From patchwork Mon Jun 24 00:01:42 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
X-Patchwork-Id: 50107
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:ae71:0:b0:482:c625:d099 with SMTP id w17csp1709321vqz;
        Sun, 23 Jun 2024 17:02:03 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUpgs1pi3RTkJu8VQB2jOkp/vVVd/4val6TCxGUaPzr1PwU4UlztWRde1+x2ht24EqMp3L5bpjdyziAOzoX5wKiKjoVO5ItEr+2wQ==
X-Google-Smtp-Source: 
 AGHT+IEH8YpmFZKY6ns4TMJewaDVXQKczzoSzRHGKbh5YBHx+8W4eiRPHctYLxl7ZfUOVRdWkpJM
X-Received: by 2002:a50:9f6e:0:b0:579:e7c5:1001 with SMTP id
 4fb4d7f45d1cf-57d4bd812b3mr1826898a12.23.1719187323661;
        Sun, 23 Jun 2024 17:02:03 -0700 (PDT)
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-57d33045cc8si2985237a12.233.2024.06.23.17.02.03;
        Sun, 23 Jun 2024 17:02:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@outlook.com
 header.s=selector1 header.b=khtI4bGy;
       arc=fail (body hash mismatch);
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
       dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=outlook.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 3A23368D28D;
	Mon, 24 Jun 2024 03:01:59 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from EUR03-VI1-obe.outbound.protection.outlook.com
 (mail-vi1eur03olkn2017.outbound.protection.outlook.com [40.92.57.17])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 442BC68D5B1
 for <ffmpeg-devel@ffmpeg.org>; Mon, 24 Jun 2024 03:01:52 +0300 (EEST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=AmlXVNrlS+g7piKA/DAisQur754SZsoC8RlOhbH8E8tcdIRDPgb0vMlZCyQAq8p2gjMAP6aq5aeaC4tAMdaleHoqrE5XRUH/XODYHy182/arZRWrbS/5gsFGbHmGYvrufmHaCJzVsKWiS9GOGRSVqCLLMq2vuSipSTCQjJH62KucZ+IPokKfzpzOSBCz5AI0z0m/zX5UL2qBNm0WqrTYBwKZ61PN5pX6HOMPoTzg8IwQSWfPNgSDNXL1cncz8gyAboENnFpFKxN6jPMoT+EUbyaxZ82gnixyH4++9l37DYblWIUgRJfYaIEZPh7tI0sjeQLKD8RaKelS/zC8siZBiA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=2SM35VAR8uYu7y0w0h9qGJCE/HyCh6oiWkoMbun4rgg=;
 b=JlbelN/dg8dxCSt55iEAqizIPuXjoqBe3Ix710rXRDc2jMQxEgq6qn66xW2LdRE1iEEumabxa9orQ4z5DnzY7kAHc+t2zJK4ogU/aXrrd8VR1Ox7Q1o9MntQPZaJZt1Kex6bSFj2+SplmsS0uqo1jjpIthoHpFrV5jDC1zH8OOu7i8b1a9bSkUQMzUMLzenn/mikYfdLGwPQaw30/Xpdeotd2Gqsp9GAQPnq+ctb9Dpoiu5EarFljIXioYKM6SrvsHyA6mutZV0geHgRvuoc9p2LwjssRf8ozCyLc6gdG6oLGUG02JlqEvH/MflL50MCjbboevBEdHYE7FjyAuaxgg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
 dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;
 s=selector1;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=2SM35VAR8uYu7y0w0h9qGJCE/HyCh6oiWkoMbun4rgg=;
 b=khtI4bGyx3ghR64OeOraSq5cHEB+gHSjtIewvHrxrWJ7IhnZVk6K0wCZVmmrm2VkwUFafHYuj+KlAlCKc5vhyFk2lz4927BjbTloXQ8u7xLjbPCBkw7IeMoDcZJSAbOo1hyCjwrtbxGV1gXgh+9+rG/yq7MRO7mW2dZcVzGtLy0Dnp4NIwIaBhTRwZtn1G0sHTO/dZYnLkJBvjori/aY/UUa5tgE+sYDt/L/4WdBVq4SK5TJR2FSWYdNp8W4htPfDV4Tkc/c7WPSmQHyH1A4Mx1YO4BedtE0l0IG8By6DwD3ERPkIONO6TCqaJk+12Eopk82QWUg/h+/XJzZB6dx1g==
Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14)
 by DB9P250MB0452.EURP250.PROD.OUTLOOK.COM (2603:10a6:10:33e::5) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7698.19; Mon, 24 Jun
 2024 00:01:50 +0000
Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM
 ([fe80::384d:40d4:ecb7:1c9]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM
 ([fe80::384d:40d4:ecb7:1c9%4]) with mapi id 15.20.7698.025; Mon, 24 Jun 2024
 00:01:50 +0000
