From patchwork Tue Feb 1 13:07:05 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 34037 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6602:2c4e:0:0:0:0 with SMTP id x14csp613308iov; Tue, 1 Feb 2022 05:23:50 -0800 (PST) X-Google-Smtp-Source: ABdhPJwh9RfJVLyX3OBqU/aTh3HA8+3JUARhh+zqBxluC76ldqJ2Pex4tfToScxYAVINoQJXlkcR X-Received: by 2002:a17:906:3b84:: with SMTP id u4mr20830320ejf.689.1643721830140; Tue, 01 Feb 2022 05:23:50 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id z26si9554103edi.339.2022.02.01.05.23.49; Tue, 01 Feb 2022 05:23:50 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=dD3WtVSk; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7A8B168B47B; Tue, 1 Feb 2022 15:09:31 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-oln040092074029.outbound.protection.outlook.com [40.92.74.29]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 2966F68B413 for ; Tue, 1 Feb 2022 15:09:27 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=h7mPoCxTa2vjPdFLUhkGZEs8lYxX6DqTmlpGRx2KgtApnj9I5neQybO2rjffhX4ytr6LJliwUWn5SmEL+GYebnNsIJl8A7VAv2NdvhzEakN64iXn0pZ/SgxlPLOnFXpiEDY1HzJ6CC6MioVt848GgfYzrFfnS+8n2jVHngpE2QlYWwtupzW+2GpduP13sPPg491TeTqxI7jAhfXPyokTuzShZSWC2deE+T3K6YLYyGUW2ZvN7NsMuzo1jdrhFJmjBwq+TahXG02ME5X33MaUU7VTwWhcqHzviV/Nl6DvwFYlBpVurgv9Yb47yiAM6HtUQQcRChse2oMzBizPFHtxFA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Bd0RGkaLBkrCW3H0wqRLHhKy/Xe4bLeYBSIGCZOCzWU=; b=YAMKIhaRWIDIn2pZtRuRtIS5SEriKNXwz3ufuQC8pCpK5HRk3qF7/Ky7fOBqRq1eVcpDcO05PRnx1wBE6YKY0izQ3jfnY31ZzFArpjmZithzua/l5+T77sXZMh6wfVlXoe26fLliq1o40hhBY0PciYPtEs99vSAWNCk3B/zm67QhHaCI7JJrNQpTYwoYVozlshu5nAhLpqt5tBIPN+rjjGueB6emVsHFLevEaE55015NdlqpVxRjJdqZP25jG4aZmYXbwJVhw1jCB6r/sH9EmgGd0StFiMMUH29Cb/gERyNmMt1BPRodmLxR2X+Mzeb2nEMPwq5cbhVaKA5T/WX/aw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Bd0RGkaLBkrCW3H0wqRLHhKy/Xe4bLeYBSIGCZOCzWU=; b=dD3WtVSkinbAUmcDyTCFcs0sI3tqgzidod2RaNCV9dT/cV+HTPwJcKxY5yOKDZWlHJaL5Zh18eQMGeUaIsxK8tiJps5oudO8EDyfayit7ViH1frBeNyI6Sq0Ub++E7MDNk0NllEFdje9O0fCPyJF61425oRJlakqO73svvZAbxJlk7xjK/3z0ZDBZe1biNBrFeDoIYc/xqDOXBFIsqENVmRHYLnj68CC1wpuH2xrMnBS4m3S1O+i2BgyGITblgvQNmFSzOyeMZe7C+9tXFowGmQjWb5fVrNRzzMXayr0ncCANV7Tjf0ketoyP/yOzHtgMvtTaLBtGUtUG/uWo6rfeQ== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by DBBPR03MB6778.eurprd03.prod.outlook.com (2603:10a6:10:201::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4930.22; Tue, 1 Feb 2022 13:09:26 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::ac56:2ff4:d304:ab22]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::ac56:2ff4:d304:ab22%6]) with mapi id 15.20.4951.011; Tue, 1 Feb 2022 13:09:26 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Tue, 1 Feb 2022 14:07:05 +0100 Message-ID: X-Mailer: git-send-email 2.32.0 In-Reply-To: References: X-TMN: [uDAQrzOS6Fch7gQO6EDI55s6X5UoRNYG] X-ClientProxiedBy: AM6P195CA0092.EURP195.PROD.OUTLOOK.COM (2603:10a6:209:86::33) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <20220201130706.1420875-67-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: a5239189-f231-4071-9cd3-08d9e584030e X-MS-TrafficTypeDiagnostic: DBBPR03MB6778:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: DDuM/1lkl64E/mjNmpLLt0jFwYNeN7dHkfThED/vYHuPgM8ArCKoZhDlkgVSmxY99ILhlD6HpZygFmeBUci4umOR0mm3gdYoubezN+EVQbIU1Yh53DWLwaCkGFFwjPWSwiajD4BRkHEAAt7pxqVQ7VaqwjpyWlP4zZD2bm6s7NsvXb2jcq+7tP92S4hFCHkx7qUSm6M1jo2GrMy0D28lZHPAqqAW+3E4y4DtTgNA3ZYqFUFX/AbPXSXi/WPozn6TOy4Wk7ccYFDPZXXoHjjkokgvD30He3iLmVeCOuH0MQcR44+E2Qd7GIWJMwlHF3NAqpZzL6nJe/ifv4xvfGuzKTOaujyh+jjq0yzrnrsx9LPJL3kRiW3t4JxoX3za4Ay7eETztflKCVMebdeebepic7D8Nog46bUYCQMBnt4eaWhJQeAIPj4NMim/w3F+Ehtpouu+wlmWlFg7KL2QSyEdDzS4JrSTTgU6Uc3VlHykH0um4+y06a720stb0wUSs2mC4tunbTqiQ+hx5nVZPAfqJ8RyRW0UzLevHWwzdoWQvVA= X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: