[FFmpeg-devel] [PATCH] avutil/imgutils: av_image_check_size2() ensure width and height fit in 32bit

[Vittorio Giovara]

On Tue, Jul 9, 2024 at 1:44 PM Michael Niedermayer <michael at niedermayer.cc>
wrote:

> on "INT is 64bit" systems they may have been false
>
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavutil/imgutils.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavutil/imgutils.c b/libavutil/imgutils.c
> index d2463815637..b738cff37c2 100644
> --- a/libavutil/imgutils.c
> +++ b/libavutil/imgutils.c
> @@ -298,7 +298,7 @@ int av_image_check_size2(unsigned int w, unsigned int
> h, int64_t max_pixels, enu
>          stride = 8LL*w;
>      stride += 128*8;
>
> -    if ((int)w<=0 || (int)h<=0 || stride >= INT_MAX ||
> stride*(uint64_t)(h+128) >= INT_MAX) {
> +    if (w==0 || h==0 || w > INT32_MAX || h > INT32_MAX || stride >=
> INT_MAX || stride*(uint64_t)(h+128) >= INT_MAX) {
>          av_log(&imgutils, AV_LOG_ERROR, "Picture size %ux%u is
> invalid\n", w, h);
>          return AVERROR(EINVAL);
>      }


While changing this line, it would be nice to have an explanation on what
the conditions do - for example why is stride multiplied by height+128?
And why is stride checked against INT_MAX and w/h against INT32_MAX?
Thanks
Vittorio