On Tue, Jul 09, 2024 at 03:28:10PM +0200, Michael Niedermayer wrote: > On Tue, Jul 09, 2024 at 03:17:58PM +0200, Anton Khirnov wrote: > > > ensure width and height fit in 32bit > > > > why? > > because not everyone wants undefined behavior > because not everyone wants security issues > because we dont support width and height > 32bit and its easier to check in a > central place > because the changed codes purpose is to check if the image paramaters are > within what we support, and width of 100 billion is not. You can try > all encoders with 100billion width. Then try to decode. > Iam curious, how many work, how many fail and how they fail > how many invalid bitstreams with no warning, how many undefined > behaviors, ... > > Simply building FFmpeg on a platform with 64bit ints doesnt update > ISO and ITU standards to allow larger values
but theres more :) if we allow 64bit width and height, every check on the pixel number just broke because w*(uint64_t)h just doesnt work anymore. a 64bit int isnt giving us a int128_t. So many checks related to width and height suddenly become more fragile as theres not a simply larger type thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB When you are offended at any man's fault, turn to yourself and study your own failings. Then you will forget your anger. -- Epictetus
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".