[FFmpeg-devel] [PATCH] avcodec/jpeg2000dsp: Use unsigned to avoid overflow

Tomas Härdin git at haerdin.se
Tue Sep 27 11:07:20 EEST 2022


tis 2022-09-27 klockan 03:47 +0200 skrev Andreas Rheinhardt:
> Affected the jpeg2000dsp checkasm test.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at outlook.com>
> ---
>  libavcodec/jpeg2000dsp.c | 9 ++++-----
>  1 file changed, 4 insertions(+), 5 deletions(-)
> 
> diff --git a/libavcodec/jpeg2000dsp.c b/libavcodec/jpeg2000dsp.c
> index b61be3b72f..b1bff6d5b1 100644
> --- a/libavcodec/jpeg2000dsp.c
> +++ b/libavcodec/jpeg2000dsp.c
> @@ -76,14 +76,13 @@ static void ict_int(void *_src0, void *_src1,
> void *_src2, int csize)
>  
>  static void rct_int(void *_src0, void *_src1, void *_src2, int
> csize)
>  {
> -    int32_t *src0 = _src0, *src1 = _src1, *src2 = _src2;
> -    int32_t i0, i1, i2;
> +    uint32_t *src0 = _src0, *src1 = _src1, *src2 = _src2;
>      int i;
>  
>      for (i = 0; i < csize; i++) {
> -        i1 = *src0 - (*src2 + *src1 >> 2);
> -        i0 = i1 + *src2;
> -        i2 = i1 + *src1;
> +        uint32_t i1 = *src0 - ((int32_t)(*src2 + *src1) >> 2);

The addition could conceivably overflow. Also could just use / 4
instead of >> 2.

> +        int32_t i0 = i1 + *src2;
> +        int32_t i2 = i1 + *src1;

These could also overflow. And agian, not in typical use obviously
because this is for lossless, but for malicious files possibly.

/Tomas



More information about the ffmpeg-devel mailing list