From patchwork Mon Jan 24 14:45:47 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 33766 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:e71a:0:0:0:0:0 with SMTP id b26csp385628ioh; Mon, 24 Jan 2022 06:46:46 -0800 (PST) X-Google-Smtp-Source: ABdhPJyMNIx6WkGQuSrHhxojLsU4rm7zGlP4y5RARGrInbr3tFMXucl3EKrV2JUIsT4jgxia5jB4 X-Received: by 2002:a05:6402:2685:: with SMTP id w5mr16316053edd.151.1643035606622; Mon, 24 Jan 2022 06:46:46 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id g1si10760392edb.24.2022.01.24.06.46.46; Mon, 24 Jan 2022 06:46:46 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=pMlFgQqa; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 07E1C68B034; Mon, 24 Jan 2022 16:46:43 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-oln040092070031.outbound.protection.outlook.com [40.92.70.31]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 998FE68AEB1 for ; Mon, 24 Jan 2022 16:46:36 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AVHyJs7nOpUQ5/8A4M2wQvHAtxQi+xKFN0JfIxIjfi5fVv8vptakY6xjYKu7S/8cu2kBvD8FKW9yq4vH0PJOHRolnihRM9/Nc34LHWWlqdqIHaH1cBT8UWbI4l1r7TJM5DNbVY03kTUlCWNrEKpI4kEBo4h4zgq9emhZa0lurld9orBAzEt1s8Lz2s2ESeyfNYkKfL0umiUyKj8ofWASbwx0yU358cGXbrOaLKiehdZn7z9+X+GcL5XaUqyVB+cYN3/kCVsNtRCmknbMHqmr777l1XwR4vS1Xu2S2ezxhan4TO2YH55Eko4tFaxqZdlSLZXJytNqaONfV6v0OvfwLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=h+P3sXEjGcXBM5BMxNYT3AX1XUK21+xn0U6bS/eZZac=; b=drvovigLxnjlSUG2lBAIdSyV2V60EheWvqK02u2Z8vEZOa4WFteFpDU2cqZnGtQEypcfUzNx2XCeZmDvtLnhIdBQ59mRLyrSMntJfOnrJAnstNzHYbQsT3Z+vsRQKADBVN9p0S8sO9RMXH+LYPwHOK3vQy4BoYaliWx6mAC+536sW1NIR2Le2Th6ukrUc1IPCZcZlveqPlewkB1bz5kwbUIJUs36XBuIR5ylY0XDFYfE1vG3C9umvo0VY7/ZNHjuEktN5QL9s8ttvF87rPlEQsYGRyktrm3hvaEiKoWVvRTxg5O/GnIyt73IXWMggnE3HHXZkh03kLYb0hU4/Z699A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=h+P3sXEjGcXBM5BMxNYT3AX1XUK21+xn0U6bS/eZZac=; b=pMlFgQqahZkQmnbpvqO1q9okI/N4AJ4BftLfr6t3ahPr6I4G2bZ5/OVdhCEsmMw+aA3/2/YPpJuimixNQW2vFG36n88jiPX/FKPxASOzEP5F7SwKZKcEEE5a0D0zOFe5taVuWhka7O9qF1MLWdXPsDfCTPAoZbSCeWvs5XhKHTPF2cBoCm8QHig2K+YfkgDiS7ieE54pY16AFiKGpy+mC/WN2f/Yv7XwseCS/9S/x/f7YWR8cp8FJZ46CqxQTKERMtXU6TOGOdds095Lx7bgjsy8O3JNUgd5n/xqMBx6mRHBZD6MXuitZG1gPzPSqBqjggNco18N9tMtk858cQ+qWA== Received: from AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) by AM6PR03MB5236.eurprd03.prod.outlook.com (2603:10a6:20b:c4::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4909.17; Mon, 24 Jan 2022 14:46:35 +0000 Received: from AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::ac56:2ff4:d304:ab22]) by AM7PR03MB6660.eurprd03.prod.outlook.com ([fe80::ac56:2ff4:d304:ab22%4]) with mapi id 15.20.4909.017; Mon, 24 Jan 2022 14:46:35 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 24 Jan 2022 15:45:47 +0100 Message-ID: X-Mailer: git-send-email 2.32.0 In-Reply-To: References: X-TMN: [DWGErfsEzh8vBar9koPtmlMpA4ERK1dY] X-ClientProxiedBy: AM5PR0201CA0016.eurprd02.prod.outlook.com (2603:10a6:203:3d::26) To AM7PR03MB6660.eurprd03.prod.outlook.com (2603:10a6:20b:1c1::22) X-Microsoft-Original-Message-ID: <20220124144616.559446-2-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 805e8dbd-70c3-4bc4-ee97-08d9df4851c6 X-MS-TrafficTypeDiagnostic: AM6PR03MB5236:EE_ X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LWu85VxEnOhqa+z7Z0ixth/2ftLFFctPEBL6Zk5T7pBUcfV0+LUdl2J5CahbpRVPAEWTwK4HqdVC4n/Ozfz9oYB9BJ0Z4K5h79VMsN3CP0GR0UgtuRB2FWMbDcnZ30rqyfyFvIh6UrKUSyha3KtpCwBUwOXqv0aSRvlC5aRbjWJ/rAfMBXp8hdKrcd9HEJmouEo0pTdy+spYmvpMOtfYhXpMgN1plBWv78CU/hkLlZfsgAZ0aqdqsDDr7Ldspiw4DR64+kcGpcKkemJl4NBEzhEX163ejPEdjypm8jaxM+pi/p1q7yf1CarsFGYCAR/XTedKqR4vmFijL8MTdnVsEwdtGxgnWT/cbJjEJvgEys+D5Iec6t26fnyzNB2wwwsGl9GQClySKBX8TGlwmcwTNXd+Xiur5ApmIz5RjLLVRWXVy0x9+yCzT/zWiZslhSSlCjE1tO0nIDIGu2E2pOuiHOXcyAT7KL8LoAZeoV/o+ydKaUTOPxH3W5OZYky5Aa/G2z0lrczMr5Zg61PCWfh4w5CwWufWklKuDk0TeOZzV0aPgT6yYaNids4Jb3cg4A5fnZg9slkV2dah3zpJvGvCrA== X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: BOdNHLS4R+Bzd9WvYclX4TRxN9M2Xy/TKrc0/IdKbNiCe8MoySp2AIADsVTHiKf8Fi4H/Lx+0YTh9oAODI1Nb8PMeFucYgUb0/wlc/gUF8Bu93v8FOFplmXzXL1SVIlribT+9GeZ+yY+ZRcAtEEsYcrOWbkeS34DR+fKVxWCeZq9WzRdFiEM1LQrRezYutA2Sy/51i81EtGxfp+RxrgZtO8+leKb0E6VbAd2mZvWqpTvwJu6jA9ztGO/oqimgnLVzu7thPZP7e1yakhlNOfBtuOO+OCfn3I9vrCG21OmKnYaypqZIuabfNT+PH33kw+uE7ENr8IqK36J6Gbqqc/dnu+4EeN+uZaFS1hsODGytaL2SCDvOOUWNCNs4z28/A1sJkacimE+jPdLivqPreejIdcxdI/C/YuInXqZYJICtgL4ie5YDdg0AXkxBJ1XvOak+lhVB2chgmr5RSm8jZVdrWOl2RqOmL+asJjMDCbsqWZ37oHJn4BT4rOarl6FFXRpDjVk05KIu2vBBCNgKt10N81Pl6g+u/ld+SIQDnWJ75XF8SYN2XkWs0OWiQtWsWqY1+Vp42i6gV/A2wHjiEop/PsDb/pOI1Ite0raecZd17/AWN8pQgy6DeCRIaC40bcJjbvB8Gluh36GHN8xqvD67jjLdB69bAbvRJdDZOmLRbLzZJ1VxKyWJCnSYa/kiy6vG+a48bkAZvSu154UPUpFwFrSksFhTVyh0YWd2eEqb3R65JTo4yc0Rzbrx0NmYCVpJ7eOegpvhC3/lonhTm7rlpW427gIWiSI0S+xMv35kJSBsRs9RkhLpd4bFgaLLIja/Tm063ScPzOkcVrR3OQm7LZ5m0wHeVHWZqVzCJs/V07llveKNutkBqNiPf0HwIyt34OxO1Y/ZTOqMMhjKqb5HSiO73+cOcYfmriBsGbI1agP2gShpHI/N5P76BeLnalnG29IPcmSynHcHnWOK7hTcg== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 805e8dbd-70c3-4bc4-ee97-08d9df4851c6 X-MS-Exchange-CrossTenant-AuthSource: AM7PR03MB6660.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jan 2022 14:46:35.4297 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR03MB5236 Subject: [FFmpeg-devel] [PATCH v2 02/31] lavu/fifo: disallow overly large fifo sizes X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Anton Khirnov Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: UBWC8/A89i8V From: Anton Khirnov The API currently allows creating FIFOs up to - UINT_MAX: av_fifo_alloc(), av_fifo_realloc(), av_fifo_grow() - SIZE_MAX: av_fifo_alloc_array() However the usable limit is determined by - rndx/wndx being uint32_t - av_fifo_[size,space] returning int so no FIFO should be larger than the smallest of - INT_MAX - UINT32_MAX - SIZE_MAX (which should be INT_MAX an all commonly used platforms). Return an error on trying to allocate FIFOs larger than this limit. --- libavutil/fifo.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libavutil/fifo.c b/libavutil/fifo.c index e1f2175530..55621f0dca 100644 --- a/libavutil/fifo.c +++ b/libavutil/fifo.c @@ -20,14 +20,23 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#include + #include "avassert.h" #include "common.h" #include "fifo.h" +#define OLD_FIFO_SIZE_MAX (size_t)FFMIN3(INT_MAX, UINT32_MAX, SIZE_MAX) + AVFifoBuffer *av_fifo_alloc_array(size_t nmemb, size_t size) { AVFifoBuffer *f; - void *buffer = av_realloc_array(NULL, nmemb, size); + void *buffer; + + if (nmemb > OLD_FIFO_SIZE_MAX / size) + return NULL; + + buffer = av_realloc_array(NULL, nmemb, size); if (!buffer) return NULL; f = av_mallocz(sizeof(AVFifoBuffer)); @@ -82,6 +91,9 @@ int av_fifo_realloc2(AVFifoBuffer *f, unsigned int new_size) { unsigned int old_size = f->end - f->buffer; + if (new_size > OLD_FIFO_SIZE_MAX) + return AVERROR(EINVAL); + if (old_size < new_size) { size_t offset_r = f->rptr - f->buffer; size_t offset_w = f->wptr - f->buffer;