From patchwork Fri Jul 19 16:04:19 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Leo Izen <leo.izen@gmail.com>
X-Patchwork-Id: 50657
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:a742:0:b0:482:c625:d099 with SMTP id f2csp968129vqm;
        Fri, 19 Jul 2024 23:01:50 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWcFwZf28p/CW2eSgqQMS8QZiNdUQoYShWOyxMyekR3qJJPpmUFHo2vc1gew+rwD+udVC3PPy9NBj3UfGdP4Ejer51Rlp2nRAiqFg==
X-Google-Smtp-Source: 
 AGHT+IGuUcPJhq7/9B069NiVB436WI9Ez4OLdNefbvpJbkDvBy0+5q9wDxI2w0HwAlyP2/qYUMV2
X-Received: by 2002:a05:6512:2309:b0:52e:7448:e137 with SMTP id
 2adb3069b0e04-52efb52387fmr362880e87.6.1721455310020;
        Fri, 19 Jul 2024 23:01:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1721455310; cv=none;
        d=google.com; s=arc-20160816;
        b=U9//Dl9Gz8hMBFvwZMimaO/5C/PI4jsPjaAFCeonZoh4LOr1+SyulXwBGLwZpNkTvd
         kCDcQ2eLlcR/9WoZ9stqE+cXMw9fsbPqKR7HN3hvhfnYrlSusRvz0Qcd/brCB7mAMEz0
         tvGyLZDebEe5f9DAlp/OpVPkrW7S8VGChuAkCguazI589Btubn42VvCdpJbAZJSChszN
         9ZRJ37R2MV6ShnLfa6C0VV7OUqLjyfMX+pXZo40vcgErPfVg3XW4mxTgB2RK4RncXJj8
         0m7kcqjJ1YOOzaHD949RaahJdQQjklre2bATsJT9UWMIar8zX4CTpOOzWWggPJpDQ7M3
         V0pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:cc:reply-to
         :list-subscribe:list-help:list-post:list-archive:list-unsubscribe
         :list-id:precedence:subject:mime-version:message-id:date:to:from
         :dkim-signature:delivered-to;
        bh=8G+AhkHefHxm0qIfqK81rOgyal2jctuZQHJ/QEtmP3A=;
        fh=wbRw4dmpm5HLdLOi49E3B1xR6OR4JvuzzqZfDAQQ2R4=;
        b=z04x1Iml7AoJj340ax7qTo6cfdaTrs5NByCzdZWfaeWrRQZqItyVEWNO98vXXV9AbQ
         1pquHjXRY4zK4hCqnsOhxS5yFY3OXgS8YQSUb3QxT0Zz5xwNF2h/GD85Ut8/PpZfQrGY
         9gz0zZqgnxlgR5k2d+wBwzmpu4+LBXwtmzTYovnAqpHiWVff5dktvuBYE0Z/wjR/f5bn
         ULkEyhGMdh4dpGVUhwrQZn/+gtarD8BJtAGmDi1CR0A6SfGGhKpHlszgEGHZlYG33Tge
         SksbRmF1kEpLVXpUIzar25VtD6bYeBTmBLO2q1cprxltEz+CZfU4/MXdK2gcYNum3IwI
         8FCg==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20230601 header.b=nRAsLFKg;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=fail header.i=@gmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 2adb3069b0e04-52ef54f7957si760743e87.37.2024.07.19.23.01.49;
        Fri, 19 Jul 2024 23:01:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@gmail.com
 header.s=20230601 header.b=nRAsLFKg;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=fail header.i=@gmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4B6C468D9B0;
	Fri, 19 Jul 2024 19:04:31 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from mail-qv1-f49.google.com (mail-qv1-f49.google.com
 [209.85.219.49])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id C69E568D720
 for <ffmpeg-devel@ffmpeg.org>; Fri, 19 Jul 2024 19:04:23 +0300 (EEST)
Received: by mail-qv1-f49.google.com with SMTP id
 6a1803df08f44-6b79575f3daso2208366d6.3
 for <ffmpeg-devel@ffmpeg.org>; Fri, 19 Jul 2024 09:04:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=gmail.com; s=20230601; t=1721405062; x=1722009862; darn=ffmpeg.org;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:from:to:cc:subject:date:message-id:reply-to;