VR/nA3pTRiRyPekiz4S8tBAOIKPjfSsmomuKjjGIoZukglZL/vCAu2cM2NienrBkGtEGmgNCyDCLk8Q96tvhV+w62ex4lIZJVFzjqvdlnH/TOIV7vqSxubDFRTkluWR5kyndq45iPKaM4+pDznfPH6jOs0+Vks/pfeVkmsmLRJNztntLXJB6sdVIT00dE6KQCTVPl/N13F1cxcmMsbQJCRxle9lgAVAu3A4XVrglwPXzhAgqLPILAr9UvH4xR1fohz6ongmjv6hwTg8PxkLYJaM/e+tsw0gY/bFWJtpJWDPsvXqPdAoEgMdGbltPL/fZ3okmiPhejt8pa3i/YBoh7dY7SFcrw2xONy6DXCkvnQULHgw+Ii3JL2FhE1HW7hp1brgxflQ6Is8O/mvVBSXunQuv5OBJYuTN0/Ts+JXvnvs/kcvCvF3EwFxxh2NpMwHwSRYCkrOhfw2FjqUQtY0Es+a2ONLpg18tLts3EcFYJt5GbvHho1rkDcSYs9gnMj1g7liu0y0S+dcKBOKQP4a0IpA33+XKF1f7F/I+yZsGLrgZ8UOqqdYeD/KwjkH7xiEB3IbgzZgPM8N3etOhSsqZ2bOWZ0dE7D1gmc3gc3AKISVsD+GfuqpGYMD86YBwBY4Ryes+k/GHuIcSx8bWdbJhbS4+V+ITde7PzreQhV/IsL34LtmyVK/PYqBw3Pqxyt6vkaIVAWJqcHSinObgPbEKrSlTcNpvOOnHd350MkxBZEyg0EAszHYXQawLD5l4k45sELkP8FE5t6IobWZBt0H2REXm7oQ+zpltq0lPaCSog5R9C6AV7MOUfpNUHqVSJ11KTPXuMvY9w+diIXVtU+Gv6xkI8e5JAY7iE1QhdBTNH2sySolc3ItrV/P6vhpFgpkOU+WiPLGhEDRjbK1+Yo8u38MUBsfWQOVHRuSbLQ6BQtR5Tk0uo1Dwbw8IyKNVi+fPI9zWoQNZ65sKaNohGeJpAw== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a5239189-f231-4071-9cd3-08d9e584030e X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Feb 2022 13:09:00.0306 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DBBPR03MB6778 Subject: [FFmpeg-devel] [PATCH v2 68/69] avcodec/mpegvideo_dec: Remove potentially UB always-true checks X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 6IngSbqDw2re ff_mpeg_update_thread_context() currently checks for whether the source (current|last|next)_picture_ptr points into the src context's picture array by performing a pointer comparison. Yet pointer comparisons are only legal when the pointers point into the same array object (or one past the last element); otherwise they are undefined behaviour that happen to work (at least with a flat address space). In this case this code is moreover a remnant of the time when the H.264 decoder used H.264 (see the commit message of d9df93efbf59b1dc8b013d174ca4ad9c634c28f7); the current decoders never set these pointers to anything outside of the picture array (except NULL). So remove these checks. Signed-off-by: Andreas Rheinhardt --- libavcodec/mpegvideo.h | 3 +++ libavcodec/mpegvideo_dec.c | 7 ++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/libavcodec/mpegvideo.h b/libavcodec/mpegvideo.h index a65c23f1d1..af1d9af2bd 100644 --- a/libavcodec/mpegvideo.h +++ b/libavcodec/mpegvideo.h @@ -142,6 +142,9 @@ typedef struct MPVContext { */ Picture current_picture; ///< buffer to store the decompressed current picture + /* The following three pointers must be either NULL or point + * to a picture in the main picture buffer (i.e. picture) + * for users of mpegvideodec. */ Picture *last_picture_ptr; ///< pointer to the previous picture. Picture *next_picture_ptr; ///< pointer to the next picture (for bidir pred) Picture *current_picture_ptr; ///< pointer to the current picture diff --git a/libavcodec/mpegvideo_dec.c b/libavcodec/mpegvideo_dec.c index 8927a0a21b..137b47efa7 100644 --- a/libavcodec/mpegvideo_dec.c +++ b/libavcodec/mpegvideo_dec.c @@ -74,6 +74,9 @@ int ff_mpeg_update_thread_context(AVCodecContext *dst, s->avctx = dst; s->parent_ctx = m; s->private_ctx = private_ctx; + s->current_picture_ptr = NULL; + s->next_picture_ptr = NULL; + s->last_picture_ptr = NULL; s->bitstream_buffer = NULL; s->bitstream_buffer_size = s->allocated_bitstream_buffer_size = 0; @@ -133,9 +136,7 @@ do {\ UPDATE_PICTURE(next_picture); #define REBASE_PICTURE(pic, new_ctx, old_ctx) \ - ((pic && pic >= old_ctx->picture && \ - pic < old_ctx->picture + MAX_PICTURE_COUNT) ? \ - &new_ctx->picture[pic - old_ctx->picture] : NULL) + ((pic) ? &(new_ctx)->picture[(pic) - (old_ctx)->picture] : NULL) s->last_picture_ptr = REBASE_PICTURE(s1->last_picture_ptr, s, s1); s->current_picture_ptr = REBASE_PICTURE(s1->current_picture_ptr, s, s1);