From patchwork Sun May 12 00:03:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 48795 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:1706:b0:1af:cdee:28c5 with SMTP id nv6csp347954pzb; Sat, 11 May 2024 17:04:03 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVXkQPLO1uk1IL+Ftg9f2SYKmdBkfLSC8LXmnTrHaAoY6q1gTR6ewgT0J+KDxVcYm0XVg3+Gsj6fJnbfof6RgrzJiBk8PtiU54Ksw== X-Google-Smtp-Source: AGHT+IHM9RGo2zHV7Q/vP2ktNKieCOfQYmWzCUQ+0ZOFyG59VXYl9HDIJu7DHGbhi+5doEcBmKKY X-Received: by 2002:a17:907:cca7:b0:a59:cb29:3fb7 with SMTP id a640c23a62f3a-a5a2d53f861mr361984866b.1.1715472242706; Sat, 11 May 2024 17:04:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1715472242; cv=none; d=google.com; s=arc-20160816; b=wjBRat3GtYTfVuZqQk7ezXwVtLI3JfXsKehPl4Tk8oMPkrJxDHaDSmlI6Rc736E7Zg iRLRQzXRTyHJ7cm+3Rpfx+NqNROaAkg51lxgGCEBoUao16BG3TvdMNS6jea90ibGmt6B io5PIDolDc+4FMWZoLBez5FFINIi4pMAVVzNHCOGnrltv+2zZTOuKK04wIQX+9Y0ClN+ nqeJ+JMgAVmFymPl8UiSbQxyMFI0RCIH5+75h3GDihNTE85p5M+Ea3Vt2Gwn/lBX+rcJ BeetOvogyW3NaiW4NgC1moH7hY4ItJonjOtuCndyS3E/gcri4hChVbYupiQMBXbzMsUS Y2Qg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=VdkmVoEHM6fi/vsFfHyf/BpdwvjfR+NXENSJ0ZUkZYk=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=aVwDelYud1YkjUarZGMXvJvm3E+hCMg0/uUyHBilr883riJ7NqcBOK2lx36LyeWnh/ MOcK+x9b26l7qUtlO4IPBXzKd1ZtnablHUcpG4d+U/GC2gQkyu4q5yohVswwyEwv+VSo +lW9kpOa3C5bdDb5G3RAVyicJFi2RzIliPDDZohWMbwVoIKIXEv7EIZutnFUxuE/buTL bTGtZ34YHr603gc6dBDzwxglwCAI5KFpaRlEES+aiZlF2nhbMNKq7SGOiame0TUx3Hk6 H6QqNXpd25HVPa1NowKLrNhP8y1+FAylFMTZlFpAx0+SyYnTfxmEmDZd16InfGE57sny qQGw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=FDGRnvzD; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a5a2ddd6324si247405266b.762.2024.05.11.17.04.02; Sat, 11 May 2024 17:04:02 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=FDGRnvzD; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E454868D4FB; Sun, 12 May 2024 03:03:57 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id DF70268D3C5 for ; Sun, 12 May 2024 03:03:50 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 066361BF203 for ; Sun, 12 May 2024 00:03:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1715472230; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=YwV962M0qjOXP9lBC02Le4sjMHr+t+N1U4/ckCV6bM0=; b=FDGRnvzDbLWki9unXpt0U1yFWoC8WlpInRi7WkIDch6oTfwJeyNWDwXAViawEppi9pcV1h 2q7kY7GAG7YCN4MhKAWb/o2mIiVknnYZQEfY3uUyEL0txjXHSIK1g8FfCo+ZxeAszGqqLE 02JYqGMA7itFmDeMVW20j0y5IR1DwjeAqfDUoVvOS8SnQL7tefTlIS/EvLUNaXuIgz5uu8 +1KXD5lN/RRpUeFDoTms76i4wt4wxNQSnFxXru4COevyZASGTw9jtpG9bh74jL1ia6OoNA GVFjt3R/Ej3cLcUVfPsikJdQY/0MiHLdDMhMMBIhOviUl3xfGTRvsPKcoQX+3g== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 12 May 2024 02:03:45 +0200 Message-ID: <20240512000349.3381912-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.43.2 MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 1/5] avcodec/lpc: copy levenson