[FFmpeg-devel] [PATCH 2/8] png: Don't fail when a packet is larger than INT_MAX

wm4 nfxjfg at googlemail.com
Mon Mar 30 17:11:05 CEST 2015


On Mon, 30 Mar 2015 13:49:08 +0000
Donny Yang <work at kota.moe> wrote:

> On 30 March 2015 at 02:48, Michael Niedermayer <michaelni at gmx.at> wrote:
> 
> > On Sun, Mar 29, 2015 at 11:05:41AM +0000, Donny Yang wrote:
> > > Signed-off-by: Donny Yang <work at kota.moe>
> > > ---
> > >  libavcodec/pngenc.c | 2 --
> > >  1 file changed, 2 deletions(-)
> > >
> > > diff --git a/libavcodec/pngenc.c b/libavcodec/pngenc.c
> > > index 3697dbb..bd3aae5 100644
> > > --- a/libavcodec/pngenc.c
> > > +++ b/libavcodec/pngenc.c
> > > @@ -373,8 +373,6 @@ static int encode_frame(AVCodecContext *avctx,
> > AVPacket *pkt,
> > >              enc_row_size +
> > >              12 * (((int64_t)enc_row_size + IOBUF_SIZE - 1) /
> > IOBUF_SIZE) // 12 * ceil(enc_row_size / IOBUF_SIZE)
> > >          );
> > > -    if (max_packet_size > INT_MAX)
> > > -        return AVERROR(ENOMEM);
> >
> > the check is neccessary to prevent potential integer overflows
> >
> 
> Doesn't ffmpeg support memory allocations of greater than 4 GiB?
> I thought it did because the memory allocation functions either accept an
> int64_t or size_t...

No. The codebase is so rotten, libavutil/mem.c even limits memory
allocations to INT_MAX. In your specific case the problem is that
AVPacket.size is an int.


More information about the ffmpeg-devel mailing list