From patchwork Wed Mar 24 00:53:52 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26579 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 18F7944B30D for ; Wed, 24 Mar 2021 02:54:10 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id DAC7168AA90; Wed, 24 Mar 2021 02:54:09 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ed1-f52.google.com (mail-ed1-f52.google.com [209.85.208.52]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 47D4168A8F8 for ; Wed, 24 Mar 2021 02:54:04 +0200 (EET) Received: by mail-ed1-f52.google.com with SMTP id b16so25678882eds.7 for ; Tue, 23 Mar 2021 17:54:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:reply-to:mime-version :content-transfer-encoding; bh=aXYsUh/sEKFaxuG90mUs5RYs1P4BLXNCVTPnNTlVthk=; b=bLvl5/+SGaJp2nHjkpCfJ+zljX0o5c67Iq+2OfvfncoWkZej2lkj9wPbGtviZnTjDw z15Vo3xhU03rWURoUZGCKMFSc6lZByGIIKRwk3baUnDP6uN9oAs6u+d9UTNZVzU89V+v ako35tpvj/ghQ9opij1RR0EWmwkuHhCw8RNhffi6yqbmyOHtyeE5rn+OJo9A9AS97Khw fzV8675BBTFuHjsF565rtlvQcz9BInXjCnlT3PsFEzgUc+fIWWBQ1uQD70Mcc9o9Gdzs iMUbf/D/Jq3Cn2FVSgakMkexu0KcvyX2VoYcKOibGJLMX+RQEFRI7pKXRGD1gcMPoIRE xdFg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :mime-version:content-transfer-encoding; bh=aXYsUh/sEKFaxuG90mUs5RYs1P4BLXNCVTPnNTlVthk=; b=l0+BmHKkahm6xMyORLHJr2WmilNZtzryCPVm9D3ypGyFc3r3scPR+JRC/NlBszJ37H +fIcx1r6Nrm1JUycstXzUM6EsTB+riK0r85oe5up8TCQoAsulx6eVm9uYeQtg4aGAHCT EYq8L8VoAzPwoklZTWRJuxx2K1FY7Pxh8Ks8BE4biPVwG+zN/QveRJD7Az6C3Tp28Eux ThVPl//JqvmrCL6jrURNRNhkMC5kLWLeFYbfrBFFyNEvjkekY9N+61m41rJSjuyho8uX 3Uxqd1ElI/MHUCPGoAg7aa8GIl7oN3l6ySEEL5Ttl4tdN4qq2Zhn+6DgZVn1YcZb34AM Y/Ew== X-Gm-Message-State: AOAM531+vaa/31lBT3KkrAhVDqSwSefRUiVgXotiDI3Y95T/8LQB2O6D ooPvZ2vv3slwKpDYOTcXxcvw3o8elRmoHQ== X-Google-Smtp-Source: ABdhPJywx5x2IOdUo5TT6NVyYNt3s6y7U3TMMKnpylc0agvmjoZ/PBxTFj3c4JC8uGZlTzAezeuftg== X-Received: by 2002:aa7:db95:: with SMTP id u21mr622293edt.152.1616547243498; Tue, 23 Mar 2021 17:54:03 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc08960.dynamic.kabel-deutschland.de. [188.192.137.96]) by smtp.gmail.com with ESMTPSA id m9sm162512ejo.65.2021.03.23.17.54.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Mar 2021 17:54:02 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 24 Mar 2021 01:53:52 +0100 Message-Id: <20210324005354.1688230-1-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.27.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 1/3] avformat/utils: Remove redundant check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" This check is outdated because the caller doesn't need to check that the multiplication overflows when using av_realloc_array() (the code in question used av_realloc() before that); furthermore, the check is also a remnant of the time in which our allocation functions didn't use size_t parameters. Signed-off-by: Andreas Rheinhardt --- It would btw make more sense for AVFormatContext.max_streams to be unsigned. libavformat/utils.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/libavformat/utils.c b/libavformat/utils.c index 524765aeb4..88f6f18f1f 100644 --- a/libavformat/utils.c +++ b/libavformat/utils.c @@ -4493,9 +4493,10 @@ AVStream *avformat_new_stream(AVFormatContext *s, const AVCodec *c) int i; AVStream **streams; - if (s->nb_streams >= FFMIN(s->max_streams, INT_MAX/sizeof(*streams))) { - if (s->max_streams < INT_MAX/sizeof(*streams)) - av_log(s, AV_LOG_ERROR, "Number of streams exceeds max_streams parameter (%d), see the documentation if you wish to increase it\n", s->max_streams); + if (s->nb_streams >= s->max_streams) { + av_log(s, AV_LOG_ERROR, "Number of streams exceeds