coeffs only when they have been computed X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: ZUYhPYhpWhIf Fixes: CID1473514 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer --- libavcodec/lpc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/lpc.c b/libavcodec/lpc.c index 8305cc0596a..981dacce8a5 100644 --- a/libavcodec/lpc.c +++ b/libavcodec/lpc.c @@ -282,8 +282,9 @@ int ff_lpc_calc_coefs(LPCContext *s, double av_uninit(weight); memset(var, 0, FFALIGN(MAX_LPC_ORDER+1,4)*sizeof(*var)); - for(j=0; j 1) + for(j=0; j X-Patchwork-Id: 48796 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:1706:b0:1af:cdee:28c5 with SMTP id nv6csp348020pzb; Sat, 11 May 2024 17:04:13 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCU4YgsqO5Yromh4y+fiESsZEiNf7CEoNMMfkuYVKXVydp7vGQlRcBIeYq3/nzRkUOhU+cB4PNJz2mp9YS8Xj5OsjQ+OmBs2qOPxxw== X-Google-Smtp-Source: AGHT+IHxcjhR/61kzwZoPr1Fsfwrq94ZIyy98gn0xXGer7eGLYyNL1Vl2rKiPldWfxJwXSMP660q X-Received: by 2002:a50:baeb:0:b0:56e:2ebc:5c4 with SMTP id 4fb4d7f45d1cf-5734d5ceae0mr4269842a12.20.1715472252777; Sat, 11 May 2024 17:04:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1715472252; cv=none; d=google.com; s=arc-20160816; b=s5C9q6Ysxi2BxqCWvVx6uJLlyQSIf4fjCbWo6mDOSfmv/5kjvissBWQGDaH3Ko0RpH 7STVxoe9fRFW85R1jQcwvNO28mOe7SwvXEmj6kWiDaTVlHkEv4w4UcLTwVkFXGrI3FIv cXZeZfmCeqSbMeuF3JZVF+2LQrdBxIIUJWRy4gTf8aslIc6bzp8W/W5P8VC7Jv2ZMf84 pqHfsi6lIInIlremvWxJ5jL+eNcAcuU/tR3jBTDCsAV1iebcpfGdaL+dofUvUKsX1ojG sSMeJgqk8Mj8Wh/Ca3jMvM5l3qF0/6AkOKnJ5bZJmtEN6nkbit6nLO6ulWDNO+zrRpXq MGtQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=50BOxypMfcFg95aj8sAbzYXuDazY7ACls1itC8IzfEU=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=bGeCGF9ELq253pvlah+B6EVxopoCAyhn6jWQiO/DeQzCRGSLBzSGOJ/sqAzbFV4gB5 RZWSLvu+MGLchOn3QqmseE7ryguWrmYPetJ0gEFJJm7qfp67UzJKiFu1rKu1QK10LM+H 6iClLAYZqbFl/HpHU4tU7Aqwsx9m53uFXu71wr1lwTyVjrNVQeQS9wqUN3bcjaRpj34j fXMYOZ0ugVo9388stNiqK/2omLyGIVe634Aw8poprOFJzX17gIefa1vqXkgErIc9Kx/V TCoVtkRbtBqLxyOqYqRWKE7SGstiDKfe2gv5nI+aZ+NzEPBOYPzwwMYT5s+aZKNUUB7Q Y2gQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=aW4VhYK1; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id 4fb4d7f45d1cf-5733c3782absi3620166a12.649.2024.05.11.17.04.12; Sat, 11 May 2024 17:04:12 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=aW4VhYK1; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2437E68D415; Sun, 12 May 2024 03:03:59 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BC77668D3C5 for ; Sun, 12 May 2024 03:03:51 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id F3AA71C0003 for ; Sun, 12 May 2024 00:03:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1715472231; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=sJ6LCJSsbf2+Hd78OQ+D1gsIyorz1uBBMUpRo0FRBjY=; b=aW4VhYK1Ov2dW7cWGubFYT80iEIJKu8e8fdX5LUOol2MeXG4uu7CoiY0QzqRIXwvLdL2+V cJWK8RJZmN4SnVizB0CzUGlENKdQseZwcOPlwRT59/usY571r2yLnEmMH/DUxva6Odl7C5 