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
To: ffmpeg-devel@ffmpeg.org
Date: Mon, 24 Jun 2024 02:01:42 +0200
Message-ID: 
 <AS8P250MB074445AB300959EFCE0F78D58FD42@AS8P250MB0744.EURP250.PROD.OUTLOOK.COM>
X-Mailer: git-send-email 2.40.1
X-TMN: [WBZZ2082CuDyswSXEoN/uJaIBy11qjL5bA5nHgLofHs=]
X-ClientProxiedBy: ZR0P278CA0101.CHEP278.PROD.OUTLOOK.COM
 (2603:10a6:910:23::16) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM
 (2603:10a6:20b:541::14)
X-Microsoft-Original-Message-ID: 
 <20240624000142.2354736-1-andreas.rheinhardt@outlook.com>
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|DB9P250MB0452:EE_
X-MS-Office365-Filtering-Correlation-Id: fd02e1d7-d530-4d57-8809-08dc93e0d8b0
X-Microsoft-Antispam: BCL:0;
 ARA:14566002|461199025|3412199022|440099025|1710799023;
X-Microsoft-Antispam-Message-Info: 
 On2TGBX7nJtNeusgVfPMdesyNxc2UNOO6N0yumBVjzerlee96iFauP+fuMTq3QGIvWsRZG6zehblfOc8PvrJAp2uz8l/k5kbQDk3BQiN3LvO0B3rhLh14NRivMhEeQWFQVTU0I02T1fa6fLIcD6a9c3OgX6bYfH4oOk8QqPU+cUgTe6cDZOt4dDaiGDUcqh0l/uajR7ObmEJ3oDx2xZ1bJhBUKdbHfsPEsjMwy7ZvAW/OebLPEVphI6IRB0XczPfGGQLi7XWjfUMefJSQvgnak04qRIu+27cNGdRuQIzrC0o9ddBjBjlaerPbs4KPuSO+cPuQ6x2vHwiWA7T0JLzPRcjYg+9HVTaivrAzw60fu59FRiMyHSh9Uc04P8sR97ow7RLCa8QUHSZNyOWE0nfhrZfPBzupOtiUj05L9H9CYoWedtYoCQdOo4kvBZiQlHkLa579nRXyAubcVSgaFDuaHQycVKPbspdcWBq38xjBMiypUzx3AAlYUt7Le5ZzbGgL+CeOSc0jZiEYFLIS6mFw3V6wT+wTNt4UdkRJoCqSP3BDkOGYzBF1XesGJ9t4/+xvsdVGLzA3TOJfHh450V+o4DhL486Nqq3+3QXb1mmNeW+PObvC0E3PcLVLTUcZikl
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 0rbT1RaQLCTv/59DxvMaQtJjPRYZLbYaisoq61/YAGHtBXjWhMX/j2MLEBG7gVJYoJsErSCJt3pxsxE/g+RtiFDmEK+vycOhxYVR+nw9gR5svfkhpHzF4rKLFUffbFheK5tz2HoM+3LkJ2HsABkkwiWvem/3zWrA8Dx7zQsAjnIzlMClLAWFpRZubMJtf2Quw7ofORQu0J/WUbhf8Ld0hNwGHcRQiF/MUDNBw7j+X+QUpMTIceFm7lGmQELHEuQAj/pDyVDkI6EIsGur5hPzHwOtcU40gd3IhHxn5iozeEL0FbJJzy+x6P7XhbALtomRGvP+/miyPMgWYobNwIBptjErnGYyrLPz4JeJhJiuU36w7W3fcEXN0995gUua4Xx72MQ1JhHmfuslb+FTWnNG1V04Vf7kMZQjHPUOK87+gtmBU4NieNsmAgcCKHr0kpswYzoctrv1UhhO55ELwXNVTX8lidA4/0vS/ovJoEn0TF9ZflpTvwVMa7Hm3EmwfHV6ttWhn3q+DEgO+UdG5XGpcwrT3udqmjpSDMxsKt3Nk5oArlO30q7LVMOeD34KlMlDWxO1cennlwULKizo5UXdzHueUl7kUXisc17igZKdO41rcwBF5mtZ4a2f1icx5qyTe/f1xYiLuyZ+hyoZJK4R3Q+pGNcUW7OgQfEhU0gCv1USnEPiQVaY5ux1q+5l+yn90QMr8eSq5Z/O+xLf/KwyBdCY+W/C75T1W+OnWjXa3EUAj7rbM/4LnXZ562VB+0LCw1Bsmt559BbxwCgJzBzRc2z4EFSKcd8b5CJeqZM61w6R9qKicC3o5+8ylhukghP1vHmeggneIagfP22TGDwtT1XWrhMDh8DM8YesM2BcwBpxaisOzbjG7RqC/vWj4Vh133QBS/B/7E6gMa0yHh6i5hCx0ECjhYCfZR5iRB9p4XHMBi+rWnLTEfbyON8KhPhcuGSuTgQ/0E1K4XjXLOYuqWucFHe27eke8D/+abQGZhMnyTt3UM9TeIARNSBOT9uwbMxwSEk+gbUextbPILkL0ew5dJHAy1nYMMtIllg90WOdY886/NYSo4fT8h+BZCIcVjeZw6HcbNog73UDaNUTMp7Ml5RMP7r52240zANZMPgYA6GcBiNeUMlguhoYnqiI7BCstZTGox9wg8AUWIKVcCOYetV8mIKzBcCtfPAS4oE+BT/oBVUOfF/kP2HLLxaJVK5fRMieV/Sa87kPnpqAYCZRw0UbDXz84hid5BkIA56zNzuYw1gplEUv2NUfRa9KA1T+WJ0FrkO3/NsD5+qXwA==
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 fd02e1d7-d530-4d57-8809-08dc93e0d8b0
X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 24 Jun 2024 00:01:49.9275 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 
 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9P250MB0452
Subject: [FFmpeg-devel] [PATCH] avcodec/mpeg12dec: Don't adapt
 (last|next)_pic.linesize for field pics
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Cc: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: tk8c4N91LJL1

