[FFmpeg-devel] [PATCH 2/2] dnn_backend_native: check operand index
mypopy at gmail.com
mypopy at gmail.com
Tue Jun 16 09:17:35 EEST 2020
On Wed, Jun 10, 2020 at 10:04 PM Guo Yejun <yejun.guo at intel.com> wrote:
>
> it fixed the issue in https://trac.ffmpeg.org/ticket/8716
>
> Signed-off-by: Guo Yejun <yejun.guo at intel.com>
> ---
> libavfilter/dnn/dnn_backend_native.c | 6 +++++-
> libavfilter/dnn/dnn_backend_native_layer_conv2d.c | 7 ++++++-
> libavfilter/dnn/dnn_backend_native_layer_conv2d.h | 2 +-
> libavfilter/dnn/dnn_backend_native_layer_depth2space.c | 6 +++++-
> libavfilter/dnn/dnn_backend_native_layer_depth2space.h | 2 +-
> libavfilter/dnn/dnn_backend_native_layer_mathbinary.c | 12 +++++++++++-
> libavfilter/dnn/dnn_backend_native_layer_mathbinary.h | 2 +-
> libavfilter/dnn/dnn_backend_native_layer_mathunary.c | 6 +++++-
> libavfilter/dnn/dnn_backend_native_layer_mathunary.h | 2 +-
> libavfilter/dnn/dnn_backend_native_layer_maximum.c | 6 +++++-
> libavfilter/dnn/dnn_backend_native_layer_maximum.h | 2 +-
> libavfilter/dnn/dnn_backend_native_layer_pad.c | 6 +++++-
> libavfilter/dnn/dnn_backend_native_layer_pad.h | 2 +-
> libavfilter/dnn/dnn_backend_native_layers.h | 2 +-
> 14 files changed, 49 insertions(+), 14 deletions(-)
>
> diff --git a/libavfilter/dnn/dnn_backend_native.c b/libavfilter/dnn/dnn_backend_native.c
> index 12695a0..35236fc 100644
> --- a/libavfilter/dnn/dnn_backend_native.c
> +++ b/libavfilter/dnn/dnn_backend_native.c
> @@ -196,7 +196,7 @@ DNNModel *ff_dnn_load_model_native(const char *model_filename)
> }
>
> network->layers[layer].type = layer_type;
> - parsed_size = layer_funcs[layer_type].pf_load(&network->layers[layer], model_file_context, file_size);
> + parsed_size = layer_funcs[layer_type].pf_load(&network->layers[layer], model_file_context, file_size, network->operands_num);
> if (!parsed_size) {
> goto fail;
> }
> @@ -209,6 +209,10 @@ DNNModel *ff_dnn_load_model_native(const char *model_filename)
> int32_t operand_index = (int32_t)avio_rl32(model_file_context);
> dnn_size += 4;
>
> + if (operand_index >= network->operands_num) {
> + goto fail;
> + }
> +
I prefer
if (expr)
statements();
without the braces if only a single statement.
