From patchwork Mon Jul 8 17:24:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 50413 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a59:cc64:0:b0:482:c625:d099 with SMTP id k4csp5929054vqv; Mon, 8 Jul 2024 10:24:52 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWAK0GgSwmw4WCRvxPi6aLzlPLGjGliW/cdaeqqFtN2q4bGNaIaUAYSxru7s8ZoOBZD5FBT5J4ovBt1Mx9HNKRS4ax9byhtWn5yiw== X-Google-Smtp-Source: AGHT+IFyLGtjD1hOMaK7M4QgZDvMlnugf1xZXgCCyhWxbgoN+ZPQKoDC+1pR+3XAAjpHXvlAIMGE X-Received: by 2002:a17:906:d195:b0:a72:b4c9:2be8 with SMTP id a640c23a62f3a-a780b89f634mr12641066b.72.1720459491983; Mon, 08 Jul 2024 10:24:51 -0700 (PDT) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a780ab2c994si11554066b.802.2024.07.08.10.24.51; Mon, 08 Jul 2024 10:24:51 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@outlook.com header.s=selector1 header.b=pvIvAD0D; arc=fail (body hash mismatch); spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 9EF3E68DC88; Mon, 8 Jul 2024 20:24:48 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from EUR02-AM0-obe.outbound.protection.outlook.com (mail-am0eur02olkn2082.outbound.protection.outlook.com [40.92.49.82]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4AE1068DC5E for ; Mon, 8 Jul 2024 20:24:42 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VyhIUhPuirq1XPwYXf9QZ7HDnyilk+OYTVWJOqIkk2/qK8BBAOrPBBabS21XuLOSaqhhv/Ll6jJG+BOoXZpu4jDTKjNxelqKkzoCFwGmiEtcDAdgR4JuX7r2M7YVtFasJyZkT3Gjm+OOuP9hvwUEkHtLZb1iuMXZUBTghKFkrEudGYt/YEjR+Q1LRl6Xhu2pJMw7JDxU6KmWwWSWFriWEkvg8RzLMtv+aK4yDaLXtxJHUmgPE7kJMxFxphPfjkvThzD+VE4lD4fbwo1m6K+UJQeWEubkt1hBCGC97L8LTSQWP+ALEodW+UUNVcFh/4GIzFo7jtiIBKq/cLNeHfBLrA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JP5U+cdnmExM4v8SDnTQchbkwQM+kqcNBpIbU3pWjhY=; b=OgZQBvVNhf2pNet0gXINM2/oLmITiqaqygPMtdRXcDKwyoF5pBlYHWaEVF/L22qI1gQMKQgqcRAijN+so0zrZq/voBSZqydd44MFKn1waXGbE9IRRFu1kQonNgS9ib2aSiFstb5pe4IPMKnrktBX9iwgbzVLxESnlcCQZjWR6yCH08LrfbeDXJ/btpNll+NPZcWk2eEUkqalLAvlK8kl3xN4HihCYfkN/2aYADd3K5Z04g/bQ+p64OAbEKxOs3xzljjX11Wvza6bnzkrd9V9W4fAuI92s6BDzqQecp0zF2mLqEkC/8w5B5/raa7M30hkeV+1AMBEXWb1O/14Kjf4Zg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JP5U+cdnmExM4v8SDnTQchbkwQM+kqcNBpIbU3pWjhY=; b=pvIvAD0DYzYq1Fht2EVdbINWmEuFovroajIzehbNj6lVjO+p6s5D0TbB1N+JsqDoYvlKC2rCpTjFrF+ZVBnsB7SofX1VdABuOqUHDPiOkLIjuY0+j6UidG+sjVdR8YGS/8BfxjTr1e5TVPhI3kBxx9gK3tmd4U3WOdhZmtg+q2sOzLW5ruwrncM+eTqcuPSk8w/0IRW4yxYOyQo3WQlFH7x3sEZloikBZacPd9u56IZJSE7jrm3m2I1VxBwQToYy0QaULsgJeHudWeMRipNLHY39PrwuayCRW8bsbuQeX3WO//f+55Y2znDkxCXjHdL0rpKJ64hjnrjHFch0bnt1fQ== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AS4P250MB0558.