From patchwork Sun Jul  7 18:47:24 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 50394
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:cc64:0:b0:482:c625:d099 with SMTP id k4csp5407583vqv;
        Sun, 7 Jul 2024 11:54:08 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCUv8v1tcdtAQokz74X/0LBO4rEMArCtYrz0MVzjY6SamJgasWX6yXFf2Iw5TeQDQhq+FeSKk4GazXYuhGK9ygnPPl93ijpiqRTBgw==
X-Google-Smtp-Source: 
 AGHT+IFJyZ1c+ekx/eY2uNg9z2C/aXL4ti+xH4KBDiqJpMqEktQV79mTwsK7Y/GNz+84eMiedt8t
X-Received: by 2002:a17:906:58c:b0:a77:dfd3:e2e8 with SMTP id
 a640c23a62f3a-a77dfd3e3afmr400472566b.17.1720378448055;
        Sun, 07 Jul 2024 11:54:08 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720378448; cv=none;
        d=google.com; s=arc-20160816;
        b=FmK4jNA65YzSz4zhXylOoroAZHCjMkfcXDB+XDRUpLQFb1VKH4IISn0+TvOg8lxtLm
         4oNMstSSc1Wsn3GnmAxzYpewz2Dz1YWZVlFdEXVmBWGJyaEJkhu2Q57Wf1eIdY/Yk8OP
         yVQ9eTE1k5iJ96AUQDTeYyN5TeHOTe4RLuu5XekffEGzSojH+SghJJHizoOgHe04lgnj
         wcH5dk7mUvzJ6JaVnViMG1PmeL//PjkHEYYTq2JdiIxDGrkRXQmEer2iBL+ud7t3XNEE
         aQHCmDhGypNdPquD0TYFhy99BxIPWvnNrBKXSQth0iEFe+uOKtattlAEMlYmjWFu1QoY
         kcEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:message-id:date:to:from
         :dkim-signature:delivered-to;
        bh=f5Xfx8rZJdiYdmQcfuoxvUaZVLOreLiLspisZrJEwa4=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=tyuUkZ1eZT5TWX1IxkiddsFBOxRj4UtnyrbzY2Po/OOylbkH19ur3k1b+QYO5ROiav
         614zrjHV1p4BBo4G6IJNzz965w6BGnK6AToKiqZiLzIt6Fkxxi4qEx7pIfoI2Fi2XPfF
         bjL3+hbaEQojuOSV4hX7nA0Y25b7JgpF/kokE2HHoMFZ8JDhOH1kAIUoUDDcfXksurHk
         ItqOEnh8XDp1yqQ2ff6lBYdOSEL/n2yag8+LQ/7yu+R6i9XaL2GaPAmljXq6owpDb7KN
         5JkLm8iW/Yr69kuuNk77CmIXXw4mpGwt2ijeaHNNr4nLblXEdC5Ix3L3tS/47AdT/FmM
         QRjQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=DJx6MguS;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 a640c23a62f3a-a77b07421d5si454018566b.660.2024.07.07.11.54.07;
        Sun, 07 Jul 2024 11:54:08 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=DJx6MguS;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id AD13068DADB;
	Sun,  7 Jul 2024 21:47:37 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3928268D830
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 21:47:31 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 68F41240004
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 18:47:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1720378050;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding;
 bh=Gfnj8Ztk5Vqqeu9QFSDgnIN5dOKpd6LSYrO75uLYic8=;
 b=DJx6MguStlnRrrdV+kR+OW65YkH/DJhPMcCKjAPraq44UHz8G2MeRH8Unzd+b1Mvmd80iC
 /Bh0ay2OpBSmoEC4mKbbOLt5fV9TWet21OHpuWQsUbhx3kemKt1Q/ZE2FvUpkkY9caHzvz
 I4TtGpJlnW5geek93cD9aUXPTI7eGUf7qlOw1egVR+oAVo24/Qa1LNxFMzXnF0z0WVax68
 67Pg5333VVArW8KcFjKHQCpEomPZroukQSm7Mhg+mYDFrLmUS6zZ6igM9Es9hk2irc8j8n
 NxCisSVTtcq1q6eJSCbZKVnXK0+zNFcEAOyVxAaGojobvDFrQtBPj4+ao2nGpA==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun,  7 Jul 2024 20:47:24 +0200
Message-ID: <20240707184729.3525852-1-michael@niedermayer.cc>
X-Mailer: git-send-email 2.45.2
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 1/6] avcodec/tiff: Check value on positive
 signed targets
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 1uvgIi03/5i7

