From patchwork Thu May 6 05:13:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tsutomu Seki X-Patchwork-Id: 27610 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a6b:6109:0:0:0:0:0 with SMTP id v9csp992895iob; Wed, 5 May 2021 22:39:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyZXC/oqXxBHjgZC2BzxLg7hsgMk3CiQ7qNukVm7WaQLfJ8qdbIhUN/iNxKj7g7ufVgMNlP X-Received: by 2002:a17:906:ecf4:: with SMTP id qt20mr2487250ejb.59.1620279539855; Wed, 05 May 2021 22:38:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1620279539; cv=none; d=google.com; s=arc-20160816; b=MuPUjAxpU/NaEjb6WaQyU8XdP54LDYVh52I40/yT8K0M8P1JmmtjOn3HzqjQ4PvCHz 1Vtgoc0TEIL24L8lZ50wtfhzzMHSSsp9J1aWc52D7+sM46bjkhe1ioAB+uHrhbCcEY+G hdLoZAXv9oxcYEwZ4+FVdYwkkHWMxli35lK8b73bf0mEPbNwcR8SKQO2nCQt46Mwopw8 EkZndk7cQu3z0zS4HSn1MgkDJIdCYvIn8GMcAoyvrQOob7/+amz58BJw5d8tSiQ75v7e GrJGzMs7dU9ka6NjO7DFWPRCCbIhu1dx6s61gtFSorPCdEfHt8U/Quu8dh+yRTXEsuFR 8OhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:reply-to:list-subscribe :list-help:list-post:list-archive:list-unsubscribe:list-id :precedence:subject:to:message-id:date:from:mime-version :dkim-signature:delivered-to; bh=RFqqHMyJHyco4mdPZvrA+08z/TqrlQVasgdefKswsFQ=; b=DkSLU1QGjjRPco+N/PgyeeVoTtaB9iiO+zA+i7YvTs68kOpwgLijLCi10/4+/Xenlx L61uVaEaV5TKXq7QMTKf5x48hWtwnbHGOb1Y/4unqtTpLk4XRqfrkGWAalJy+IfKrwEA Ans+LCLN8sm1DR/f50CEW2zkuC0f7LHyuvlVeewWPur4NOOCpwkJR9fp+B6+0h1/vmSv rbM+7VyROqfNxj7YP7ZF9ynH+Qau/zsKPQgcereABKFxJ2sqphwZ7pWksMQ6CJhORSN9 gX1lFl1ru7K58GJ7/2mYqDlefdL6JO9yEQh8q7MByVAUySfS0UA8tA64uiK6SVdTqoLk fNMA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=qAkxkRBa; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id v20si1380128edc.437.2021.05.05.22.38.59; Wed, 05 May 2021 22:38:59 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com header.s=20161025 header.b=qAkxkRBa; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C5CF1680267; Thu, 6 May 2021 08:38:56 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-ot1-f47.google.com (mail-ot1-f47.google.com [209.85.210.47]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 55972680267 for ; Thu, 6 May 2021 08:38:50 +0300 (EEST) Received: by mail-ot1-f47.google.com with SMTP id g4-20020a9d6b040000b029029debbbb3ecso3892291otp.7 for ; Wed, 05 May 2021 22:38:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=dN4n5fe90CB+m2NCGnbhRUW5rjUnpL+SsAmG48yfuQc=; b=qAkxkRBaO9pWFYDhhvMbB8VYT53rom10uWSUcherGSVxB+3Sl2Tda7FfMDlXlunL2d 5/Ive6hPffNHb9dwObggG1IKAoTxldpKaWq0PjsA9RRid1zVLLSpHAlX6tSFfUCDidAh 3G2IL2IVE0yz+enBSaDSnGAs/+VFsehdbVy7kZwnMTYl3YXMXdHOiGWzdi2WeUwD0mjA t21TjhneGItaWZtIyJUTirfSr1mzSeIpICo26XgpuBza3PX9rt+KYHZ8Wwvza72Q6yPw LL8BUgeeAsg5lfF96mw24ubcypuQAXfvoJ1CnVgIWZpsMW44Z4CBEa/YMhbp0AvBp1Ti Qw0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=dN4n5fe90CB+m2NCGnbhRUW5rjUnpL+SsAmG48yfuQc=; b=Y3NsLoLaBKY/PqFfnI7BG7hwpWD3Cz/JlrI4z6C/HbQMBPvxGuzRoKY0jf1s9sjipU MdRJFhQtA7oegegxKjYwbeaiNKOv6pXNWx3WtqEWZ8Zg8YUeoS7l0L0GXSkSewUxmjfr A2d820DEmboRTvWR4T6YnjI1q/kxZzUjPXfv89ottwiUzlqiD9qZ+2xeYfyD4c/nKk3c aRG2Ds+kyuYFx6K2S6kHx47E0N8RvH5ycmBAordqjuTAY7Em1Evrkbk6A5m2wzdcIuTo KQJtoURrUX7kPOUtyn7gKJsdqn3lHP5r7F/AMA0A0HBh38obJMroUqk9I/FihdnTsoVE REMg== X-Gm-Message-State: AOAM5328VWUl6XAfeSoiv1w1NSRHIKnAgQbjoHmyPPXUGSy6IjKhcISr i1IIAjZlJGcbDjEItCS9NYF60evpjmaT1L1fBxVabyR+mm8= X-Received: by 2002:a05:6830:813:: with SMTP id r19mr1946218ots.224.1620278006329; Wed, 05 May 2021 22:13:26 -0700 (PDT) MIME-Version: 1.0 From: Tsutomu Seki Date: Thu, 6 May 2021 14:13:15 +0900 Message-ID: To: ffmpeg-devel@ffmpeg.org Subject: [FFmpeg-devel] [PATCH] avfilter/opencl: Fix program_opencl for source code larger than 64kB X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: GRHnkETykgTd avfilter/opencl: Fix program_opencl for source code larger than 64kB libavfilter/opencl.c:253: while (1) { rb = fread(src + pos, 1, len - pos - 1, file); if (rb == 0 && ferror(file)) { err = AVERROR(EIO); goto fail; } pos += rb; if (pos < len) break; len <<= 1; err = av_reallocp(&src, len); if (err < 0) goto fail; } In this code, the condition (pos < len) is always true and the rest of the OpenCL program code would not be read, while the maximum number of "rb" is "len - pos - 1", and then, the maximum number of the "pos" is "len - 1". Fixes: trac.ffmpeg.org/ticket/9217 --- libavfilter/opencl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) err = av_reallocp(&src, len); diff --git a/libavfilter/opencl.c b/libavfilter/opencl.c index 9c46cfdc09..8f05696e62 100644 --- a/libavfilter/opencl.c +++ b/libavfilter/opencl.c @@ -257,7 +257,7 @@ int ff_opencl_filter_load_program_from_file(AVFilterContext *avctx, goto fail; } pos += rb; - if (pos < len) + if (pos + 1 < len) break; len <<= 1;