 bh=Ymtvi7uQ8YmCHp87hoyKBlnbl8T44sV6UU+Cmjqvg1s=;
 b=nRAsLFKgNmgHFqKaqz2YY9Q1BgLBWJdzkKxt7wO9oqsg5ljr7GkiRl/gKZPayLdKpZ
 M4IRMAo/r9JI22gykB1JbDBO7bZw+xUYdn6TSNifxqgXqYnuwqeIWXAQ7CXHo2DZPJS8
 8IGfWYZmGtXNQS7Qc5Y/oTIrvXzZCqTNnw0cuwajyqmVrfk+bnlXm326YTZJmWbD+3nq
 qLXizzRShw2O3Alt2OPeIF+4Rg9xMwjEVBPkVBqYJHQcLgeouje0T3W7sMzhpJxs3Jsc
 wHQnghr45+OeMfOP3/z7Uce1eXiQ2p+7CcQHwCIivCGz5N0FOw66/tSNXxLuzF6AR2O9
 +QfA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1721405062; x=1722009862;
 h=content-transfer-encoding:mime-version:message-id:date:subject:cc
 :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
 :reply-to;
 bh=Ymtvi7uQ8YmCHp87hoyKBlnbl8T44sV6UU+Cmjqvg1s=;
 b=XMSn0avvBCfj/kvDAm6h4D7ZMewYnx1vhsmZDl+hBOaFQimVxTDTp8uPGA8Uf8hr2x
 L1Tiw02S6l8aCwDmjArqtj6umGmT+wbJp9/vZvRaGEsE+WLCLj4paSZI/iOmPNUlSfHP
 mHIoHEizB3xHeUAy8qHOdrCPNypZJPeWwzwL6fbwelHjttOoDVcpyWZMTwip9cy4OgMA
 M1kCUOL7dPXLaOU4vupYgExALMIanS67GyDBip2kNDjre68aYD6xnA7nc7Wj42PlQWhM
 kA5MZdZJkOn+8OpnekUuE74Fa8u5lZVIGbv2Jl3PeFWjFp4hu0YxuBK4RCqkzyTL6aYD
 5i0Q==
X-Gm-Message-State: AOJu0Yz9gmak1T2aWvfV7sVBR9tJFvyzd2gRuTXHeonHkUvqu3vZqJyX
 V2YF5/R/4wY3E7wor/tOAqC69U0LFL4ykRIrv312ZqSnzB05W6R0Tj0uLw==
X-Received: by 2002:a05:620a:40c2:b0:79f:726:e2d6 with SMTP id
 af79cd13be357-7a1a13c849fmr15740285a.5.1721405062205;
 Fri, 19 Jul 2024 09:04:22 -0700 (PDT)
Received: from gauss.local (c-68-56-149-176.hsd1.mi.comcast.net.
 [68.56.149.176]) by smtp.gmail.com with ESMTPSA id
 af79cd13be357-7a198fbe1basm100836985a.40.2024.07.19.09.04.21
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Fri, 19 Jul 2024 09:04:21 -0700 (PDT)
From: Leo Izen <leo.izen@gmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Fri, 19 Jul 2024 12:04:19 -0400
Message-ID: <20240719160420.169775-1-leo.izen@gmail.com>
X-Mailer: git-send-email 2.45.2
MIME-Version: 1.0
Subject: [FFmpeg-devel] [PATCH 1/2] avcodec/pngdec: use 8-bit sBIT cap for
 indexed PNGs per spec
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Ramiro Polla <ramiro.polla@gmail.com>, Leo Izen <leo.izen@gmail.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: CZfcc6Fa4K3F

The PNG specification[1] says that sBIT entries must be at most the bit
depth specified in IHDR, unless the PNG is indexed-color, in which case
sBIT must be between 1 and 8. We should not reject valid sBITs on PNGs
with indexed color.

[1]: https://www.w3.org/TR/png-3/#11sBIT

Regression since 84b454935fae2633a8a5dd075e22393f3e8f932f.

Signed-off-by: Leo Izen <leo.izen@gmail.com>
Reported-by: Ramiro Polla <ramiro.polla@gmail.com>
---
 libavcodec/pngdec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
index cb861e5f60..c5b32c166d 100644
--- a/libavcodec/pngdec.c
+++ b/libavcodec/pngdec.c
@@ -1097,7 +1097,7 @@ static int decode_sbit_chunk(AVCodecContext *avctx, PNGDecContext *s,
         bits = FFMAX(b, bits);
     }
 
-    if (bits < 0 || bits > s->bit_depth) {
+    if (bits <= 0 || bits > (s->color_type & PNG_COLOR_MASK_PALETTE ? 8 : s->bit_depth)) {
         av_log(avctx, AV_LOG_ERROR, "Invalid significant bits: %d\n", bits);
         return AVERROR_INVALIDDATA;
     }