Fixes: CID1604593 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/tiff.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index fd4116aec4d..37b56e9757e 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -1298,9 +1298,13 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
         s->is_thumbnail = (value != 0);
         break;
     case TIFF_WIDTH:
+        if (value > INT_MAX)
+            return AVERROR_INVALIDDATA;
         s->width = value;
         break;
     case TIFF_HEIGHT:
+        if (value > INT_MAX)
+            return AVERROR_INVALIDDATA;
         s->height = value;
         break;
     case TIFF_BPP:
@@ -1432,12 +1436,18 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
         s->tile_byte_counts_offset = off;
         break;
     case TIFF_TILE_LENGTH:
+        if (value > INT_MAX)
+            return AVERROR_INVALIDDATA;
         s->tile_length = value;
         break;
     case TIFF_TILE_WIDTH:
+        if (value > INT_MAX)
+            return AVERROR_INVALIDDATA;
         s->tile_width = value;
         break;
     case TIFF_PREDICTOR:
+        if (value > INT_MAX)
+            return AVERROR_INVALIDDATA;
         s->predictor = value;
         break;
     case TIFF_SUB_IFDS:
@@ -1582,12 +1592,18 @@ static int tiff_decode_tag(TiffContext *s, AVFrame *frame)
         }
         break;
     case TIFF_T4OPTIONS:
-        if (s->compr == TIFF_G3)
+        if (s->compr == TIFF_G3) {
+            if (value > INT_MAX)
+                return AVERROR_INVALIDDATA;
             s->fax_opts = value;
+        }
         break;
     case TIFF_T6OPTIONS:
-        if (s->compr == TIFF_G4)
+        if (s->compr == TIFF_G4) {
+            if (value > INT_MAX)
+                return AVERROR_INVALIDDATA;
             s->fax_opts = value;
+        }
         break;
 #define ADD_METADATA(count, name, sep)\
     if ((ret = add_metadata(count, type, name, sep, s, frame)) < 0) {\

From patchwork Sun Jul  7 18:47:25 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 50390
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:cc64:0:b0:482:c625:d099 with SMTP id k4csp5405932vqv;
        Sun, 7 Jul 2024 11:47:54 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVCVx3jmF+bwRO5vkgPs87m9GABNNs7W7cppm0TVnQMXRD1HZgaPYKAPBrMZ55EB8a44zmCz95VEghyVV39ir6uyNcoTvaL3Gy5ow==
X-Google-Smtp-Source: 
 AGHT+IFfupdW+Kqe5rO4Pyijr310QJCz3IOYCk2WF52r/HprFfAb9yDf2fpXcUEM8KL+m6oUDwL1
X-Received: by 2002:a05:651c:990:b0:2ec:5172:dbc4 with SMTP id
 38308e7fff4ca-2ee8ed8b7efmr76543161fa.12.1720378073973;
        Sun, 07 Jul 2024 11:47:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720378073; cv=none;
        d=google.com; s=arc-20160816;
        b=YOV0ghh7St3xhV1gMYME8BVJjcREHlXFGgQbyUR0NNvTByoztKlQ1pA4H9r471No+v
         syxE1yQ2FLg5QqJbUOt5Kv0BSOW80hPjpDpbNCRrn1xuUviD3UjyKqJoexVJfVcCk4jo
         HQ8W+/Yfj59NzvY9XL1AxvnqgKIHp4znFTkjcZthZugiQVaM7JXFJGKDQw43XHgu43hO
         CP4cEQfnmXKxxsc1hViksHAsNhGpN3l/fovrouHFa+W/JyLaGSwfIuc5nDbmzNJtjV4Q
         LL8WM6Sl27XdBkZi4qu9pswFRAw5y2wvsk5NiLRpSFYMhgHhGS9UtKbrvF0KjQkA3P6E
         p0Ag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=cHfpSye4oqBG6Fi7iO94/+H4wKpnR7gnJ3Su6sv+lC4=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=I9SXL1+/ZkqAeV8TNDpz0Hefp7C29wdAjWaoToNIsc2SpkZj1gJxJpHJATisI+GMyg
         eMd4TaBhjBebT218qp92XGjSFKN8GxSwr1baT+VwMwG5zaHAmRpFzJ8ZuM5CmeBXK870
         lnsd7m72z7xIlBScuz9l82KkBrbcdBfyxUpuVWaRoFQUvfeLFDL4K9OiDUcKgg5+n2+f
         gaYU/QRcaWHR0m8DMZtihH4zDxmLDxvPuya4B2Xz0O/ARQF8NL5NWvGwwX3FQy8juaFw
         NdTWfcO1CBw24UQS+hw2fWW+1szd6KumYgfbpc1MORsfQiCCztK8q0RJNFDn3MZKOMCf
         hC8Q==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=nFFc7DLN;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-58d47f7dfeesi5252233a12.274.2024.07.07.11.47.53;
        Sun, 07 Jul 2024 11:47:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=nFFc7DLN;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 32A1C68DB95;
	Sun,  7 Jul 2024 21:47:39 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4C15C68DA53
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 21:47:32 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 7D47BE0002
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 18:47:31 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1720378051;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=XG43tCmaKxmkZNYKh/ZQyQi+qieB94EfgqemmbUDMQA=;
 b=nFFc7DLNIyITkg/zPiRCqH1hk+n/GTONMR83rHFVcR+s1yCIXH/P2UIDh7cNOIJH5UINJv
 /++f3AfqdqZ4c7W826MHeRC5LNX0eN+uzpd09B2k2KGmy6u7Mu8JWAHPdpTQmOoUQP5Cas
 qpLSrcbE1IPoV4Yh+WpyqmW35qW+UT9dB+an3dVxgduEqT0RdzslrEqREvPolQ4IY6Eq1L
 9Lznljq6FVUEeWWr9xvHCh8J69YQd3iJQ0K+qp/e1xl2PLVH5Mz2xCajjsJKCb8YM0VUOF
 n2cv3mhka67JmksU7DZr22d7VoeWH4z0BXelRFUoEZ4BwAa+fAaL3nEa1YUMiw==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun,  7 Jul 2024 20:47:25 +0200
Message-ID: <20240707184729.3525852-2-michael@niedermayer.cc>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240707184729.3525852-1-michael@niedermayer.cc>
References: <20240707184729.3525852-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 2/6] avcodec/vaapi_h264: Do not store our
 error code in VASliceParameterBufferH264
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: aLc0F6qSOlg/

