[FFmpeg-devel] [PATCH 2/4] Implement ocv_dilate libopencv filter wrapper.
Stefano Sabatini
stefano.sabatini-lala
Mon Nov 15 15:34:28 CET 2010
On date Friday 2010-11-12 23:10:08 +0100, Michael Niedermayer encoded:
> On Wed, Nov 10, 2010 at 11:14:43PM +0100, Stefano Sabatini wrote:
> > On date Saturday 2010-10-30 12:58:09 +0200, Michael Niedermayer encoded:
> > > On Sun, Oct 10, 2010 at 06:50:00PM +0200, Stefano Sabatini wrote:
> > [...]
> > > > vf_libopencv.c | 131 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > > > 1 file changed, 131 insertions(+)
> > > > 203ad47ad53a8be3e06fbad25345db7e34c2296c 0002-Add-dilate-libopencv-filter.patch
> > > > From c182720ef3042269cb580f4bc1cd3d27a396ddcf Mon Sep 17 00:00:00 2001
> > > > From: Stefano Sabatini <stefano.sabatini-lala at poste.it>
> > > > Date: Sat, 2 Oct 2010 17:03:38 +0200
> > > > Subject: [PATCH 2/3] Add dilate libopencv filter.
> > > >
> > > > ---
> > > > libavfilter/vf_libopencv.c | 131 ++++++++++++++++++++++++++++++++++++++++++++
> > > > 1 files changed, 131 insertions(+), 0 deletions(-)
> > > >
> > > > diff --git a/libavfilter/vf_libopencv.c b/libavfilter/vf_libopencv.c
> > > > index 0e3da4d..4f787ad 100644
> > > > --- a/libavfilter/vf_libopencv.c
> > > > +++ b/libavfilter/vf_libopencv.c
> > > > @@ -127,6 +127,136 @@ static void smooth_end_frame_filter(AVFilterContext *ctx, IplImage *inimg, IplIm
> > > > cvSmooth(inimg, outimg, smooth->type, smooth->param1, smooth->param2, smooth->param3, smooth->param4);
> > > > }
> > > >
> > >
> > > > +static int read_shape_from_file(int *cols, int *rows, int **values, const char *filename, void *log_ctx)
> > > > +{
> > > > + char *p, *buf;
> > > > + size_t size;
> > > > + int i, j, w;
> > > > + FILE *f = fopen(filename, "rb");
> > >
> > > Should use URLProtocol
> >
> > I don't want to add a dependency on libavformat just for reading a
> > file.
>
> i see your point, so if you prefer it that way ...
>
> [...]
> > vf_libopencv.c | 158 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > 1 file changed, 158 insertions(+)
> > 7c4456cf4858535dfde85b4515ae3e06e33fd518 0002-Add-dilate-libopencv-filter.patch
> > From 2d1ca6f015b6cc7f5c5c5994443b86039bbb7737 Mon Sep 17 00:00:00 2001
> > From: Stefano Sabatini <stefano.sabatini-lala at poste.it>
> > Date: Sat, 2 Oct 2010 17:03:38 +0200
> > Subject: [PATCH 2/4] Add dilate libopencv filter.
> >
> > ---
> > libavfilter/vf_libopencv.c | 158 ++++++++++++++++++++++++++++++++++++++++++++
> > 1 files changed, 158 insertions(+), 0 deletions(-)
> >
> > diff --git a/libavfilter/vf_libopencv.c b/libavfilter/vf_libopencv.c
> > index 0e3da4d..48e9dc2 100644
> > --- a/libavfilter/vf_libopencv.c
> > +++ b/libavfilter/vf_libopencv.c
> > @@ -23,6 +23,8 @@
> > * libopencv wrapper functions
> > */
> >
> > +/* #define DEBUG */
> > +
> > #include <opencv/cv.h>
> > #include <opencv/cxtypes.h>
> > #include "avfilter.h"
> > @@ -127,6 +129,161 @@ static void smooth_end_frame_filter(AVFilterContext *ctx, IplImage *inimg, IplIm
> > cvSmooth(inimg, outimg, smooth->type, smooth->param1, smooth->param2, smooth->param3, smooth->param4);
> > }
> >
> > +static int read_shape_from_file(int *cols, int *rows, int **values, const char *filename, void *log_ctx)
> > +{
> > + char *p, *buf;
> > + size_t size;
> > + int i, j, w;
> > + FILE *file = fopen(filename, "rb");
> > +
> > + *cols = *rows = 0;
> > +
> > + if (!file) {
> > + av_log(log_ctx, AV_LOG_ERROR, "Cannot read file '%s': %s\n", filename, strerror(errno));
> > + return AVERROR(errno);
> > + }
>
> > + fseek(file, 0, SEEK_END);
> > + size = ftell(file);
> > + fseek(file, 0, SEEK_SET);
>
> we probably want this av_fsize() in libavutil
>
>
> > + buf = av_malloc(size + 1);
> > + if (!buf) {
> > + fclose(file);
> > + return AVERROR(ENOMEM);
> > + }
> > + fread(buf, 1, size, file);
>
> this looks exploitable or will at least crash
I don't know what you're talking about. Note that this is the same
code as cmdutils.c:read_file.
> > + buf[size++] = 0;
> > + fclose(file);
> > +
> > + /* prescan file to get the number of lines and the maximum width */
> > + w = 0;
> > + for (i = 0; i < size; i++) {
> > + if (buf[i] == '\n') {
> > + if (++(*rows) <= 0) {
> > + av_log(log_ctx, AV_LOG_ERROR, "Overflow on the number of rows in the file\n");
> > + return AVERROR(EINVAL);
> > + }
> > + *cols = FFMAX(*cols, w);
> > + w = 0;
> > + } else if (++w <= 0) {
> > + av_log(log_ctx, AV_LOG_ERROR, "Overflow on the number of columns in the file\n");
> > + return AVERROR(EINVAL);
> > + }
>
> these tests are useless signed overflow is undefined, any good compiler should
> remove these tests and you still get the overflow and whatever happens without
> them triggering
Is:
if (*rows == INT_MAX) {
av_log(log_ctx, AV_LOG_ERROR, "Overflow on the number of rows in the file\n");
return AVERROR(EINVAL);
}
++(*rows);
OK?
[...]
> > + if (*rows > sizeof(int) * INT_MAX / *cols) {
>
> 4*INT_MAX
> is this a joke?
changed to something saner:
if (*rows > (INT_MAX / (sizeof(int)) / *cols)) {
av_log(log_ctx, AV_LOG_ERROR, "File with size %dx%d is too big\n",
*rows, *cols);
return AVERROR_INVALIDDATA;
}
if (!(*values = av_mallocz(sizeof(int) * *rows * *cols)))
...
[...]
--
FFmpeg = Formidable and Fanciful MultiPurpose Extreme Guru
More information about the ffmpeg-devel
mailing list