[FFmpeg-devel] [PATCH 10/10] Add av_image_alloc() and use it in avfilter_default_get_video_buffer().

Michael Niedermayer michaelni
Sun Nov 14 20:22:06 CET 2010 

On Sun, Nov 14, 2010 at 12:26:40PM +0100, Stefano Sabatini wrote:
> On date Sunday 2010-11-14 01:02:00 +0100, Michael Niedermayer encoded:
> > On Tue, Nov 09, 2010 at 11:55:44PM +0100, Stefano Sabatini wrote:
> > > On date Saturday 2010-11-06 01:50:35 +0100, Stefano Sabatini encoded:
> > > > On date Friday 2010-11-05 15:17:41 +0100, Stefano Sabatini encoded:
> > > > > ---
> > > > >  libavcore/imgutils.c   |   25 +++++++++++++++++++++++++
> > > > >  libavcore/imgutils.h   |   11 +++++++++++
> > > > >  libavfilter/defaults.c |   16 ++--------------
> > > > >  3 files changed, 38 insertions(+), 14 deletions(-)
> > > > 
> > > > Update with some fixes.
> > > 
> > > New update + bonus patch.
> > > 
> > > BTW I wonder, should we deprecate the avpicture API?
> > > -- 
> > > FFmpeg = Frenzy Faithless Merciful Pitiless Extensive Guru
> > 
> > >  libavcore/imgutils.c   |   27 +++++++++++++++++++++++++++
> > >  libavcore/imgutils.h   |   11 +++++++++++
> > >  libavfilter/defaults.c |   17 +++--------------
> > >  3 files changed, 41 insertions(+), 14 deletions(-)
> > > 9eba9b12a7f2f0d74e973fc4ca94731405c83007  0004-Implement-av_image_alloc-and-use-it-in.patch
> > > From 7b9fc086117b9f4d7b308f070bd322dfd695b240 Mon Sep 17 00:00:00 2001
> > > From: Stefano Sabatini <stefano.sabatini-lala at poste.it>
> > > Date: Sun, 7 Nov 2010 16:51:50 +0100
> > > Subject: [PATCH 4/9] Implement av_image_alloc() and use it in
> > >  avfilter_default_get_video_buffer().
> > > 
> > > ---
> > >  libavcore/imgutils.c   |   27 +++++++++++++++++++++++++++
> > >  libavcore/imgutils.h   |   11 +++++++++++
> > >  libavfilter/defaults.c |   17 +++--------------
> > >  3 files changed, 41 insertions(+), 14 deletions(-)
> > > 
> > > diff --git a/libavcore/imgutils.c b/libavcore/imgutils.c
> > > index 554639f..a2c3c7d 100644
> > > --- a/libavcore/imgutils.c
> > > +++ b/libavcore/imgutils.c
> > > @@ -161,6 +161,33 @@ int ff_set_systematic_pal2(uint32_t pal[256], enum PixelFormat pix_fmt)
> > >      return 0;
> > >  }
> > >  
> > > +int av_image_alloc(uint8_t *pointers[4], int linesizes[4],
> > > +                   int w, int h, enum PixelFormat pix_fmt, int align)
> > > +{
> > > +    int i, ret;
> > > +    uint8_t *buf;
> > > +
> > > +    if ((ret = av_image_fill_linesizes(linesizes, pix_fmt, w)) < 0)
> > > +        return ret;
> > > +
> > > +    for (i = 0; i < 4; i++)
> > > +        linesizes[i] = FFALIGN(linesizes[i], align);
> > > +
> > > +    if ((ret = av_image_fill_pointers(pointers, pix_fmt, h, NULL, linesizes)) < 0)
> > > +        return ret;
> > 
> > av_image_fill_pointers() does not seem to check w/h being valid and thus may
> > be exploitable
> 
> Added av_image_check_size() check, I don't know if we should add to
> the function params a log_offset and log_ctx, or simply disable
> logging in all cases.
> 
> Also I see a function:
> int av_image_get_size(int linesizes[4], int w, int h, enum PixFmt pix_fmt, int align);
> 
> may be useful as well.
> -- 
> FFmpeg = Fascinating and Faithless Moronic Plastic Excellent Ghost

>  libavcore/imgutils.c   |   29 +++++++++++++++++++++++++++++
>  libavcore/imgutils.h   |   11 +++++++++++
>  libavfilter/defaults.c |   17 +++--------------
>  3 files changed, 43 insertions(+), 14 deletions(-)
> 7b6e0f3d7edb8b14b71429036913e6574b187fa8  0002-Implement-av_image_alloc-and-use-it-in.patch
> From 7f62492ee5a9ce930b37fd2f6d6e6d2dde2d8ccb Mon Sep 17 00:00:00 2001
> From: Stefano Sabatini <stefano.sabatini-lala at poste.it>
> Date: Sun, 7 Nov 2010 16:51:50 +0100
> Subject: [PATCH 2/7] Implement av_image_alloc() and use it in
>  avfilter_default_get_video_buffer().
> 
> ---
>  libavcore/imgutils.c   |   29 +++++++++++++++++++++++++++++
>  libavcore/imgutils.h   |   11 +++++++++++
>  libavfilter/defaults.c |   17 +++--------------
>  3 files changed, 43 insertions(+), 14 deletions(-)
> 
> diff --git a/libavcore/imgutils.c b/libavcore/imgutils.c
> index 554639f..3f7df7a 100644
> --- a/libavcore/imgutils.c
> +++ b/libavcore/imgutils.c
> @@ -161,6 +161,35 @@ int ff_set_systematic_pal2(uint32_t pal[256], enum PixelFormat pix_fmt)
>      return 0;
>  }
>  
> +int av_image_alloc(uint8_t *pointers[4], int linesizes[4],
> +                   int w, int h, enum PixelFormat pix_fmt, int align)
> +{
> +    int i, ret;
> +    uint8_t *buf;
> +
> +    if ((ret = av_image_check_size(w, h, 0, NULL)) < 0)
> +        return ret;

thats the wrong place to check,
av_image_fill_linesizes and av_image_fill_pointers still will fail if they are
used with too large w/h i think

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Dictatorship naturally arises out of democracy, and the most aggravated
form of tyranny and slavery out of the most extreme liberty. -- Plato
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101114/0233c5f1/attachment.pgp>

More information about the ffmpeg-devel mailing list