[FFmpeg-devel] [PATCH] avcodec/tiff: Fix integer overflows in left shift in init_image()
Michael Niedermayer
michael at niedermayer.cc
Tue Nov 27 03:50:17 EET 2018
On Mon, Nov 26, 2018 at 12:08:27PM +0100, Tomas Härdin wrote:
> mån 2018-11-26 klockan 02:57 +0100 skrev Michael Niedermayer:
> > Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
> > Fixes: 11377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5694319101476864
> >
> > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> > libavcodec/tiff.c | 12 ++++++------
> > 1 file changed, 6 insertions(+), 6 deletions(-)
> >
> > diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
> > index 6271c937c3..751f23ef33 100644
> > --- a/libavcodec/tiff.c
> > +++ b/libavcodec/tiff.c
> > @@ -706,7 +706,7 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
> > s->avctx->pix_fmt = s->palette_is_set ? AV_PIX_FMT_PAL8 : AV_PIX_FMT_GRAY8;
> > break;
> > case 10081:
> > - switch (s->pattern[0] | (s->pattern[1] << 8) | (s->pattern[2] << 16) | (s->pattern[3] << 24)) {
> > + switch (AV_RL32(s->pattern)) {
> > case 0x02010100:
> > s->avctx->pix_fmt = AV_PIX_FMT_BAYER_RGGB8;
> > break;
> > @@ -721,12 +721,12 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
> > break;
> > default:
> > av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
> > - s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24);
> > + AV_RL32(s->pattern));
> > return AVERROR_PATCHWELCOME;
> > }
> > break;
> > case 10121:
> > - switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24) {
> > + switch (AV_RL32(s->pattern)) {
> > case 0x02010100:
> > s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : AV_PIX_FMT_BAYER_RGGB16BE;
> > break;
> > @@ -741,12 +741,12 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
> > break;
> > default:
> > av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
> > - s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24);
> > + AV_RL32(s->pattern));
> > return AVERROR_PATCHWELCOME;
> > }
> > break;
> > case 10161:
> > - switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24) {
> > + switch (AV_RL32(s->pattern)) {
> > case 0x02010100:
> > s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : AV_PIX_FMT_BAYER_RGGB16BE;
> > break;
> > @@ -761,7 +761,7 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
> > break;
> > default:
> > av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
> > - s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | s->pattern[3] << 24);
> > + AV_RL32(s->pattern));
>
> This is much nicer :)
will apply
thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Frequently ignored answer#1 FFmpeg bugs should be sent to our bugtracker. User
questions about the command line tools should be sent to the ffmpeg-user ML.
And questions about how to use libav* should be sent to the libav-user ML.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20181127/5d2de160/attachment.sig>
More information about the ffmpeg-devel
mailing list