I am not sure this is possible (thus this requires review)

Fixes: CID1604570 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vaapi_h264.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libavcodec/vaapi_h264.c b/libavcodec/vaapi_h264.c
index 398e92568c2..77819a64a4e 100644
--- a/libavcodec/vaapi_h264.c
+++ b/libavcodec/vaapi_h264.c
@@ -342,6 +342,10 @@ static int vaapi_h264_decode_slice(AVCodecContext *avctx,
     const H264SliceContext *sl  = &h->slice_ctx[0];
     VASliceParameterBufferH264 slice_param;
     int err;
+    int slice_type = ff_h264_get_slice_type(sl);
+
+    if (slice_type < 0)
+        return slice_type;
 
     slice_param = (VASliceParameterBufferH264) {
         .slice_data_size               = size,
@@ -349,7 +353,7 @@ static int vaapi_h264_decode_slice(AVCodecContext *avctx,
         .slice_data_flag               = VA_SLICE_DATA_FLAG_ALL,
         .slice_data_bit_offset         = get_bits_count(&sl->gb),
         .first_mb_in_slice             = (sl->mb_y >> FIELD_OR_MBAFF_PICTURE(h)) * h->mb_width + sl->mb_x,
-        .slice_type                    = ff_h264_get_slice_type(sl),
+        .slice_type                    = slice_type,
         .direct_spatial_mv_pred_flag   = sl->slice_type == AV_PICTURE_TYPE_B ? sl->direct_spatial_mv_pred : 0,
         .num_ref_idx_l0_active_minus1  = sl->list_count > 0 ? sl->ref_count[0] - 1 : 0,
         .num_ref_idx_l1_active_minus1  = sl->list_count > 1 ? sl->ref_count[1] - 1 : 0,

