[FFmpeg-devel] [PATCH 1/2] avcodec: add mvdv video decoder

Tue Nov 26 19:45:29 EET 2019

Am Di., 26. Nov. 2019 um 10:53 Uhr schrieb Paul B Mahol <onemda at gmail.com>:
>
> On 11/25/19, Tomas Härdin <tjoppen at acc.umu.se> wrote:
> > mån 2019-11-25 klockan 22:09 +0100 skrev Paul B Mahol:
> >> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> >> +static int decode_mvdv(MidiVidContext *s, AVCodecContext *avctx, AVFrame
> >> *frame)
> >> +{
> >> +    GetByteContext *gb = &s->gb;
> >> +    GetBitContext mask;
> >> +    GetByteContext idx9;
> >> +    uint16_t nb_vectors, intra_flag;
> >> +    const uint8_t *vec;
> >> +    const uint8_t *mask_start;
> >> +    uint8_t *skip;
> >> +    int mask_size;
> >> +    int idx9bits = 0;
> >> +    int idx9val = 0;
> >> +    int num_blocks;
> >> +
> >> +    nb_vectors = bytestream2_get_le16(gb);
> >> +    intra_flag = bytestream2_get_le16(gb);
> >> +    if (intra_flag) {
> >> +        num_blocks = (avctx->width / 2) * (avctx->height / 2);
> >
> > Will UB if width*height/4 > INT_MAX
> >
> >> +    } else {
> >> +        int skip_linesize;
> >> +
> >> +        num_blocks = bytestream2_get_le32(gb);
> >
> > Might want to use uint32_t so this doesn't lead to weirdness on 32-bit
> >
> >> +        skip_linesize = avctx->width >> 1;
> >> +        mask_start = gb->buffer_start + bytestream2_tell(gb);
> >> +        mask_size = (avctx->width >> 5) * (avctx->height >> 2);
> >
> > This can also UB

> Nothing of this can actually happen.

Then you could add asserts (and cut your quotes).

Carl Eugen