> oprd = &network->operands[operand_index];
> name_len = (int32_t)avio_rl32(model_file_context);
> dnn_size += 4;
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_conv2d.c b/libavfilter/dnn/dnn_backend_native_layer_conv2d.c
> index 7b29697..c05bb5e 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_conv2d.c
> +++ b/libavfilter/dnn/dnn_backend_native_layer_conv2d.c
> @@ -23,7 +23,7 @@
>
> #define CLAMP_TO_EDGE(x, w) ((x) < 0 ? 0 : ((x) >= (w) ? (w - 1) : (x)))
>
> -int dnn_load_layer_conv2d(Layer *layer, AVIOContext *model_file_context, int file_size)
> +int dnn_load_layer_conv2d(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num)
> {
> ConvolutionalParams *conv_params;
> int kernel_size;
> @@ -80,6 +80,11 @@ int dnn_load_layer_conv2d(Layer *layer, AVIOContext *model_file_context, int fil
> layer->input_operand_indexes[0] = (int32_t)avio_rl32(model_file_context);
> layer->output_operand_index = (int32_t)avio_rl32(model_file_context);
> dnn_size += 8;
> +
> + if (layer->input_operand_indexes[0] >= operands_num || layer->output_operand_index >= operands_num) {
> + return 0;
> + }
> +
> return dnn_size;
> }
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_conv2d.h b/libavfilter/dnn/dnn_backend_native_layer_conv2d.h
> index bf87264..eeb15fd 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_conv2d.h
> +++ b/libavfilter/dnn/dnn_backend_native_layer_conv2d.h
> @@ -36,7 +36,7 @@ typedef struct ConvolutionalParams{
> float *biases;
> } ConvolutionalParams;
>
> -int dnn_load_layer_conv2d(Layer *layer, AVIOContext *model_file_context, int file_size);
> +int dnn_load_layer_conv2d(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num);
> int dnn_execute_layer_conv2d(DnnOperand *operands, const int32_t *input_operand_indexes,
> int32_t output_operand_index, const void *parameters);
> #endif
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_depth2space.c b/libavfilter/dnn/dnn_backend_native_layer_depth2space.c
> index 7dab19d..324871c 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_depth2space.c
> +++ b/libavfilter/dnn/dnn_backend_native_layer_depth2space.c
> @@ -27,7 +27,7 @@
> #include "libavutil/avassert.h"
> #include "dnn_backend_native_layer_depth2space.h"
>
> -int dnn_load_layer_depth2space(Layer *layer, AVIOContext *model_file_context, int file_size)
> +int dnn_load_layer_depth2space(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num)
> {
> DepthToSpaceParams *params;
> int dnn_size = 0;
> @@ -42,6 +42,10 @@ int dnn_load_layer_depth2space(Layer *layer, AVIOContext *model_file_context, in
> dnn_size += 8;
> layer->params = params;
>
> + if (layer->input_operand_indexes[0] >= operands_num || layer->output_operand_index >= operands_num) {
> + return 0;
> + }
> +
> return dnn_size;
> }
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_depth2space.h b/libavfilter/dnn/dnn_backend_native_layer_depth2space.h
> index e5465f1..b2901e0 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_depth2space.h
> +++ b/libavfilter/dnn/dnn_backend_native_layer_depth2space.h
> @@ -34,7 +34,7 @@ typedef struct DepthToSpaceParams{
> int block_size;
> } DepthToSpaceParams;
>
> -int dnn_load_layer_depth2space(Layer *layer, AVIOContext *model_file_context, int file_size);
> +int dnn_load_layer_depth2space(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num);
> int dnn_execute_layer_depth2space(DnnOperand *operands, const int32_t *input_operand_indexes,
> int32_t output_operand_index, const void *parameters);
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_mathbinary.c b/libavfilter/dnn/dnn_backend_native_layer_mathbinary.c
> index edc389d..b239a20 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_mathbinary.c
> +++ b/libavfilter/dnn/dnn_backend_native_layer_mathbinary.c
> @@ -27,7 +27,7 @@
> #include "libavutil/avassert.h"
> #include "dnn_backend_native_layer_mathbinary.h"
>