From patchwork Sun Jul  7 18:47:26 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 50391
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:cc64:0:b0:482:c625:d099 with SMTP id k4csp5405984vqv;
        Sun, 7 Jul 2024 11:48:03 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWXtiTSpvd98eMcUyJCdDRRbqUGR3QaRxLGIKToJi3fmXOALtkk8437iVPJz/q+Vnf1Ju5X9ktq/TaSKpFl8MMRxPKIgl38ySQdsA==
X-Google-Smtp-Source: 
 AGHT+IFbLqg+mNX2EUVWQEeaDWHsHLdJLrvF9QYK40SW2JHu82octdWX1R3la/TZqTiO8XiIwnl4
X-Received: by 2002:a05:6402:c1c:b0:58c:ab6f:8d63 with SMTP id
 4fb4d7f45d1cf-58e5bd7de6fmr7017238a12.39.1720378083647;
        Sun, 07 Jul 2024 11:48:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720378083; cv=none;
        d=google.com; s=arc-20160816;
        b=gU3Zf+so3JdbgzLhFNYNCZwr/SdOc9823ir0oXdEV2CMvTsfeERGrfBExDAc43R9Eh
         qlx4R3AnVFKaszQtdCqkjmeKhpcYweAChYLnuZr2sfSzQ+ZoYhB+sfk+lhCXjRNij0dB
         JcOTMFgnicuK2wODAakhdt0PYoXtWeiHcrM3GJR/OYIVZFW3f7nLCui3Qwpkd5ZRbwkO
         j63ubZdXq+R/YaOAEpGgbNq1kAurp6ledXVZqXSggt+4Uh1NDgXNgViEGQACZXJYvt12
         xFrAN6XlBAr9AQizxg/HC51m6M9RP76PE9LwSp8scjWb0qfAhVUQepmSXQJH0aWV+7g4
         n3dg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=OIK8UJ34he1E5dEN3yN5cDGMHHke1YpduFwJqfcK2CU=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=XTbyE1D+K4ciXIf8k5BoYMGSqdbs/sfYkkUrUBi6pFXlzhVoqklButZjaPy4Q+tfaG
         MC2DP6vFxiY3enL+Ltaf1jiV/51hc4RhxX8+lxxBBtMiYjpNVm7U4Zp7UNVs0hZhUEMj
         H8F+bs8dqNqopawB6dh0WiUdVOADmjL5ArsxpcV7hinnYz5k6neFHKApsc/SvyUSvauQ
         DlaV0HlQZuMZ2gb15JBHAW5GxPZZkg/M5m+eSNFdyfKxlUe6M40zO+CAR1KH2owX33zM
         NjhJf2qo2OiVtYqD0fQ2IhrGUnE18W6Alw8cqg2d9JD0wFfkC0KSKYK05BNGS1ZE5orN
         9srA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=dhSvbQFx;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-5861504101bsi10021904a12.415.2024.07.07.11.48.02;
        Sun, 07 Jul 2024 11:48:03 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=dhSvbQFx;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E0A4768DBD6;
	Sun,  7 Jul 2024 21:47:40 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net
 [217.70.183.197])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 184B068DA51
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 21:47:33 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 50C341C0003
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 18:47:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1720378052;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=fiV18o8OR7oBqUkmKKNDB5MAB/Jim7z2UTsXOyCLQPk=;
 b=dhSvbQFxc1BmdMEEL/l6SHsMw5o3zKw4jOb8z2zfZeC+ggXM/Cwz5c6sCJrPxjpupXiH5E
 nbSWYKZfMxW/jiahZZsVC7tXDUq3XTSzia54NzzSZmeG4JIwgOsEhyioS/wVeZIovyewjX
 wpYhOmsIlR1Zf6lgj6Zs5IDJeaLQaskCm1x1ByMkTDwrgk36TuxbXNvfQAkOlMC+Pgw1HD
 9ElFlwKsPMeg2ScFU8YAKe5LxMBrQc6tKvO10n+UGrRHV2mvNNUytt7L8PDBGjZq+Mzl94
 /vn5XulwRwjrG+SxaExgZ6KubAISpR3/O5oPMWfhXdQEAvdjOSnSgudOjjnc7w==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun,  7 Jul 2024 20:47:26 +0200
Message-ID: <20240707184729.3525852-3-michael@niedermayer.cc>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240707184729.3525852-1-michael@niedermayer.cc>
References: <20240707184729.3525852-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 3/6] avcodec/vvc/refs: Use unsigned mask
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: b0d/YE9wf6rS

Not a bugfix, but might fix CID1604361 Overflowed constant

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavcodec/vvc/refs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/vvc/refs.c b/libavcodec/vvc/refs.c
index 26a5b0b34cc..c1fc6132c2e 100644
--- a/libavcodec/vvc/refs.c
+++ b/libavcodec/vvc/refs.c
@@ -310,7 +310,7 @@ void ff_vvc_bump_frame(VVCContext *s, VVCFrameContext *fc)
 
 static VVCFrame *find_ref_idx(VVCContext *s, VVCFrameContext *fc, int poc, uint8_t use_msb)
 {
-    const int mask = use_msb ? ~0 : fc->ps.sps->max_pic_order_cnt_lsb - 1;
+    const unsigned mask = use_msb ? ~0 : fc->ps.sps->max_pic_order_cnt_lsb - 1;
 
     for (int i = 0; i < FF_ARRAY_ELEMS(fc->DPB); i++) {
         VVCFrame *ref = &fc->DPB[i];