NMZVyvu8dwPFtXBIBF9vlarkR959vy83punBF/RlX5jIApX5TVrrqxTUw1S2gXPplRNMtH RnfAVVITB0d91T+s27kDwWJfPhDQ0j0H6GuWqfXbb2cFjEnPdjZOtZ6PNramQ0GTq1SlaV Eu74mTq0tvM6vyieLioEarUopHDZMQAwpH3cQoddSar9vESE6dct8pz1ySApyw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 12 May 2024 02:03:46 +0200 Message-ID: <20240512000349.3381912-2-michael@niedermayer.cc> X-Mailer: git-send-email 2.43.2 In-Reply-To: <20240512000349.3381912-1-michael@niedermayer.cc> References: <20240512000349.3381912-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 2/5] avcodec/mpeg12dec: Use 64bit in bit computation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: eStjFwcSbFlX I dont think this can actually overflow but 64bit seems reasonable to use Fixes: CID1521983 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer --- libavcodec/mpeg12dec.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c index 21a214ef5b7..e257889d034 100644 --- a/libavcodec/mpeg12dec.c +++ b/libavcodec/mpeg12dec.c @@ -2734,7 +2734,7 @@ static int ipu_decode_frame(AVCodecContext *avctx, AVFrame *frame, int ret; // Check for minimal intra MB size (considering mb header, luma & chroma dc VLC, ac EOB VLC) - if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2 + 3*4 + 2*2 + 2*6)) + if (avpkt->size*8LL < (avctx->width+15)/16 * ((avctx->height+15)/16) * (2LL + 3*4 + 2*2 + 2*6)) return AVERROR_INVALIDDATA; ret = ff_get_buffer(avctx, frame, 0); From patchwork Sun May 12 00:03:47 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 48797 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:1706:b0:1af:cdee:28c5 with SMTP id nv6csp348057pzb; Sat, 11 May 2024 17:04:22 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUWmSVW7l9PHCsj91/8lyArrcWwjF+TrElIjToLHNIhUAoQ6we9RRh1NHy0NdeAla9zu6rn/wW6qMNqo3sYHtD4jfmjwDqFcgY1og== X-Google-Smtp-Source: AGHT+IGS5MHPiohj54ye9zyrPHsEzBbg6fdZQP7KQ6Uqg16p9ViF4fJmFYhgUaUadYheU3CwSfzq X-Received: by 2002:a17:906:3a8d:b0:a59:be8a:bd6f with SMTP id a640c23a62f3a-a5a2d65f272mr384407266b.61.1715472261727; Sat, 11 May 2024 17:04:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1715472261; cv=none; d=google.com; s=arc-20160816; b=bgY1YXXqYRU3Nx51xFXM6/RADXp3DRoe6OLuxFtpeb/kMzgXhWwgGnTJZy+1rKKkYo w+eJ3B62OIYSlf6muIi7RTZdXgu125ZGQjj2WuFZdoSIYPhR08wqMVMt+ixX8+q9lhEZ i1NO2vIWWn+rgs+5kubYdnsJXxCXsdeuu00OHrXbiL0n9a1wUjg2uYtacsPfEzmIGbPq pvqo0SZC3KF4xdekHlUEeo0kjb9l9Mt3mqNNfPLFhEyeyEb8lgxZwnv1EcHH1yB6GIdA hI2pNvNT7gTGTUkLR/39g0tTvCYjxQrEilIiml53s1LA1+dTD/M/CvJe58D6ofmW4zw8 gEmQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=93lwrN9YiF+Rdd3mybMKivd0b84zi/JkgRJKNZexEPE=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=wpP+3hZBIfDR1UFm+oX1zCXABJ34GCF8JzPW//boDjRSPRAgQ3HqByFOPNYGIeXoUY 3vPAnszLMZtfUde86cYReEeqvkFeU9Zui5qQYUD7A8DEHLE3A4COqdd3DScEQpG9PDMn btmjn7xdq4pfejXekd6J59EjCP8x0V3c/D5NsBDJd3O81MehFwDMmBXC4SkEWYuzqAV5 43QGRcReulZbKRqhSifn8bYBT4PTDYleX3BIkiymES71KwKaqyMxJmrzpuwL+s93zcBA 