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:4ba::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7741.35; Mon, 8 Jul 2024 17:24:40 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::384d:40d4:ecb7:1c9]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::384d:40d4:ecb7:1c9%4]) with mapi id 15.20.7741.033; Mon, 8 Jul 2024 17:24:33 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Mon, 8 Jul 2024 19:24:26 +0200 Message-ID: X-Mailer: git-send-email 2.40.1 In-Reply-To: References: X-TMN: [I/gCPUumx5YNarSo7cczZaPHhzzYQr+x0RLcGWti/Ow=] X-ClientProxiedBy: FR0P281CA0081.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:1e::7) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <20240708172426.729003-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AS4P250MB0558:EE_ X-MS-Office365-Filtering-Correlation-Id: a0c59b33-4178-41a4-cdf9-08dc9f72d570 X-Microsoft-Antispam: BCL:0; ARA:14566002|8060799006|19110799003|461199028|440099028|3412199025|1710799026; X-Microsoft-Antispam-Message-Info: jHfrE4Kbizh8SAFl2dV5Pen3pEEQP72IKW4WVxYmGLWvAvflOEUTyG8FXg56h9SSI9sKn31CktWnMLrZdMpkCwBXUEgXnoIrkiCzof4df8QCHdGda8/B7LfEgpm7rE2yT7yo/Y+0SDJgjHnxc52inlug38D1x2kSXUTN184aEGXJXfTPe04vsZaWpDTT/YVLEqSVVmBJS/g1RRuKYCXRcf9Ax55GefVfqQUO4Pp72+H+SW5F/xB5P3ixAvfYysf9hEgo8o/83G7574uSNt6Chn7SI+HAcnZr4YnVGb1n25+C57EchoVNActduDM+cudCJ06VcuBnsaGEAoXEVpSAatHgGv4Qd4fP3pPJCbRgxcnh81CnJ2XbkZaMtc7iwxBmovku270R0Wxnsh/Xv8rmwc+QNdo+LXG1wmpypo0v9Ktce8ijBK2fQRnKaePHETzoUp9f/T+B3W3F1Cd/CJIREQJCxfWNSKAom49MWEnfRaN4i4YBfThXbMsMaRv2TalpQkwWqILXRRyBoEcOhcGUXiuRtRrL0seenee9sf73DiErHzRqLYbEHKntPgARJIJIluKBWwvv/Qw+f/Rl0W/fuha9ez21r76WG5CBaBaxH06eY0Q920nf3O3480Du0/CzsrF9PcGTPFT9A5GZgN27rgjGEIkptVA7IKT3wJE3DYMvJ3W7AB6dGbt98GAZONF3 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 6DVfOloPAeZB5tLp2sCQWmawuy3CY4e370T8rKKYnY5k0PAskfSOCs1o5oemT/OiqvOUMKPCJyFmfxggTraoD5bKwLP07ch2L3e57O3s55gnKjt7915m4DYm5tJkl1qiQU6Eizs1rz9DVZZ47X//txkDYHB3gNdTwYF2Q6XkIobD9UCaDIkMKoFVUe1NiHRYOiQYtaBGW53VkLdeAYKkjJPmuq31kq40Ra6tJGRsVwRf134wkbg5OFDwJ+TEaHbJUxo9GHRT57twYz69GwIpiDDmLSMOyvrokHAzOnjiHRa4Uf2Ac/0fx2nrDx2mRkYoDE3msJbQgnWMIGKNr0240mWF96AgAEK6P/mlb7Dy0/j/76N1QziqlLR6689AfGAJ1w6oEIvS0TLlBijDuiYd6hoNtyNmDygwdIdtVcGqL5jHn+9+/HW1DnTkIJwEE3mzYunkAVkPHpZ2tkctoLRK1T5VaUKmGl+P7EtQQqO2DdsMuh9crMY/X4Tog5Haty1ZUz41stxbTxTaj4kdHxXzgepYfkKGHjt6PmoQSodBR1IKWiJyt1tL8rZWCe3qdrzmo3zNGN3BaY+LdW3btzNw4tqMi9wKeRKbEQilnxlrBcM0pz83yDJ8tLiN0Q7OJ2pn4wqnp2JnAhHuI45BGKxq2UcIzBOvufsiTgqYN6AYUZQt+QCHTih7sANe8qf2xtdTNJupjmCZdttwQk1Ey+cdH4awKjNQYC3Qpfkd7ndDgvzfELwv8PtZ9+DLYLk3hO9bVBSaw5I4rsA1DqNdA0nP4c5uj5CZ/k7ka0U6uMLAVHjiAxqBSXX0S67srR7cOhpz1julGV8gdeJhpaXvzXlCNMZLNVBRyLxACrsoO1ivwRj36Bus3OwJHtBivJq/TJkmRlZPD/DKZntLOcCqAGsV+tL6X03S2RuFsRTkkYc6odzTTEkbn98nNOWoSZRcA7Z7r+hHS/pnw+nehZN1Y0N8vnqdwtwLMoTXRJLgTE8xGknuRPaf/ry6oOzUU5dwwQ8YM7209VJLt0WikBfDyE7qAe9xH3F7kTl8xOT9Gic310oCFQ3FtTg15wcm04CdgZGXuSPNi/Bv1EG1ozaUpkuSSLONIEpxRIG38HTRdqUoNTheo3nVFoyBp9astQ/dz7YJTBTmxHiahWC6UIkD/bXunB6P3Mto99dZ8w8d6O52KSUR/LdQNcxF+lpzh+LcJbxJJ1+ALZLErxB+mHcbJPgBHfp27kvEo1U6mafbkf9c2CyXkrSur2LIzLOin8bixwEmrt6KcqDZHLqqPt4fWNTljg== X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: a0c59b33-4178-41a4-cdf9-08dc9f72d570 X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Jul 2024 17:24:33.7706 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P250MB0558 Subject: [FFmpeg-devel] [PATCH 2/2] avformat/matroskaenc: Fix and simplify check for invalid crop values X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: UcaM/KpltH5z The check "left >= INT_MAX - right" is supposed to check for whether left + right does not overflow/wraparound, but given that left and top are uint32_t INT_MAX - right can already wraparound for big values of right (and ordinary 32-bit ints): If right == UINT32_MAX, INT_MAX - right is INT_MAX + 1; for left in 0..par->width both checks will be passed. Fix this and simplify the check by using 64-bit types, where the addition is guaranteed not to overflow. Signed-off-by: Andreas Rheinhardt --- libavformat/matroskaenc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/libavformat/matroskaenc.c b/libavformat/matroskaenc.c index e1adc0eba6..4b91283119 100644 --- a/libavformat/matroskaenc.c +++ b/libavformat/matroskaenc.c @@ -1786,16 +1786,14 @@ static int mkv_write_track_video(AVFormatContext *s, MatroskaMuxContext *mkv, st->codecpar->nb_coded_side_data, AV_PKT_DATA_FRAME_CROPPING); if (sd && sd->size == sizeof(uint32_t) * 4) { - uint32_t top, bottom, left, right; + uint64_t top, bottom, left, right; top = AV_RL32(sd->data + 0); bottom = AV_RL32(sd->data + 4); left = AV_RL32(sd->data + 8); right = AV_RL32(sd->data + 12); - if (left >= INT_MAX - right || - top >= INT_MAX - bottom || - (left + right) >= par->width || + if ((left + right) >= par->width || (top + bottom) >= par->height) { av_log(s, AV_LOG_ERROR, "Invalid cropping dimensions in stream side data\n"); return AVERROR(EINVAL);