[FFmpeg-devel] [PATCH v1 2/3] avcodec/jpeg2000dec: add support for HTJ2K block decoding
Michael Niedermayer
michael at niedermayer.cc
Tue Apr 4 17:54:34 EEST 2023
On Mon, Apr 03, 2023 at 07:20:05PM +0300, Caleb Etemesi wrote:
> Hi
>
> On Mon, Apr 3, 2023 at 5:28 PM Michael Niedermayer <michael at niedermayer.cc>
> wrote:
>
> > On Sun, Apr 02, 2023 at 03:21:08PM -0700, Pierre-Anthony Lemieux wrote:
> > > On Sun, Apr 2, 2023 at 3:17 PM Michael Niedermayer
> > > <michael at niedermayer.cc> wrote:
> > > >
> > > > On Fri, Mar 31, 2023 at 08:29:40AM -0700, pal at sandflow.com wrote:
> > > > > From: caleb <etemesicaleb at gmail.com>
> > [...]
> > > > [...]
> > > > > +/**
> > > > > + * Drops bits from lower bits in the bit buffer. buf contains the
> > bit buffers.
> > > > > + * nbits is the number of bits to remove.
> > > > > + */
> > > > > +av_always_inline
> > > > > +static void jpeg2000_bitbuf_drop_bits_lsb(StateVars *buf, uint8_t
> > nbits)
> > > > > +{
> > > > > + if (buf->bits_left < nbits) {
> > > >
> > > > > + av_log(NULL, AV_LOG_ERROR, "Invalid bit read of %d, bits in
> > buffer are %d\n", nbits, buf->bits_left);
> > > > > + av_assert0(0);
> >
>
> This one is present to ensure for all test cases, we never overread bytes
But can a crafted input stream trigger an assert failure ?
If no then the assert is ok
If yes then its not ok, i mean a
"./ffmpeg -i /dev/random"
should not crash, it should provide the user with some error and teh code should
cleanly return not abort
I simply do not know if theres a check or something somewhere that ensures
this is ok and just a extra check (which is ok)
>
>
> > > >
> > > >
> > > > [...]
> > > > > +int
> > > > > +ff_jpeg2000_decode_htj2k(const Jpeg2000DecoderContext *s,
> > Jpeg2000CodingStyle *codsty, Jpeg2000T1Context *t1, Jpeg2000Cblk *cblk,
> > > > > + int width, int height, int magp, uint8_t
> > roi_shift)
> > > > > +{
> > > > > + uint8_t p0 = 0; // Number of placeholder passes
> > > > > + uint32_t Lcup; // Length of HT cleanup segment
> > > > > + uint32_t Lref; // Length of Refinement segment
> > > > > + uint32_t Scup; // HT cleanup segment suffix length
> > > > > + uint32_t Pcup; // HT cleanup segment prefix length
> > > > > +
> > > > > + uint8_t S_blk; // Number of skipped magnitude
> > bitplanes
> > > > > + uint8_t pLSB;
> > > > > +
> > > > > + uint8_t *Dcup; // Byte of an HT cleanup segment
> > > > > + uint8_t *Dref; // Byte of an HT refinement segment
> > > > > +
> > > > > + int z_blk; // Number of ht coding pass
> > > > > +
> > > > > + uint8_t empty_passes;
> > > > > +
> > > > > + StateVars mag_sgn; // Magnitude and Sign
> > > > > + StateVars mel; // Adaptive run-length coding
> > > > > + StateVars vlc; // Variable Length coding
> > > > > + StateVars sig_prop; // Significance propagation
> > > > > +
> > > > > + MelDecoderState mel_state;
> > > > > +
> > > > > + int ret;
> > > > > +
> > > > > + /* Temporary buffers */
> > > > > + int32_t *sample_buf;
> > > > > + uint8_t *block_states;
> > > > > +
> > > > > + int32_t n, val; // Post-processing
> > > > > +
> > > > > + int32_t M_b = magp;
> > > > > + av_assert0(width <= 1024U && height <= 1024U);
> > > > > + av_assert0(width * height <= 4096);
> > > > > + av_assert0(width * height > 0);
> > > >
> > > > Has this decoder been tested with some fuzzer ?
> > >
> > > Yes.
> >
> > ok
> >
> >
> > >
> > > > I see a bunch of asserts in it and i dont immedeatly see what would
> > prevent them from
> > > > triggering
> >
> > > maybe you can add comments to the asserts that explain why these are
> > > guranteed to be true thx
> >
> >
> These ones are to check code block constraints, the jpeg2000 spec limits
> code blocks to be between 2^2 and 2^10.
The spec isnt that important here. The important part is that our code checks
this, so no input can trigger the asserts.
I think we do check this, so i think the asserts are ok
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If you think the mosad wants you dead since a long time then you are either
wrong or dead since a long time.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20230404/45814777/attachment.sig>
More information about the ffmpeg-devel
mailing list