1a+v+PK3v+ETwznHlRvw8jEDMkPkjJIlLWwWZD0Q2IbHzfGTJsAw33wGOuwBmdngrBqL Qe+g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=nu1puF4X; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a5a5b8b0df4si28600166b.1016.2024.05.11.17.04.21; Sat, 11 May 2024 17:04:21 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=nu1puF4X; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7E18C68D5E4; Sun, 12 May 2024 03:04:00 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D871468D4D5 for ; Sun, 12 May 2024 03:03:52 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 23D66E0002 for ; Sun, 12 May 2024 00:03:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1715472232; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=I3FGLKr/briJhRtnye5eMTo4zFCRC6dOP65YnakPTBk=; b=nu1puF4X4hdkW/lPJd5r/E60QLhyJwgIwfLFQYvWF6fdNKY2iELw5kM9VmXtfje6BV6Lxp qiVvRMv2ptKfRdRhjLxuXasb0EE3OlUnVtta+uAmlKqIj0PDi1Mw2IOYKxTd00q8y6HXt8 geWAris0mcDlmVSs2BrGco4FFGkyY53nSIkUNk5FLVw2aUORcRTW0TJS/trx0plKsk5I+v TZYPQV1YTMCdUNa3G0+mbEnc4efvgqSZUdQ+4tf/n7qCuFhhY+OYNXavWN9baUo1gynikl /rwEirtwla2gBCZtCS4omjQorWnhG7W7tiboiuqyB2IZ+dcP17qQkRr18XmJ5g== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 12 May 2024 02:03:47 +0200 Message-ID: <20240512000349.3381912-3-michael@niedermayer.cc> X-Mailer: git-send-email 2.43.2 In-Reply-To: <20240512000349.3381912-1-michael@niedermayer.cc> References: <20240512000349.3381912-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 3/5] avcodec/mpeg4videodec: assert impossible wrap points X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: dytE+azcw2B9 Helps: CID1473517 Uninitialized scalar variable Helps: CID1473497 Uninitialized scalar variable Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer --- libavcodec/mpeg4videodec.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libavcodec/mpeg4videodec.c b/libavcodec/mpeg4videodec.c index 6a7a37e8171..df1e22207db 100644 --- a/libavcodec/mpeg4videodec.c +++ b/libavcodec/mpeg4videodec.c @@ -597,6 +597,8 @@ static int mpeg4_decode_sprite_trajectory(Mpeg4DecContext *ctx, GetBitContext *g ctx->sprite_shift[0] = alpha + beta + rho - min_ab; ctx->sprite_shift[1] = alpha + beta + rho - min_ab + 2; break; + default: + av_assert0(0); } /* try to simplify the situation */ if (sprite_delta[0][0] == a << ctx->sprite_shift[0] && From patchwork Sun May 12 00:03:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 48798 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:1706:b0:1af:cdee:28c5 with SMTP id nv6csp348101pzb; Sat, 11 May 2024 17:04:31 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCU1tAxkAzWKmADUPtEjAE4W/GvQ8lqEMpSjMASHIF188ukfbmNVq9CPWMiYieZbaSo31DlgYYq2BJLHLa7vCaWzz5t0bnjkukuh3Q== X-Google-Smtp-Source: AGHT+IHCo4tFvm9UlbYT5VdKFwiLPJQjeU6wDtqfHxMoGbtMop4PZLWGhORyMQ0tMagWAolHf40/ X-Received: by 2002:a17:906:a0c7:b0:a5a:580f:8e74 with SMTP id