapdata_size is given by (s->tiles_w * s->tiles_h * ((s->nb_pal + 1) / 2) + 7) / 8 with tiles_w and tiles_h being in the 0..255 range and nb_pal being in the 0..4 range. tiledata_size is given by s->nb_tiles * 32; nb_tiles fits in 16 bits (it is either read via AV_RB16 or is given as the product of tiles_h * tiles_w, both of which are read from simple uint8_t. - Andreas
On Fri, May 17, 2024 at 09:53:21AM +0200, Andreas Rheinhardt wrote: > Michael Niedermayer: > > Fixes: CID1473562 Unchecked return value > > Fixes: CID1473592 Unchecked return value > > > > Sponsored-by: Sovereign Tech Fund > > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > > --- > > libavcodec/sga.c | 10 ++++++++-- > > 1 file changed, 8 insertions(+), 2 deletions(-) > > > > diff --git a/libavcodec/sga.c b/libavcodec/sga.c > > index 0f42cf912b2..aca941e057e 100644 > > --- a/libavcodec/sga.c > > +++ b/libavcodec/sga.c > > @@ -254,11 +254,14 @@ static int decode_palmapdata(AVCodecContext *avctx) > > const int bits = (s->nb_pal + 1) / 2; > > GetByteContext *gb = &s->gb; > > GetBitContext pm; > > + int ret; > > > > bytestream2_seek(gb, s->palmapdata_offset, SEEK_SET); > > if (bytestream2_get_bytes_left(gb) < s->palmapdata_size) > > return AVERROR_INVALIDDATA; > > - init_get_bits8(&pm, gb->buffer, s->palmapdata_size); > > + ret = init_get_bits8(&pm, gb->buffer, s->palmapdata_size); > > + if (ret < 0) > > + return ret; > > > > for (int y = 0; y < s->tiles_h; y++) { > > uint8_t *dst = s->palmapindex_data + y * s->tiles_w; > > @@ -277,11 +280,14 @@ static int decode_tiledata(AVCodecContext *avctx) > > SGAVideoContext *s = avctx->priv_data; > > GetByteContext *gb = &s->gb; > > GetBitContext tm; > > + int ret; > > > > bytestream2_seek(gb, s->tiledata_offset, SEEK_SET); > > if (bytestream2_get_bytes_left(gb) < s->tiledata_size) > > return AVERROR_INVALIDDATA; > > - init_get_bits8(&tm, gb->buffer, s->tiledata_size); > > + ret = init_get_bits8(&tm, gb->buffer, s->tiledata_size); > > + if (ret < 0) > > + return ret; > > > > for (int n = 0; n < s->nb_tiles; n++) { > > uint8_t *dst = s->tileindex_data + n * 64; > > Both of these can not fail and could be checked via av_assert1: > palmapdata_size is given by (s->tiles_w * s->tiles_h * ((s->nb_pal + 1) > / 2) + 7) / 8 with tiles_w and tiles_h being in the 0..255 range and > nb_pal being in the 0..4 range. > tiledata_size is given by s->nb_tiles * 32; nb_tiles fits in 16 bits (it > is either read via AV_RB16 or is given as the product of tiles_h * > tiles_w, both of which are read from simple uint8_t. ill use av_assert1() thx [...]
diff --git a/libavcodec/sga.c b/libavcodec/sga.c index 0f42cf912b2..aca941e057e 100644 --- a/libavcodec/sga.c +++ b/libavcodec/sga.c @@ -254,11 +254,14 @@ static int decode_palmapdata(AVCodecContext *avctx) const int bits = (s->nb_pal + 1) / 2; GetByteContext *gb = &s->gb; GetBitContext pm; + int ret; bytestream2_seek(gb, s->palmapdata_offset, SEEK_SET); if (bytestream2_get_bytes_left(gb) < s->palmapdata_size) return AVERROR_INVALIDDATA; - init_get_bits8(&pm, gb->buffer, s->palmapdata_size); + ret = init_get_bits8(&pm, gb->buffer, s->palmapdata_size); + if (ret < 0) + return ret; for (int y = 0; y < s->tiles_h; y++) { uint8_t *dst = s->palmapindex_data + y * s->tiles_w; @@ -277,11 +280,14 @@ static int decode_tiledata(AVCodecContext *avctx) SGAVideoContext *s = avctx->priv_data; GetByteContext *gb = &s->gb; GetBitContext tm; + int ret; bytestream2_seek(gb, s->tiledata_offset, SEEK_SET); if (bytestream2_get_bytes_left(gb) < s->tiledata_size) return AVERROR_INVALIDDATA; - init_get_bits8(&tm, gb->buffer, s->tiledata_size); + ret = init_get_bits8(&tm, gb->buffer, s->tiledata_size); + if (ret < 0) + return ret; for (int n = 0; n < s->nb_tiles; n++) { uint8_t *dst = s->tileindex_data + n * 64;
Fixes: CID1473562 Unchecked return value Fixes: CID1473592 Unchecked return value Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavcodec/sga.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-)