[FFmpeg-devel] [PATCH] avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit
Michael Niedermayer
michael at niedermayer.cc
Tue Jul 9 16:37:10 EEST 2024
On Tue, Jul 09, 2024 at 03:28:10PM +0200, Michael Niedermayer wrote:
> On Tue, Jul 09, 2024 at 03:17:58PM +0200, Anton Khirnov wrote:
> > > ensure width and height fit in 32bit
> >
> > why?
>
> because not everyone wants undefined behavior
> because not everyone wants security issues
> because we dont support width and height > 32bit and its easier to check in a central place
> because the changed codes purpose is to check if the image paramaters are
> within what we support, and width of 100 billion is not. You can try
> all encoders with 100billion width. Then try to decode.
> Iam curious, how many work, how many fail and how they fail
> how many invalid bitstreams with no warning, how many undefined behaviors, ...
>
> Simply building FFmpeg on a platform with 64bit ints doesnt update
> ISO and ITU standards to allow larger values
but theres more :)
if we allow 64bit width and height, every check on the pixel number just
broke because w*(uint64_t)h just doesnt work anymore.
a 64bit int isnt giving us a int128_t. So many checks related to width
and height suddenly become more fragile as theres not a simply larger type
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
When you are offended at any man's fault, turn to yourself and study your
own failings. Then you will forget your anger. -- Epictetus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240709/dad8122d/attachment.sig>
More information about the ffmpeg-devel
mailing list