[FFmpeg-devel] [PATCH] vp8: check for too large dimensions

Michael Niedermayer michaelni at gmx.at
Sun Jun 7 17:38:12 CEST 2015


On Sun, Jun 07, 2015 at 04:05:37PM +0200, Andreas Cadhalpun wrote:
> If the dimensions are too large, s->mb_width or s->mb_height can become
> too large, leading to an int16_t overflow of s->mv_max.{x,y}.
> 
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
>  libavcodec/vp8.c | 10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)



> 
> diff --git a/libavcodec/vp8.c b/libavcodec/vp8.c
> index dbba568..69cf138 100644
> --- a/libavcodec/vp8.c
> +++ b/libavcodec/vp8.c
> @@ -145,6 +145,8 @@ static VP8Frame *vp8_find_free_buffer(VP8Context *s)
>      return frame;
>  }
>  
> +#define MARGIN (16 << 2)
> +#define MAX_MB_SIZE (((INT16_MAX - MARGIN) >> 6) + 1)
>  static av_always_inline
>  int update_dimensions(VP8Context *s, int width, int height, int is_vp7)
>  {
> @@ -160,6 +162,13 @@ int update_dimensions(VP8Context *s, int width, int height, int is_vp7)
>              return ret;
>      }
>  
> +    if (s->avctx->coded_width  > MAX_MB_SIZE * 16 ||
> +        s->avctx->coded_height > MAX_MB_SIZE * 16) {
> +            av_log(s->avctx, AV_LOG_ERROR, "too large dimensions %dx%d\n",
> +                   s->avctx->coded_width, s->avctx->coded_height);
> +            return AVERROR_INVALIDDATA;

iam not sure this should be AVERROR_INVALIDDATA or PATCHWELCOME

but this patch or clamping the MV min/max to the 16bit range to avoid
overflows should be ok.

thanks

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150607/89c497ae/attachment.asc>


More information about the ffmpeg-devel mailing list