[FFmpeg-devel] [RFC] ignore invalid user-supplied width/height

[Reimar Döffinger]

On Thu, Sep 02, 2010 at 11:04:22AM +0200, Michael Niedermayer wrote:
> On Tue, Aug 31, 2010 at 09:49:33PM +0200, Reimar D?ffinger wrote:
> > most video codecs will figure out a width/height themselves or fail
> > if they can't.
> > So IMO it is better not to fail for invalid values in avcodec_open but
> > instead just ignore the values by using the "default" of 0.
> > Otherwise applications would have to manually check the values with
> > av_check_image_size if they want the video to remain playable even
> > if the container values were corrupted.
> > Any objections?
> 
> yes, this change will leave invalid values in width/height and has a
> good chance that this may be exploitable with some decoder

Yes, that was quite silly.
Any other comment?

Index: libavcodec/utils.c
===================================================================
--- libavcodec/utils.c  (revision 25017)
+++ libavcodec/utils.c  (working copy)
@@ -485,10 +485,17 @@
     else if(avctx->width && avctx->height)
         avcodec_set_dimensions(avctx, avctx->width, avctx->height);
 
+    if ((avctx->coded_width || avctx->coded_height)
+        && av_check_image_size(avctx->coded_width, avctx->coded_height, 0, avctx) < 0) {
+        av_log(avctx, AV_LOG_WARNING, "ignoring invalid width/height values\n");
+        avctx->width        =
+        avctx->height       =
+        avctx->coded_width  =
+        avctx->coded_height = 0;
+    }
+
 #define SANE_NB_CHANNELS 128U
-    if (((avctx->coded_width || avctx->coded_height)
-        && av_check_image_size(avctx->coded_width, avctx->coded_height, 0, avctx))
-        || avctx->channels > SANE_NB_CHANNELS) {
+    if (avctx->channels > SANE_NB_CHANNELS) {
         ret = AVERROR(EINVAL);
         goto free_and_end;
     }