From patchwork Sun Jul  7 18:47:27 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 50392
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:cc64:0:b0:482:c625:d099 with SMTP id k4csp5406044vqv;
        Sun, 7 Jul 2024 11:48:14 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXApx/e4nAVWzQlREamLo2kSB6A0OqmV5BKUxLHKJ7tYO5BFsKXSMszWNUExCEQXgNN/2c/rhLil7H66y/235VaWvmdlamireBFmw==
X-Google-Smtp-Source: 
 AGHT+IEg4AtsFhjvkgmHQKdZlSyUJKyYF21oTCrGlRKHRzIJgD5Ll7p5zOntxGaCKAwaM30inOiI
X-Received: by 2002:a05:6512:3282:b0:52c:850b:cfc6 with SMTP id
 2adb3069b0e04-52ea0640028mr6373752e87.38.1720378093760;
        Sun, 07 Jul 2024 11:48:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720378093; cv=none;
        d=google.com; s=arc-20160816;
        b=cBxYghr8qzw0NThfWLmovVMVQVM7kyfRsNIO7RmUGMBwQO0CyXaZ9I0ekEPEfs53JO
         pPKuwik2hH2D5ieLbMhbPxrVLnJRRKgKi44rawlH1q5efpIhq/OLwe85MeYkMqe+0fn+
         ppAG/DN8/uoM8Sn7CVG9Z3joIhmJKAPqj8Y0gMNfmGzSgwAu9mASjaOcZTKJC5ZXs0TI
         8jX0P+SOrAJefMt+Xp0d03lcWKXqEjzz33+j5fhJpnbDDKPFMBLuIyx2rHCoukgbIWYN
         GsPZIncZF0lUZGG6K3H3RXTbMIPM9Zfn9flEXgoU8giC248hMfYtkroj0WeJJtNZgvbH
         qhCg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=IDvzcJ+ziR9+qDUvVHSg822OMRu2jVGDDZA/z4roWvk=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=MRJN7GkeCiF+ohcDFgi9FIRDeCHUGJ9wAU57wjPHITfgBS5csBwZfNMp84XIB/cv3B
         6ICOrc7mbCCZjtMesMt9gPG4jodkZOSM2KYmHYtpJZBz/+ufV986bPYouQpPFz+hm4bH
         RwMp7rvkqthr2lrE5iW50R95PjehFaHhQFJwyQuUkG2350DEKeRVM5ZEIXIs+VZaQ7X3
         s8N27d0QsiwqZ2D++mMI/ezWmvu1v6m4+/nKGGk6rdm6zufihXIDTqwu51lNw8Gnmwsk
         2wnAzHgPbCelyPnBHT0VI48xj2Ntxi/CWpoVcCOHlhllsvdXNJx+MsXRRSI7uqI6y+XZ
         51EQ==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=SCiZuG8b;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 2adb3069b0e04-52ea2136f07si2315701e87.336.2024.07.07.11.48.13;
        Sun, 07 Jul 2024 11:48:13 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=SCiZuG8b;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DAB2D68DB56;
	Sun,  7 Jul 2024 21:47:41 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net
 [217.70.183.193])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8DBCA68DA48
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 21:47:33 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id F2D08240005
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 18:47:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1720378053;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=xRzPURJXKcNumGb6Ruw5Jpb/aCJq7U/Ou4pDJX8TYWA=;
 b=SCiZuG8bYViZaQwp41It3yTKnObLDshITn1e9aulm1XEWMLyNTOLrGocZiBtxPMI5RbJuO
 BTOXQN1bvAVk8kwDIG+tyNILv6z/sAJgDCimuxGhx4cc1drPB7YbXwKfQAxaN5GQeRggrI
 dmN0MoLp6Z/v0YaDawYD4ehhEbZBkXg+Rzs1AoIWbr6tFvzuk3FJhcMtCwP3DbHc9b9mOG
 gmp1R9GmGrAd+aGOVNTMLYVStkxWvEJWcbu1scN4qXylcf6ySRKxlUheJCoM5YPASx67qT
 re0cqTMVLVXhzr0XprdsyH4BuQHaCrW1Rho/lciH0PH3V7WnkX+opOSINjti9g==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun,  7 Jul 2024 20:47:27 +0200
Message-ID: <20240707184729.3525852-4-michael@niedermayer.cc>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240707184729.3525852-1-michael@niedermayer.cc>
References: <20240707184729.3525852-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 4/6] avdevice/dshow_capture: Fix error
 handling in ff_dshow_##prefix##_Create()
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: TIL7LTVYaV/+

Untested, needs review

Fixes: CID1591856 Resource leak
Fixes: CID1591887 Resource leak
Fixes: CID1591874 Resource leak

