PR #23158 opened by llyyr URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23158 Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/23158.patch
The options_table change is just something I noticed while messing with this code, I don't think there's any reason to cap it to INT_MAX. The lavc/get_buffer change is 1 out of 2 changes needed to decode a 34816x18432 RGBA PNG image, as long as -max_alloc is set to a sufficiently large value. The check is redundant with lavutil's max_alloc_size limits, there's no need to sidestep -max_alloc setting altogether to reject this allocation early. The other change needed to decode the aforementioned image in ffmpeg is relaxing the `stride*(h + 128ULL) >= INT_MAX` check in `av_image_check_size2`, but I'm unsure what the right way forward is. `av_image_check_size(2)` describes itself as `Check if [...] all bytes of a plane of an image [...] can be addressed with a signed int.` Relaxing the check will necessarily contradict this. I considered making av_image_check_size3 which doesn't have the same restriction as size2 but I'd prefer get opinions from maintainers first. >From 0669c03cfee85b6db4fb555a503de635882e22f4 Mon Sep 17 00:00:00 2001 From: llyyr <[email protected]> Date: Tue, 19 May 2026 23:10:06 +0530 Subject: [PATCH 1/2] avcodec/options_table: increase max_pixels upper bound to INT64_MAX The max_pixels option is stored as int64_t but its accepted range is capped at INT_MAX, preventing users from configuring larger limits. --- libavcodec/options_table.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/options_table.h b/libavcodec/options_table.h index 7f01909ae6..866e9493d5 100644 --- a/libavcodec/options_table.h +++ b/libavcodec/options_table.h @@ -395,7 +395,7 @@ static const AVOption avcodec_options[] = { {"codec_whitelist", "List of decoders that are allowed to be used", OFFSET(codec_whitelist), AV_OPT_TYPE_STRING, { .str = NULL }, 0, 0, A|V|S|D }, {"pixel_format", "set pixel format", OFFSET(pix_fmt), AV_OPT_TYPE_PIXEL_FMT, {.i64=AV_PIX_FMT_NONE}, -1, INT_MAX, 0 }, {"video_size", "set video size", OFFSET(width), AV_OPT_TYPE_IMAGE_SIZE, {.str=NULL}, 0, INT_MAX, 0 }, -{"max_pixels", "Maximum number of pixels", OFFSET(max_pixels), AV_OPT_TYPE_INT64, {.i64 = INT_MAX }, 0, INT_MAX, A|V|S|D|E }, +{"max_pixels", "Maximum number of pixels", OFFSET(max_pixels), AV_OPT_TYPE_INT64, {.i64 = INT_MAX }, 0, INT64_MAX, A|V|S|D|E }, {"max_samples", "Maximum number of samples", OFFSET(max_samples), AV_OPT_TYPE_INT64, {.i64 = INT_MAX }, 0, INT_MAX, A|D|E }, {"hwaccel_flags", NULL, OFFSET(hwaccel_flags), AV_OPT_TYPE_FLAGS, {.i64 = AV_HWACCEL_FLAG_IGNORE_LEVEL }, 0, UINT_MAX, V|D, .unit = "hwaccel_flags"}, {"ignore_level", "ignore level even if the codec level used is unknown or higher than the maximum supported level reported by the hardware driver", 0, AV_OPT_TYPE_CONST, { .i64 = AV_HWACCEL_FLAG_IGNORE_LEVEL }, INT_MIN, INT_MAX, V | D, .unit = "hwaccel_flags" }, -- 2.52.0 >From efd8b8cd697401bf5c5f6a9647e2d476bd44520a Mon Sep 17 00:00:00 2001 From: llyyr <[email protected]> Date: Tue, 19 May 2026 22:45:34 +0530 Subject: [PATCH 2/2] lavc/get_buffer: remove INT_MAX plane size restriction This restriction is redundant with lavutil's max_alloc_size limits and prevents allocating large image planes even when the configured allocation limit permits it. --- libavcodec/get_buffer.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/libavcodec/get_buffer.c b/libavcodec/get_buffer.c index b391adf24f..f1352c474d 100644 --- a/libavcodec/get_buffer.c +++ b/libavcodec/get_buffer.c @@ -115,10 +115,6 @@ static int update_frame_pool(AVCodecContext *avctx, AVFrame *frame) for (i = 0; i < 4; i++) { pool->linesize[i] = linesize[i]; if (size[i]) { - if (size[i] > INT_MAX - (16 + STRIDE_ALIGN - 1)) { - ret = AVERROR(EINVAL); - goto fail; - } pool->pools[i] = av_buffer_pool_init(size[i] + 16 + STRIDE_ALIGN - 1, CONFIG_MEMORY_POISONING ? NULL : -- 2.52.0 _______________________________________________ ffmpeg-devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
