[FFmpeg-devel] [PATCH 2/4] Implement ocv_dilate libopencv filter wrapper.

Michael Niedermayer michaelni
Fri Nov 12 23:10:08 CET 2010 

On Wed, Nov 10, 2010 at 11:14:43PM +0100, Stefano Sabatini wrote:
> On date Saturday 2010-10-30 12:58:09 +0200, Michael Niedermayer encoded:
> > On Sun, Oct 10, 2010 at 06:50:00PM +0200, Stefano Sabatini wrote:
> [...]
> > >  vf_libopencv.c |  131 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > >  1 file changed, 131 insertions(+)
> > > 203ad47ad53a8be3e06fbad25345db7e34c2296c  0002-Add-dilate-libopencv-filter.patch
> > > From c182720ef3042269cb580f4bc1cd3d27a396ddcf Mon Sep 17 00:00:00 2001
> > > From: Stefano Sabatini <stefano.sabatini-lala at poste.it>
> > > Date: Sat, 2 Oct 2010 17:03:38 +0200
> > > Subject: [PATCH 2/3] Add dilate libopencv filter.
> > > 
> > > ---
> > >  libavfilter/vf_libopencv.c |  131 ++++++++++++++++++++++++++++++++++++++++++++
> > >  1 files changed, 131 insertions(+), 0 deletions(-)
> > > 
> > > diff --git a/libavfilter/vf_libopencv.c b/libavfilter/vf_libopencv.c
> > > index 0e3da4d..4f787ad 100644
> > > --- a/libavfilter/vf_libopencv.c
> > > +++ b/libavfilter/vf_libopencv.c
> > > @@ -127,6 +127,136 @@ static void smooth_end_frame_filter(AVFilterContext *ctx, IplImage *inimg, IplIm
> > >      cvSmooth(inimg, outimg, smooth->type, smooth->param1, smooth->param2, smooth->param3, smooth->param4);
> > >  }
> > >
> > 
> > > +static int read_shape_from_file(int *cols, int *rows, int **values, const char *filename, void *log_ctx)
> > > +{
> > > +    char *p, *buf;
> > > +    size_t size;
> > > +    int i, j, w;
> > > +    FILE *f = fopen(filename, "rb");
> > 
> > Should use URLProtocol
> 
> I don't want to add a dependency on libavformat just for reading a
> file.

i see your point, so if you prefer it that way ...

[...]
>  vf_libopencv.c |  158 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 158 insertions(+)
> 7c4456cf4858535dfde85b4515ae3e06e33fd518  0002-Add-dilate-libopencv-filter.patch
> From 2d1ca6f015b6cc7f5c5c5994443b86039bbb7737 Mon Sep 17 00:00:00 2001
> From: Stefano Sabatini <stefano.sabatini-lala at poste.it>
> Date: Sat, 2 Oct 2010 17:03:38 +0200
> Subject: [PATCH 2/4] Add dilate libopencv filter.
> 
> ---
>  libavfilter/vf_libopencv.c |  158 ++++++++++++++++++++++++++++++++++++++++++++
>  1 files changed, 158 insertions(+), 0 deletions(-)
> 
> diff --git a/libavfilter/vf_libopencv.c b/libavfilter/vf_libopencv.c
> index 0e3da4d..48e9dc2 100644
> --- a/libavfilter/vf_libopencv.c
> +++ b/libavfilter/vf_libopencv.c
> @@ -23,6 +23,8 @@
>   * libopencv wrapper functions
>   */
>  
> +/* #define DEBUG */
> +
>  #include <opencv/cv.h>
>  #include <opencv/cxtypes.h>
>  #include "avfilter.h"
> @@ -127,6 +129,161 @@ static void smooth_end_frame_filter(AVFilterContext *ctx, IplImage *inimg, IplIm
>      cvSmooth(inimg, outimg, smooth->type, smooth->param1, smooth->param2, smooth->param3, smooth->param4);
>  }
>  
> +static int read_shape_from_file(int *cols, int *rows, int **values, const char *filename, void *log_ctx)
> +{
> +    char *p, *buf;
> +    size_t size;
> +    int i, j, w;
> +    FILE *file = fopen(filename, "rb");
> +
> +    *cols = *rows = 0;
> +
> +    if (!file) {
> +        av_log(log_ctx, AV_LOG_ERROR, "Cannot read file '%s': %s\n", filename, strerror(errno));
> +        return AVERROR(errno);
> +    }

> +    fseek(file, 0, SEEK_END);
> +    size = ftell(file);
> +    fseek(file, 0, SEEK_SET);

we probably want this av_fsize() in libavutil


> +    buf = av_malloc(size + 1);
> +    if (!buf) {
> +        fclose(file);
> +        return AVERROR(ENOMEM);
> +    }
> +    fread(buf, 1, size, file);

this looks exploitable or will at least crash


> +    buf[size++] = 0;
> +    fclose(file);
> +
> +    /* prescan file to get the number of lines and the maximum width */
> +    w = 0;
> +    for (i = 0; i < size; i++) {
> +        if (buf[i] == '\n') {
> +            if (++(*rows) <= 0) {
> +                av_log(log_ctx, AV_LOG_ERROR, "Overflow on the number of rows in the file\n");
> +                return AVERROR(EINVAL);
> +            }
> +            *cols = FFMAX(*cols, w);
> +            w = 0;
> +        } else if (++w <= 0) {
> +            av_log(log_ctx, AV_LOG_ERROR, "Overflow on the number of columns in the file\n");
> +            return AVERROR(EINVAL);
> +        }

these tests are useless signed overflow is undefined, any good compiler should
remove these tests and you still get the overflow and whatever happens without
them triggering


> +    }
> +    if (*rows > sizeof(int) * INT_MAX / *cols) {

4*INT_MAX
is this a joke?

ill review this once you looked over it while being awake ;)

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Frequently ignored awnser#1 FFmpeg bugs should be sent to our bugtracker. User
questions about the command line tools should be sent to the ffmpeg-user ML.
And questions about how to use libav* should be sent to the libav-user ML.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101112/1d404303/attachment.pgp>

More information about the ffmpeg-devel mailing list