max_streams parameter" + " (%d), see the documentation if you wish to increase it\n", + s->max_streams); return NULL; } streams = av_realloc_array(s->streams, s->nb_streams + 1, sizeof(*streams)); From patchwork Wed Mar 24 00:53:53 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26580 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 3CF4A448F52 for ; Wed, 24 Mar 2021 02:54:30 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2198D68AAD0; Wed, 24 Mar 2021 02:54:30 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f53.google.com (mail-ej1-f53.google.com [209.85.218.53]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9DF8868A936 for ; Wed, 24 Mar 2021 02:54:23 +0200 (EET) Received: by mail-ej1-f53.google.com with SMTP id kt15so20616994ejb.12 for ; Tue, 23 Mar 2021 17:54:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=Z70ygljNL+927JbvTkx/NTZuEzG5LCZEZOBedNFy+pk=; b=QxCpOdu/xhyyOZNSJ3oVMZMmr+OtwtoU6twmfgRWv02IFGusBuzyHn3cYDn/rJzshN SMJbFOOXw5lx6/GjBK7WxVBT+bSTsZdKDZdhklghm99ziqAi9poyjX/b+df3ldeAqpNa a76VELVewW8odkq6ClsS7JNymW9/FKTVhWGMHQuXkmEpXWhd34RhCJIlDozvItucQ/Lb xvkAJ4P0nFJ6rDsDrRVb2Awqao3r5xJ+hI0ntc3d61oGZ6LAqk9sOtHhX5SqM7TQraFn tFaVM2xwaLbMSvLRzVd1icg+wWD+r12nTgiJrVZN6AZQ5RYHE725fzVYJ9LLUW4WD0sB c13Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=Z70ygljNL+927JbvTkx/NTZuEzG5LCZEZOBedNFy+pk=; b=S52yTyze6uieabDAFn2Ma5LSi5sDkHdXV9NTeZmq2nyG9DeTo1NpjXhS5Man67DOxr aSQ/7BARRzB0LVEbwkIwL0L+K4DgcXFv2GayhkxP3L8FX0CueLM8X0rH+LQWw56ZSV+/ OYbrEOw/NrUXV1orUqyMDcaikE4UcbSmLAM497YpvQrGCGs6GsAuaxa/jWafYOktX8Q/ FUEXgjddnZxUutZihOdPvUxUgXHcxADSqSD/XkDO3w3ADd5E02WFSM8Wt2m51z020gRo oPQeBfHCl/AYKIUOmmd2UTRntTBkJtaRhAnbYuEHs0q0VSqp0GuBKPKtJAtNjMmll0Oj nPoA== X-Gm-Message-State: AOAM533Ee9krvyDYZqSa5ASB0z9smUlJIG10GBZUvq78VInr5n3tYThC +RV3x5JfWg9GOwp9molkV0tIcuxrNCuUmw== X-Google-Smtp-Source: ABdhPJx2v6Rmqf/d1amdAuDv43rRH3Y9pVJpxTI9joVRhxcEP7OOuqTpihIv2F7BX2975V344mtMOg== X-Received: by 2002:a17:906:3d62:: with SMTP id r2mr868683ejf.488.1616547262892; Tue, 23 Mar 2021 17:54:22 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc08960.dynamic.kabel-deutschland.de. [188.192.137.96]) by smtp.gmail.com with ESMTPSA id m9sm162512ejo.65.2021.03.23.17.54.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Mar 2021 17:54:22 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 24 Mar 2021 01:53:53 +0100 Message-Id: <20210324005354.1688230-2-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210324005354.1688230-1-andreas.rheinhardt@gmail.com> References: <20210324005354.1688230-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 2/3] avformat/segafilm: Remove outdated check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The check has been added at a time when the code performed the multiplication itself instead of deferring it to av_malloc_array() and when our allocation functions used unsigned instead of size_t. Signed-off-by: Andreas Rheinhardt --- libavformat/segafilm.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libavformat/segafilm.c b/libavformat/segafilm.c index 1225227138..675de00ed2 100644 --- a/libavformat/segafilm.c +++ b/libavformat/segafilm.c @@ -201,8 +201,6 @@ static int film_read_header(AVFormatContext *s) return AVERROR_INVALIDDATA; film->base_clock = AV_RB32(&scratch[8]); film->sample_count = AV_RB32(&scratch[12]); - if(film->sample_count >= UINT_MAX / sizeof(film_sample)) - return -1; film->sample_table = av_malloc_array(film->sample_count, sizeof(film_sample)); if (!film->sample_table) return AVERROR(ENOMEM); From patchwork Wed Mar 24 00:53:54 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andreas