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavdevice/dshow_capture.h | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libavdevice/dshow_capture.h b/libavdevice/dshow_capture.h
index 81e684b9be3..bb39d4947aa 100644
--- a/libavdevice/dshow_capture.h
+++ b/libavdevice/dshow_capture.h
@@ -124,14 +124,15 @@ void ff_dshow_##prefix##_Destroy(class *this)                                \
 class *ff_dshow_##prefix##_Create(__VA_ARGS__)                               \
 {                                                                            \
     class *this = CoTaskMemAlloc(sizeof(class));                             \
-    void  *vtbl = CoTaskMemAlloc(sizeof(*this->vtbl));                       \
     dshowdebug("ff_dshow_"AV_STRINGIFY(prefix)"_Create(%p)\n", this);        \
-    if (!this || !vtbl)                                                      \
+    if (!this)                                                               \
         goto fail;                                                           \
     ZeroMemory(this, sizeof(class));                                         \
-    ZeroMemory(vtbl, sizeof(*this->vtbl));                                   \
+    this->vtbl = CoTaskMemAlloc(sizeof(*this->vtbl));                        \
+    if (!this->vtbl)                                                         \
+        goto fail;                                                           \
+    ZeroMemory(this->vtbl, sizeof(*this->vtbl));                             \
     this->ref  = 1;                                                          \
-    this->vtbl = vtbl;                                                       \
     if (!setup)                                                              \
         goto fail;                                                           \
     dshowdebug("created ff_dshow_"AV_STRINGIFY(prefix)" %p\n", this);        \

From patchwork Sun Jul  7 18:47:28 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 50393
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:cc64:0:b0:482:c625:d099 with SMTP id k4csp5406089vqv;
        Sun, 7 Jul 2024 11:48:25 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCWNQ5cqTS/ICURdoZPwtfz211n9Z+2Vo4XUkO7JsihwLo3V03xXle3UpfD6IX6DF+iOC8vuTsbU16qZ+0j2Y5E6Vz3lgy0J20732g==
X-Google-Smtp-Source: 
 AGHT+IETWkOO4ViFDtxiQW/q/nKiQiX9cRVp4pUsoAmGF1+U9XD5ry7zY8jCrGNVNFzF1SosuMMp
X-Received: by 2002:a05:6402:3496:b0:57c:61a3:546 with SMTP id
 4fb4d7f45d1cf-58e5b1b752dmr7373421a12.21.1720378104710;
        Sun, 07 Jul 2024 11:48:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720378104; cv=none;
        d=google.com; s=arc-20160816;
        b=vTQswF2QJirJNx19BOvEOAsEHqPgVm0+iUs1KzAib+fBUoFBPbWM74DngT3jUag1CB
         IrXDJvUNvp9hckKLmgX7fCdCTPm8pHINoBlAcOb4KwjDv+UOt2j1g1RJuXzLVbKC9ZG3
         k9XsbiHmdNFZSm/DUIPPYfUBKba2wpffX7J8bWC+Uu4/QfLfkMnuONa1yvuFesrqa6VO
         YTjKVH5UQp/SrylBXKU5EFh/1mqois+YCZ3pfhw8S4dw124UMKsJLE192guW2pqqWppZ
         DqrZPrGJ1BjrBBlMbtUuHIFhGb1n9gRkMmdkT8xWCJWqCGAj8s/QGLI6kU5cmj0fKKSE
         MCLg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=grrq3CG8ylZI8FN8L/cXHte15qU7XeWwAmVkmfMRjFs=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=wVeQ6SB/rq+OlcPKm8vOIhxOYx2mlShQUFRe6UeRnNFOwz6y+0Ry3SFbBW977iyB4z
         os4q18EOxVANKOt95LZnE04P3vltIivfbx51gjQRgIWtdXAyxMzbLk6VLfNvvqlKTM6k
         0I0eNMB5JCLH89+DtgueejqHUTEPEdJPyEmijx5tB0gpmvHNRdW62p7zCV7luG0ZZXqY
         Xs7jRsCm/ZOp5a0OEFZ19QvQ7m3ZgZbGWi/tr+vN0b9E9iJEYw9lqWlckQMLaO4o0QJK
         vn+87HbCxSGhmqHR5a0x920p0VssVZnzVJr2Biz74cNDpA0ssqXf27ed+EF+piutpBZJ
         NdCA==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=N68RAI+s;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 4fb4d7f45d1cf-58d734564fcsi4782288a12.494.2024.07.07.11.48.22;
        Sun, 07 Jul 2024 11:48:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=N68RAI+s;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 697DE68DBEC;
	Sun,  7 Jul 2024 21:47:43 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 45A2768D933
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 21:47:34 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id A58FAE0005
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 18:47:33 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1720378053;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=9xVNEn0+6qM2x9UXwoA/crPhSFQFDdlNTrvy5f15Op4=;
 b=N68RAI+s1rYdapY356fyGu7jwtuR+z2psvOXAvg0bHlJNjgseziv6ssGO7QFQPBSaAmiuz
 +2/KlZTvT4XYVkYtNMBKEgDPMDP5+QzTV8C+F9FRI/1YjMDfscdukrP+hLrk3A0/UsZINp
 1WAoaGn1+Q06tsExFr9Kw+NPrqzmGAT+oKaRPkFAwJLQWcUCYvT7A2mf4bXhk5d0xF5O6O
 qQM896DwaVc9aqdnSH+euLjaW91MynbIi07LTd+3zLWozfFPUoLGOlXdo3gO0CUWILRdpC
 5L0rUSlUe/WVExi/mn8pSenjFIv+1Q8wjrvsx/HKAB+bqx9PLdKXLOi85jXnAg==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun,  7 Jul 2024 20:47:28 +0200
Message-ID: <20240707184729.3525852-5-michael@niedermayer.cc>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240707184729.3525852-1-michael@niedermayer.cc>
References: <20240707184729.3525852-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 5/6] avfilter: Free out on error
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: 1IMbbyc/vVpX