> -int dnn_load_layer_math_binary(Layer *layer, AVIOContext *model_file_context, int file_size)
> +int dnn_load_layer_math_binary(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num)
> {
> DnnLayerMathBinaryParams *params;
> int dnn_size = 0;
> @@ -45,6 +45,9 @@ int dnn_load_layer_math_binary(Layer *layer, AVIOContext *model_file_context, in
> params->v = av_int2float(avio_rl32(model_file_context));
> } else {
> layer->input_operand_indexes[input_index] = (int32_t)avio_rl32(model_file_context);
> + if (layer->input_operand_indexes[input_index] >= operands_num) {
> + return 0;
> + }
> input_index++;
> }
> dnn_size += 4;
> @@ -55,6 +58,9 @@ int dnn_load_layer_math_binary(Layer *layer, AVIOContext *model_file_context, in
> params->v = av_int2float(avio_rl32(model_file_context));
> } else {
> layer->input_operand_indexes[input_index] = (int32_t)avio_rl32(model_file_context);
> + if (layer->input_operand_indexes[input_index] >= operands_num) {
> + return 0;
> + }
> input_index++;
> }
> dnn_size += 4;
> @@ -63,6 +69,10 @@ int dnn_load_layer_math_binary(Layer *layer, AVIOContext *model_file_context, in
> dnn_size += 4;
> layer->params = params;
>
> + if (layer->output_operand_index >= operands_num) {
> + return 0;
> + }
> +
> return dnn_size;
> }
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_mathbinary.h b/libavfilter/dnn/dnn_backend_native_layer_mathbinary.h
> index f3dbbeb..0acf3b0 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_mathbinary.h
> +++ b/libavfilter/dnn/dnn_backend_native_layer_mathbinary.h
> @@ -46,7 +46,7 @@ typedef struct DnnLayerMathBinaryParams{
> float v;
> } DnnLayerMathBinaryParams;
>
> -int dnn_load_layer_math_binary(Layer *layer, AVIOContext *model_file_context, int file_size);
> +int dnn_load_layer_math_binary(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num);
> int dnn_execute_layer_math_binary(DnnOperand *operands, const int32_t *input_operand_indexes,
> int32_t output_operand_index, const void *parameters);
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_mathunary.c b/libavfilter/dnn/dnn_backend_native_layer_mathunary.c
> index d65af15..0d3627f 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_mathunary.c
> +++ b/libavfilter/dnn/dnn_backend_native_layer_mathunary.c
> @@ -27,7 +27,7 @@
> #include "libavutil/avassert.h"
> #include "dnn_backend_native_layer_mathunary.h"
>
> -int dnn_load_layer_math_unary(Layer *layer, AVIOContext *model_file_context, int file_size)
> +int dnn_load_layer_math_unary(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num)
> {
> DnnLayerMathUnaryParams *params;
> int dnn_size = 0;
> @@ -42,6 +42,10 @@ int dnn_load_layer_math_unary(Layer *layer, AVIOContext *model_file_context, int
> layer->output_operand_index = (int32_t)avio_rl32(model_file_context);
> dnn_size += 8;
>
> + if (layer->input_operand_indexes[0] >= operands_num || layer->output_operand_index >= operands_num) {
> + return 0;
> + }
> +
> return dnn_size;
>
> }
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_mathunary.h b/libavfilter/dnn/dnn_backend_native_layer_mathunary.h
> index 4e44003..a9a8a0d 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_mathunary.h
> +++ b/libavfilter/dnn/dnn_backend_native_layer_mathunary.h
> @@ -38,7 +38,7 @@ typedef struct DnnLayerMathUnaryParams{
> DNNMathUnaryOperation un_op;
> } DnnLayerMathUnaryParams;
>
> -int dnn_load_layer_math_unary(Layer *layer, AVIOContext *model_file_context, int file_size);
> +int dnn_load_layer_math_unary(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num);
> int dnn_execute_layer_math_unary(DnnOperand *operands, const int32_t *input_operand_indexes,
> int32_t output_operand_index, const void *parameters);
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_maximum.c b/libavfilter/dnn/dnn_backend_native_layer_maximum.c
> index 19f0e8d..af16e08 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_maximum.c