Rheinhardt X-Patchwork-Id: 26581 Return-Path: X-Original-To: patchwork@ffaux-bg.ffmpeg.org Delivered-To: patchwork@ffaux-bg.ffmpeg.org Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by ffaux.localdomain (Postfix) with ESMTP id 36EFB448F52 for ; Wed, 24 Mar 2021 02:54:31 +0200 (EET) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1CBB668AB27; Wed, 24 Mar 2021 02:54:31 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 54F2868A936 for ; Wed, 24 Mar 2021 02:54:24 +0200 (EET) Received: by mail-ej1-f49.google.com with SMTP id k10so30127114ejg.0 for ; Tue, 23 Mar 2021 17:54:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=1CLV4VForBD6yiJ/g2EF5vRQ/VdohmZThFgZanch730=; b=WQa+25lIkyIVyTZFvt5IAH4c+MSTGQzYI2YASBrx4cNXIwHS7pEd1VwLcqnZg3HTVb ChHWgm7Zung8kPhzLjYK3/eFxF46spI9t5gHZL3daKWdko0YwH48ZcHxNU2/FWIzR1UZ FkNzg9BEchGfHIT6RGVRIqexUzs76BP+67qBWMG7yVGkmK7e+x0zBjwJzzb98ucZl/Mm TEkIhziFigvGDT1y6anajWbC/A7XlHX0HCLxJnbb1AbXpavUZg9U+yA/v4FLM5yCDWaQ MxZ5Wrz39xcfESjYyqw2GP5BfABW9P8tRACUH2soatLyAhTLu01OoW7W71NUJUgHL6dR N5Xg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=1CLV4VForBD6yiJ/g2EF5vRQ/VdohmZThFgZanch730=; b=m7pb0xNM4WHDN/W+jA58cs3vr4iI2hDIra5A4vaHAClFmZ6DToFQEigadgmgUPz5F0 yF/kMMkEvFW5xOPc8ZYw4bJEXHT7nFwGp+r3N1TKBXGpxfHzCNzE0uP/4LZr6VrDeUF6 U/SqmwjQCP3oyV/5buv0h5qVjyRBS8amHbIW2ZAAq4moyxObbZ+aScnmliQ1WolBzqJ7 SrKsnZzpGpR0JfYccm5urNoXsPL1gLYzclRCmMoxmCNb/E7nzRPM/KoOQj/EdT/Q3u/y H/ak6f5MXLuP3syNC6f5ejSZpE2d6DAWcVyahtT10Y0yBhYG/ISNrQQCytkqp9Qc2C/G O1DA== X-Gm-Message-State: AOAM532dcuXDqYz1YE3eLFbRcn4rZR9RJVIBkoeVtBt9ZQmPpEpIfxiM mMfqxGQPsIPXg23XSCcqJl1roK/VfUb8RQ== X-Google-Smtp-Source: ABdhPJzN6SCIal+bXqkc45GdPdgkiex1uhJf4TNi0d1lquVv+1U3V/xPH40XCAxg1hxMAa+DJYBE2A== X-Received: by 2002:a17:906:354a:: with SMTP id s10mr878068eja.21.1616547263690; Tue, 23 Mar 2021 17:54:23 -0700 (PDT) Received: from sblaptop.fritz.box (ipbcc08960.dynamic.kabel-deutschland.de. [188.192.137.96]) by smtp.gmail.com with ESMTPSA id m9sm162512ejo.65.2021.03.23.17.54.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 23 Mar 2021 17:54:23 -0700 (PDT) From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Wed, 24 Mar 2021 01:53:54 +0100 Message-Id: <20210324005354.1688230-3-andreas.rheinhardt@gmail.com> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20210324005354.1688230-1-andreas.rheinhardt@gmail.com> References: <20210324005354.1688230-1-andreas.rheinhardt@gmail.com> MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH 3/3] avformat/sierravmd: Remove outdated check X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The check has been added at a time when the code performed the multiplication itself instead of deferring it to av_malloc_array() and when our allocation functions used unsigned instead of size_t. Signed-off-by: Andreas Rheinhardt --- libavformat/sierravmd.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/libavformat/sierravmd.c b/libavformat/sierravmd.c index 40bcb77986..11a883614f 100644 --- a/libavformat/sierravmd.c +++ b/libavformat/sierravmd.c @@ -186,10 +186,6 @@ static int vmd_read_header(AVFormatContext *s) vmd->frame_table = NULL; sound_buffers = AV_RL16(&vmd->vmd_header[808]); raw_frame_table_size = vmd->frame_count * 6; - if(vmd->frame_count * vmd->frames_per_block >= UINT_MAX / sizeof(vmd_frame) - sound_buffers){ - av_log(s, AV_LOG_ERROR, "vmd->frame_count * vmd->frames_per_block too large\n"); - return -1; - } raw_frame_table = av_malloc(raw_frame_table_size); vmd->frame_table = av_malloc_array(vmd->frame_count * vmd->frames_per_block + sound_buffers, sizeof(vmd_frame)); if (!raw_frame_table || !vmd->frame_table) {