CID1197065 Resource leak

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/af_aderivative.c | 1 +
 libavfilter/vf_deshake.c     | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/libavfilter/af_aderivative.c b/libavfilter/af_aderivative.c
index eeaa23ff88d..4883972dcf1 100644
--- a/libavfilter/af_aderivative.c
+++ b/libavfilter/af_aderivative.c
@@ -126,6 +126,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
         s->prev = ff_get_audio_buffer(inlink, 1);
         if (!s->prev) {
             av_frame_free(&in);
+            av_frame_free(&out);
             return AVERROR(ENOMEM);
         }
     }
diff --git a/libavfilter/vf_deshake.c b/libavfilter/vf_deshake.c
index 107b78a7d1c..05a2df652ee 100644
--- a/libavfilter/vf_deshake.c
+++ b/libavfilter/vf_deshake.c
@@ -478,8 +478,10 @@ static int filter_frame(AVFilterLink *link, AVFrame *in)
 
     aligned = !((intptr_t)in->data[0] & 15 | in->linesize[0] & 15);
     deshake->sad = av_pixelutils_get_sad_fn(4, 4, aligned, deshake); // 16x16, 2nd source unaligned
-    if (!deshake->sad)
-        return AVERROR(EINVAL);
+    if (!deshake->sad) {
+        ret = AVERROR(EINVAL);
+        goto fail;
+    }
 
     if (deshake->cx < 0 || deshake->cy < 0 || deshake->cw < 0 || deshake->ch < 0) {
         // Find the most likely global motion for the current frame