> +++ b/libavfilter/dnn/dnn_backend_native_layer_maximum.c
> @@ -27,7 +27,7 @@
> #include "libavutil/avassert.h"
> #include "dnn_backend_native_layer_maximum.h"
>
> -int dnn_load_layer_maximum(Layer *layer, AVIOContext *model_file_context, int file_size)
> +int dnn_load_layer_maximum(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num)
> {
> DnnLayerMaximumParams *params;
> int dnn_size = 0;
> @@ -42,6 +42,10 @@ int dnn_load_layer_maximum(Layer *layer, AVIOContext *model_file_context, int fi
> layer->output_operand_index = (int32_t)avio_rl32(model_file_context);
> dnn_size += 8;
>
> + if (layer->input_operand_indexes[0] >= operands_num || layer->output_operand_index >= operands_num) {
> + return 0;
> + }
> +
> return dnn_size;
> }
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_maximum.h b/libavfilter/dnn/dnn_backend_native_layer_maximum.h
> index 601158b..c049c63 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_maximum.h
> +++ b/libavfilter/dnn/dnn_backend_native_layer_maximum.h
> @@ -37,7 +37,7 @@ typedef struct DnnLayerMaximumParams{
> }val;
> } DnnLayerMaximumParams;
>
> -int dnn_load_layer_maximum(Layer *layer, AVIOContext *model_file_context, int file_size);
> +int dnn_load_layer_maximum(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num);
> int dnn_execute_layer_maximum(DnnOperand *operands, const int32_t *input_operand_indexes,
> int32_t output_operand_index, const void *parameters);
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_pad.c b/libavfilter/dnn/dnn_backend_native_layer_pad.c
> index 8e5959b..dfbd204 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_pad.c
> +++ b/libavfilter/dnn/dnn_backend_native_layer_pad.c
> @@ -22,7 +22,7 @@
> #include "libavutil/avassert.h"
> #include "dnn_backend_native_layer_pad.h"
>
> -int dnn_load_layer_pad(Layer *layer, AVIOContext *model_file_context, int file_size)
> +int dnn_load_layer_pad(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num)
> {
> LayerPadParams *params;
> int dnn_size = 0;
> @@ -42,6 +42,10 @@ int dnn_load_layer_pad(Layer *layer, AVIOContext *model_file_context, int file_s
> dnn_size += 8;
> layer->params = params;
>
> + if (layer->input_operand_indexes[0] >= operands_num || layer->output_operand_index >= operands_num) {
> + return 0;
> + }
> +
> return dnn_size;
> }
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layer_pad.h b/libavfilter/dnn/dnn_backend_native_layer_pad.h
> index 936a9bd..18e05bd 100644
> --- a/libavfilter/dnn/dnn_backend_native_layer_pad.h
> +++ b/libavfilter/dnn/dnn_backend_native_layer_pad.h
> @@ -36,7 +36,7 @@ typedef struct LayerPadParams{
> float constant_values;
> } LayerPadParams;
>
> -int dnn_load_layer_pad(Layer *layer, AVIOContext *model_file_context, int file_size);
> +int dnn_load_layer_pad(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num);
> int dnn_execute_layer_pad(DnnOperand *operands, const int32_t *input_operand_indexes,
> int32_t output_operand_index, const void *parameters);
>
> diff --git a/libavfilter/dnn/dnn_backend_native_layers.h b/libavfilter/dnn/dnn_backend_native_layers.h
> index 2df0ce9..b696e9c 100644
> --- a/libavfilter/dnn/dnn_backend_native_layers.h
> +++ b/libavfilter/dnn/dnn_backend_native_layers.h
> @@ -26,7 +26,7 @@
>
> typedef int (*LAYER_EXEC_FUNC)(DnnOperand *operands, const int32_t *input_operand_indexes,
> int32_t output_operand_index, const void *parameters);
> -typedef int (*LAYER_LOAD_FUNC)(Layer *layer, AVIOContext *model_file_context, int file_size);
> +typedef int (*LAYER_LOAD_FUNC)(Layer *layer, AVIOContext *model_file_context, int file_size, int operands_num);
>
> typedef struct LayerFunc {
> LAYER_EXEC_FUNC pf_exec;
> --
> 2.7.4
>
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".
--
=======================================
Jun zhao/赵军
+++++++++++++++++++++++++++++++++++++++
More information about the ffmpeg-devel
mailing list