[FFmpeg-devel] [PATCH] gifdec: use truncated width for image manipulation
Christophe Gisquet
christophe.gisquet at gmail.com
Sun Aug 17 21:47:25 CEST 2014
Hi,
2014-08-17 20:39 GMT+02:00 Michael Niedermayer <michaelni at gmx.at>:
>> + if (width > s->screen_width) {
>> + av_log(s->avctx, AV_LOG_ERROR, "Invalid image width.\n");
>> + return AVERROR_INVALIDDATA;
>> + }
>> + if (left + width > s->screen_width) {
>> + /* width must be kept around to avoid lzw vs line desync */
>> + pw = s->screen_width - left;
>> + av_log(s->avctx, AV_LOG_WARNING, "Image too wide by %d, truncating.\n",
>> + left + width - s->screen_width);
>> + } else {
>> + pw = width;
>> + }
>> + if (top + height > s->screen_height) {
>> + /* we don't care about the extra invisible lines */
>> + av_log(s->avctx, AV_LOG_WARNING, "Image too high by %d, truncating.\n",
>> + top + height - s->screen_height);
>> + height = s->screen_height - top;
>> + }
>
> i think these need a check for top >= s->screen_height and
> left >= s->screen_width
Because of integer wraparound/overflow/... and/or values being
potentially negative? If yes, I don't think it can happen:
left = bytestream2_get_le16u(&s->gb);
top = bytestream2_get_le16u(&s->gb);
width = bytestream2_get_le16u(&s->gb);
height = bytestream2_get_le16u(&s->gb);
And the conditions are then already part of the new checks, right?
--
Christophe
More information about the ffmpeg-devel
mailing list