From patchwork Sun Jul  7 18:47:29 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Michael Niedermayer <michael@niedermayer.cc>
X-Patchwork-Id: 50396
Delivered-To: ffmpegpatchwork2@gmail.com
Received: by 2002:a59:cc64:0:b0:482:c625:d099 with SMTP id k4csp5408804vqv;
        Sun, 7 Jul 2024 11:59:09 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCVznb/lejggtQDEPha3rDoPmqJmNLw1eSbNDz4Ij9ilhOMxqmSr32VMpfY8Ht3jFJt79FgLGUvEWduRrVHr7AxGJ/o+DfYrNo379g==
X-Google-Smtp-Source: 
 AGHT+IEXVCAh8TzEgwFXnxz23ToC/V0XPVUMc+XAQGve6tA4F49CwLc3G2XUSElZryMo+P3c69FO
X-Received: by 2002:ac2:44d9:0:b0:52b:9e52:17f7 with SMTP id
 2adb3069b0e04-52ea077c2d8mr5073078e87.6.1720378749090;
        Sun, 07 Jul 2024 11:59:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1720378749; cv=none;
        d=google.com; s=arc-20160816;
        b=boZ9mp2FZ1afrUkI7REmfq6KNiTRWOL3gY8bGfpnd1iy2pdwbJDHNg/kM+R+98om+M
         5p+bT0Jd55cmWoHvnEiGlGCbLEjVLzq7agcf+TLKytEcFhEh4xMyKxN1XlCIn8IGHYbS
         Tqhzv5ZUfVOeA+Q82fdudbjkvwu4b3VWnmQTTPn0N+/atgwMw0aWFWGvSepPXmKiUsgG
         ehvag/ydQ7h7nyb+Z8PI3rvrA4ADXlVCpdvBXNLsen075SqchjhqZnmJBB25XIZrtdDf
         +e6WXYfMfDlLPK/3WBS0JKKDde/RynTqu5SYYBETwu/T2MM2J4iw36g7o0VAX+XhVjWH
         pJIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
        h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe
         :list-help:list-post:list-archive:list-unsubscribe:list-id
         :precedence:subject:mime-version:references:in-reply-to:message-id
         :date:to:from:dkim-signature:delivered-to;
        bh=MGh72e3brQlEv89c/9Vmo4vBnMhmK+qQGN+1xVNXmgw=;
        fh=e5zN9xSzcxLA6bGo3lF+CqTbY/oLwzApV03EO/RBfgQ=;
        b=zEn1YGY7KXfdzKtHaCjyLRxbN30+lOOUEX7/jrSZcN0jxBW+mLZZUeBwHroDJexZem
         lego/KJw/Dfp6XzI/6MBBVLfOVYpVYB1UDRYfTuQwumckk+u1V3EiPplURrl01/+I3xY
         KmFsD8G1M6XAGADMfl4uAVxY2xxPNlz7FTOPJ+hQQboSQLQ88gIvNZ4SSr1Q79Fn9sgZ
         CvmjNtrB2Esxwo3v/KddO4QlszCss4LpT0JW7iMLZtdy8Na2yciDc+KkA1juS0CnGqzt
         sGCy+FVk7Z/QcEnrgCrAal4MKwdwXdvB/hd437/NrOV4WK9/4XPKYkig2nXTnwj+pimn
         dR8Q==;
        dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=Z5WS5hpL;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
        by mx.google.com with ESMTP id
 2adb3069b0e04-52ea21877a2si2321845e87.408.2024.07.07.11.59.08;
        Sun, 07 Jul 2024 11:59:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
       dkim=neutral (body hash did not verify) header.i=@niedermayer.cc
 header.s=gm1 header.b=Z5WS5hpL;
       spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
 designates 79.124.17.100 as permitted sender)
 smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CA23968DBF9;
	Sun,  7 Jul 2024 21:47:44 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net
 [217.70.183.196])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E8CDB68DBA1
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 21:47:34 +0300 (EEST)
Received: by mail.gandi.net (Postfix) with ESMTPSA id 54F85E0006
 for <ffmpeg-devel@ffmpeg.org>; Sun,  7 Jul 2024 18:47:34 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc;
 s=gm1; t=1720378054;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:
 content-transfer-encoding:content-transfer-encoding:
 in-reply-to:in-reply-to:references:references;
 bh=jR37XGJgjnIcivtR3hpF2C+1pOFogKk74xdDab0ms/k=;
 b=Z5WS5hpLNUnaV62QYBdJTZdy7ZG+U/jLAi2rAwId0KihdoleR3pE6iJ6O0Spw4STeQzDI3
 jXfKXodApIy04YIGj/tIg2wDIa4HnXK2YQjYbTck1NxRcncIz0yZTJeIuBHF8i10dYMqQ3
 CIyPw3jFvZX34Uy45iOQOTYiDAl7Tragt9a5Yrr0tKpWoSrxbBcQRRaXIHLCucKbwlJep4
 uHUbhg3syJGvfEeHAk6FGln/oeBf+nCWX35T+UvLRjbld37KPm1KQzpn0djKc8EBRGEZFZ
 O2Aq2PSbL0CMOLG3mCDeIQgYSBIP+Uo29qldDfp56H5OE9KWJi9AmbYJJY79TQ==
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Date: Sun,  7 Jul 2024 20:47:29 +0200
Message-ID: <20240707184729.3525852-6-michael@niedermayer.cc>
X-Mailer: git-send-email 2.45.2
In-Reply-To: <20240707184729.3525852-1-michael@niedermayer.cc>
References: <20240707184729.3525852-1-michael@niedermayer.cc>
MIME-Version: 1.0
X-GND-Sasl: michael@niedermayer.cc
Subject: [FFmpeg-devel] [PATCH 6/6] avfilter/af_surround: Check
 av_channel_layout_channel_from_index() stays within the fixed array used
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
X-TUID: sHRCzum90B0C

Fixes: CID1516994 Out-of-bounds access
Fixes: CID1516996 Out-of-bounds access
Fixes: CID1516999 Out-of-bounds access

Sponsored-by: Sovereign Tech Fund
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/af_surround.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/libavfilter/af_surround.c b/libavfilter/af_surround.c
index e37dddc3614..fab39a37ea9 100644
--- a/libavfilter/af_surround.c
+++ b/libavfilter/af_surround.c
@@ -269,6 +269,9 @@ static int config_output(AVFilterLink *outlink)
 
     for (int ch = 0; ch < outlink->ch_layout.nb_channels; ch++) {
         float iscale = 1.f;
+        const int chan = av_channel_layout_channel_from_index(&s->out_ch_layout, ch);
+        if (chan >= FF_ARRAY_ELEMS(sc_map))
+            return AVERROR_PATCHWELCOME;
 
         ret = av_tx_init(&s->irdft[ch], &s->itx_fn, AV_TX_FLOAT_RDFT,
                          1, s->win_size, &iscale, 0);