These values are not read anywhere. Furthermore, since commit
fe6037fd04db8837dcdb9013f9c4ad4e7eb0592e the linesize values
of the MPVWorkPictures were wrong for subsequent fields
in a chain of B-pictures (as they are always doubled and no longer
based upon the frame-linesizes) which can eventually lead to overflow.

Finally, it makes no real sense to ever double the linesize
of the reference pictures at all: Even when the current picture
is a field, it can still reference both fields of reference
pictures and therefore the linesize should allow to address
both fields (for the same reason, data is not offset for
reference pictures).

libavcodec/mpeg12dec.c:1304:41: runtime error: signed integer overflow: 4611686018427387904 * 2 cannot be represented in type 'long'

issue: 69732/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_MPEGVIDEO_fuzzer-5123551179374592

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
---
 libavcodec/mpeg12dec.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/libavcodec/mpeg12dec.c b/libavcodec/mpeg12dec.c
index 7485b7c65f..6953ba828d 100644
--- a/libavcodec/mpeg12dec.c
+++ b/libavcodec/mpeg12dec.c
@@ -1278,8 +1278,6 @@ static int mpeg_field_start(Mpeg1Context *s1, const uint8_t *buf, int buf_size)
                                                     s->cur_pic.linesize[i]);
                 }
                 s->cur_pic.linesize[i]  *= 2;
-                s->last_pic.linesize[i] *= 2;
-                s->next_pic.linesize[i] *= 2;
             }
         }