[FFmpeg-devel] [PATCH 1/3] avcodec/ass: Faster ff_ass_add_rect()

Michael Niedermayer michael at niedermayer.cc
Mon Dec 20 18:48:29 EET 2021 

On Mon, Dec 20, 2021 at 01:39:47AM +0100, Andreas Rheinhardt wrote:
> Michael Niedermayer:
> > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > ---
> >  libavcodec/ass.c | 33 +++++++++++++++++++++++++++------
> >  libavcodec/ass.h |  7 +++++++
> >  2 files changed, 34 insertions(+), 6 deletions(-)
> > 
> > diff --git a/libavcodec/ass.c b/libavcodec/ass.c
> > index 725e4d42ba1..06714678722 100644
> > --- a/libavcodec/ass.c
> > +++ b/libavcodec/ass.c
> > @@ -114,17 +114,31 @@ char *ff_ass_get_dialog(int readorder, int layer, const char *style,
> >                         speaker ? speaker : "", text);
> >  }
> >  
> > -int ff_ass_add_rect(AVSubtitle *sub, const char *dialog,
> > +int ff_ass_add_rect2(AVSubtitle *sub, const char *dialog,
> >                      int readorder, int layer, const char *style,
> > -                    const char *speaker)
> > +                    const char *speaker, unsigned *nb_rect_allocated)
> >  {
> > -    AVSubtitleRect **rects, *rect;
> > +    AVSubtitleRect **rects = sub->rects, *rect;
> >      char *ass_str;
> > +    uint64_t new_nb = 0;
> >  
> > -    rects = av_realloc_array(sub->rects, sub->num_rects+1, sizeof(*sub->rects));
> > -    if (!rects)
> > +    if (sub->num_rects >= UINT_MAX)
> >          return AVERROR(ENOMEM);
> > -    sub->rects = rects;
> > +
> > +    if (nb_rect_allocated && *nb_rect_allocated <= sub->num_rects) {
> > +        new_nb = FFMIN(sub->num_rects + sub->num_rects/16LL + 1, UINT_MAX);
> 
> This presumes that unsigned is not 64bits itself; I have no problem with
> this, so LGTM from me. Others may disagree.

if unsigned is 64bit how would you exploit this ?

for this to overflow you would first need close to 2^64 successfully allocated
rectangles. Thats both alot of space and time.
I mean if every human on earth had a 32gb stick then all these together in a
single computer would not be enough to allow this to succeed

and that has to happen before the function is changed to the correct size_t
type as my previous patch did.

will post a new patch

thx


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If a bugfix only changes things apparently unrelated to the bug with no
further explanation, that is a good sign that the bugfix is wrong.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20211220/b230447c/attachment.sig>

More information about the ffmpeg-devel mailing list