a640c23a62f3a-a5a580f9031mr65851766b.5.1715472270944; Sat, 11 May 2024 17:04:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1715472270; cv=none; d=google.com; s=arc-20160816; b=z5bRmxFglL7cu4wAwH9KeYlfhgEv9eUVXjmiXUdB0gvgKNEiZYIIyZC7siMQC3eccd EiFeR8H7I6ecAuylc0VQbRkanYDt9OagQa+AQiuJceUOfvbNRA/fIaQf9fllzVVALwk5 fhpAOXqsvKlUcopqixLOz9ieypeir6JlyzYxLMRsvk1sNH5F/jd5uSqZMOQ6CJDuNWZF gctgq3Zu0T4EuEtH8fIVkJob9E1nuEvAavyFb1hlWbmtFxBCXwE2EETZLCOnGpLgLBZU WcvQ4c5Q5eloZQHlZfLNCRc5pc13pXD9Rl2yKQndjgJp1AFM1sMQtQdo0d58x/aWm9IK oWkA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=MWyQJXDox4R2jFGi1p1R0UNaYxxHQWChrppUZ5IsJHA=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=p62aZ/YZV6TEQE7MeYVojzIAgN+tOJ3PHuielyx6ljufC9OQyP/0tNk3jiraSa+Kww 5TeHOHZipaK0esi2Vv7ppX1SUXpWs/R0xIVQz9Xa7vHDA6060e1MlIyjmRcjUPtcKY+V 1E0/nMybKrFuc2YRg3aXE+6uFEu3Af4yAXT79hvNNjPrA/i/lMsdzTMrfxlAaBzsX/Na UuBljdagXqlFIRaEnacs6XieiaX3v3yikrasDAu4OvI7wcQ0cLz2pe6r3hPR4RjPCzD+ ltl8G16Y9NorqqMo0Xm0K0x8BJ+e1Y6n7d/blZpz61D+VUtuKHWwsCAKwlsOglbSCjNV zK2Q==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=lwa6Y33+; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a5a17c2c728si328710566b.970.2024.05.11.17.04.30; Sat, 11 May 2024 17:04:30 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=lwa6Y33+; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 247BB68D692; Sun, 12 May 2024 03:04:02 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [217.70.183.200]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 15E6768D3DF for ; Sun, 12 May 2024 03:03:54 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 70F8B20002 for ; Sun, 12 May 2024 00:03:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1715472233; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=qRMaV1KD5O3d4jiclNc6sn95WaPU2TQiOK3XK/1cQow=; b=lwa6Y33+DbsJouIYTshyH9l1aQeJ4TPoyJS/f+Q4fyXwLM9a/1nKoeUFnvt0cKiCUcYKoJ Xtk1fg2gSKavJBLl6Mz5UJLht0DKd4gVBs4ShXH0CJyq5gXiJD+ZwgXlTXhcssK4xveZT9 7bLCdZI4rrF9VpJ+tWy9eocRCBvEnejVAvMOXnEBQB91Cc62WGBp/jqx3BQXJ+HjzzuT8g 8Tc8lUrZkQTq5Cjys6prkgefpbAayEOZtI/IwiOlLjOAFUj7ToMLVSZs1k40MzoZ6Jqom7 SeHfPV4j77Gij3D2NJIUBvdzmMrFB+hxpTlrovwJEm97HqxUD4Q3q6TllQ34uw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 12 May 2024 02:03:48 +0200 Message-ID: <20240512000349.3381912-4-michael@niedermayer.cc> X-Mailer: git-send-email 2.43.2 In-Reply-To: <20240512000349.3381912-1-michael@niedermayer.cc> References: <20240512000349.3381912-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 4/5] avcodec/mpegvideo_enc: Fix potential overflow in RD X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: B79oOqDXWHEy Fixes: CID1500285 Unintentional integer overflow Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer --- libavcodec/mpegvideo_enc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegvideo_enc.c b/libavcodec/mpegvideo_enc.c index b601a1a9e40..73a9082265b 100644 --- a/libavcodec/mpegvideo_enc.c +++ b/libavcodec/mpegvideo_enc.c @@ -1433,7 +1433,7 @@ static int estimate_best_b_count(MpegEncContext *s) goto fail; } - rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); + rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); } /* get the delayed frames */ @@ -1442,7 +1442,7 @@ static int estimate_best_b_count(MpegEncContext *s) ret = out_size; goto fail; } - rd += (out_size * lambda2) >> (FF_LAMBDA_SHIFT - 3); + rd += (out_size * (uint64_t)lambda2) >> (FF_LAMBDA_SHIFT - 3); rd += c->error[0] + c->error[1] + c->error[2]; From patchwork Sun May 12 00:03:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Niedermayer X-Patchwork-Id: 48799 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6a21:1706:b0:1af:cdee:28c5 with SMTP id nv6csp348168pzb; Sat, 11 May 2024 17:04:41 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWqCt0Nks8zy72MQ/lDcnjvPsJUUsXXqfRf29j3nb+UbY4q6KE3Z3kaBHqu9eBciZGrZ0UCs4BoTxO3CG9QMV3f+sGFLOutOXESyA== X-Google-Smtp-Source: AGHT+IG8gM0hwFbIPCk9zmA445cTEGgqKAPOZovOnVbMdw2uyEEdLz9sSjfXmiSxmkoTHtF1Nk0h X-Received: by 2002:a17:906:17c5:b0:a59:c9ad:bd26 with SMTP id a640c23a62f3a-a5a2d54c601mr383180366b.12.1715472281357; Sat, 11 May 2024 17:04:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1715472281; cv=none; d=google.com; s=arc-20160816; b=UN9ZoGRAZrLFRhp68FWOUQe56UtFXsV8apEpsfEaMXQrRUGlLHZrs3PMMIFnnaqEEA HsbXQTUEVGQYYLORB/evi/G+JMmL1o9zjvQrP4q93kZC+RkVpQHSkeudKKJmbCEeDIcJ /i+uSzUHiZ6cpRMPCbLWfjsXSZvaTsgvbgjO+5Uj/KEo9ztM5lpSiWVx2Bq1yZ4SYyCy n4WjmXBodvWsyDc7W8qeskvLO+/9Mqeav/CL1smKgkdJK7dyViWlbw4r/7k7xjc6VTT0 6v7DFD/gUm6ei8/bFWHxDv7K4uaU5cBt4wAnWUUYTyHt3XReR53D/XWAkATyOkJWY/tI sKPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:mime-version:references:in-reply-to:message-id :date:to:from:dkim-signature:delivered-to; bh=qyHMnz7u5ZUdhYLQdqfW+UfVk4G2MFGJy50gcdyHnqc=; fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=; b=Nplhp4lTg0CzoMIf655szs6qEsdy/Ae/qEP70OSB4pL0Adhn9eLaa+qOqhDaNWtJEA WMYKT47NU9coBz36tn7V0eteB3QB7x0LQpmH6CVMY7ANu/D1hDq612guz1Gpzb+nzBL8 nw9mA2A6zkdqkjq2p4ud14Od7oDRFq/G4OMPsITmtmfsMafuyjWmU5Qqd2jp4bDVWsfw lgPdMZDjSCHwJ7uhBFUxWLymopy1h0IM5Rkf+YgDaKJAoUtzo44aVENFVbgdPwdzs5Y3 bXvPLPB3C1j5PUrggK1E6qI33eoOnhZf+k1mOBJntK2i6/XwfvA38ZnRSpiyaPEUapyJ O+sA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=nVO1jwCH; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id a640c23a62f3a-a5a17ba2a18si356894666b.506.2024.05.11.17.04.40; Sat, 11 May 2024 17:04:41 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@niedermayer.cc header.s=gm1 header.b=nVO1jwCH; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 67EEA68D6A6; Sun, 12 May 2024 03:04:03 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3D18868D611 for ; Sun, 12 May 2024 03:03:55 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 7431060002 for ; Sun, 12 May 2024 00:03:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1715472234; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=zieAXoFSOQwCQA8mwTVradi4tq3141pc87eLbiqgJ6k=; b=nVO1jwCHnTajTMhnULDp6e0O34iW1ItIM3cCXHc2JwC1C8JnvRKEM7H/gJDSZTO6HeB8Sv fo1x/KFaZnq1G/yyPzaHi3lk+omezN8sl1ycLg6Wxte39th5udQgUEZEoG1dtoahRNaUgo CgegTA7t74r7EX51MFQOqCRQEbkU75WWFU4wiJdtBLN1CubPSOPWizUjce/kazutbh+p5f TfpEh9Vl6w3cX0xHUgBHLDpvyQZfVsf6UGzBEBka7khgNbLPSFsj+LTZKjEx2YChGYKckx agVaMgF1XyR2XY6KVTs43sJTlvGeXOlTTXIGRCUs3PwsiE/Y91gL6QOYn81lIw== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Sun, 12 May 2024 02:03:49 +0200 Message-ID: <20240512000349.3381912-5-michael@niedermayer.cc> X-Mailer: git-send-email 2.43.2 In-Reply-To: <20240512000349.3381912-1-michael@niedermayer.cc> References: <20240512000349.3381912-1-michael@niedermayer.cc> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 5/5] avcodec/mscc & mwsc: Check loop counts before use X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: TSp9ujyxVR7t This could cause timeouts Fixes: CID1439568 Untrusted loop bound Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer --- libavcodec/mscc.c | 6 ++++++ libavcodec/mwsc.c | 11 +++++++++++ 2 files changed, 17 insertions(+) diff --git a/libavcodec/mscc.c b/libavcodec/mscc.c index 39bfad0b989..0c11fa08a24 100644 --- a/libavcodec/mscc.c +++ b/libavcodec/mscc.c @@ -54,6 +54,9 @@ static int rle_uncompress(AVCodecContext *avctx, GetByteContext *gb, PutByteCont unsigned run = bytestream2_get_byte(gb); if (run) { + if (bytestream2_get_bytes_left_p(pb) < run * s->bpp) + return AVERROR_INVALIDDATA; + switch (avctx->bits_per_coded_sample) { case 8: fill = bytestream2_get_byte(gb); @@ -102,6 +105,9 @@ static int rle_uncompress(AVCodecContext *avctx, GetByteContext *gb, PutByteCont bytestream2_seek_p(pb, y * avctx->width * s->bpp + x * s->bpp, SEEK_SET); } else { + if (bytestream2_get_bytes_left_p(pb) < copy * s->bpp) + return AVERROR_INVALIDDATA; + for (j = 0; j < copy; j++) { switch (avctx->bits_per_coded_sample) { case 8: diff --git a/libavcodec/mwsc.c b/libavcodec/mwsc.c index 06a151a72af..0d4ee9791ad 100644 --- a/libavcodec/mwsc.c +++ b/libavcodec/mwsc.c @@ -51,6 +51,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext if (run == 0) { run = bytestream2_get_le32(gb); + + if (bytestream2_tell_p(pb) + width - w < run) + return AVERROR_INVALIDDATA; + for (int j = 0; j < run; j++, w++) { if (w == width) { w = 0; @@ -62,6 +66,10 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext int pos = bytestream2_tell_p(pb); bytestream2_seek(gbp, pos, SEEK_SET); + + if (pos + width - w < fill) + return AVERROR_INVALIDDATA; + for (int j = 0; j < fill; j++, w++) { if (w == width) { w = 0; @@ -73,6 +81,9 @@ static int rle_uncompress(GetByteContext *gb, PutByteContext *pb, GetByteContext intra = 0; } else { + if (bytestream2_tell_p(pb) + width - w < run) + return AVERROR_INVALIDDATA; + for (int j = 0; j < run; j++, w++) { if (w == width) { w = 0;