subject:"\[FFmpeg\-devel\] \[PATCH\] avcodec\/tiff\: Fix integer overflows in left shift in init

Re: [FFmpeg-devel] [PATCH] avcodec/tiff: Fix integer overflows in left shift in init_image()

2018-11-26 Thread Michael Niedermayer

On Mon, Nov 26, 2018 at 12:08:27PM +0100, Tomas Härdin wrote:
> mån 2018-11-26 klockan 02:57 +0100 skrev Michael Niedermayer:
> > Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
> > Fixes: 
> > 11377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5694319101476864
> > 
> > Found-by: continuous fuzzing process 
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer 
> > ---
> >  libavcodec/tiff.c | 12 ++--
> >  1 file changed, 6 insertions(+), 6 deletions(-)
> > 
> > diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
> > index 6271c937c3..751f23ef33 100644
> > --- a/libavcodec/tiff.c
> > +++ b/libavcodec/tiff.c
> > @@ -706,7 +706,7 @@ static int init_image(TiffContext *s, ThreadFrame 
> > *frame)
> >  s->avctx->pix_fmt = s->palette_is_set ? AV_PIX_FMT_PAL8 : 
> > AV_PIX_FMT_GRAY8;
> >  break;
> >  case 10081:
> > -switch (s->pattern[0] | (s->pattern[1] << 8) | (s->pattern[2] << 
> > 16) | (s->pattern[3] << 24)) {
> > +switch (AV_RL32(s->pattern)) {
> >  case 0x02010100:
> >  s->avctx->pix_fmt = AV_PIX_FMT_BAYER_RGGB8;
> >  break;
> > @@ -721,12 +721,12 @@ static int init_image(TiffContext *s, ThreadFrame 
> > *frame)
> >  break;
> >  default:
> >  av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 
> > 0x%X\n",
> > -   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 
> > 16 | s->pattern[3] << 24);
> > +   AV_RL32(s->pattern));
> >  return AVERROR_PATCHWELCOME;
> >  }
> >  break;
> >  case 10121:
> > -switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
> > s->pattern[3] << 24) {
> > +switch (AV_RL32(s->pattern)) {
> >  case 0x02010100:
> >  s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : 
> > AV_PIX_FMT_BAYER_RGGB16BE;
> >  break;
> > @@ -741,12 +741,12 @@ static int init_image(TiffContext *s, ThreadFrame 
> > *frame)
> >  break;
> >  default:
> >  av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 
> > 0x%X\n",
> > -   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 
> > 16 | s->pattern[3] << 24);
> > +   AV_RL32(s->pattern));
> >  return AVERROR_PATCHWELCOME;
> >  }
> >  break;
> >  case 10161:
> > -switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
> > s->pattern[3] << 24) {
> > +switch (AV_RL32(s->pattern)) {
> >  case 0x02010100:
> >  s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : 
> > AV_PIX_FMT_BAYER_RGGB16BE;
> >  break;
> > @@ -761,7 +761,7 @@ static int init_image(TiffContext *s, ThreadFrame 
> > *frame)
> >  break;
> >  default:
> >  av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 
> > 0x%X\n",
> > -   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 
> > 16 | s->pattern[3] << 24);
> > +   AV_RL32(s->pattern));
> 
> This is much nicer :)

will apply

thanks

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Frequently ignored answer#1 FFmpeg bugs should be sent to our bugtracker. User
questions about the command line tools should be sent to the ffmpeg-user ML.
And questions about how to use libav* should be sent to the libav-user ML.


signature.asc
Description: PGP signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH] avcodec/tiff: Fix integer overflows in left shift in init_image()

2018-11-26 Thread Tomas Härdin

mån 2018-11-26 klockan 02:57 +0100 skrev Michael Niedermayer:
> Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
> Fixes: 
> 11377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5694319101476864
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer 
> ---
>  libavcodec/tiff.c | 12 ++--
>  1 file changed, 6 insertions(+), 6 deletions(-)
> 
> diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
> index 6271c937c3..751f23ef33 100644
> --- a/libavcodec/tiff.c
> +++ b/libavcodec/tiff.c
> @@ -706,7 +706,7 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
>  s->avctx->pix_fmt = s->palette_is_set ? AV_PIX_FMT_PAL8 : 
> AV_PIX_FMT_GRAY8;
>  break;
>  case 10081:
> -switch (s->pattern[0] | (s->pattern[1] << 8) | (s->pattern[2] << 16) 
> | (s->pattern[3] << 24)) {
> +switch (AV_RL32(s->pattern)) {
>  case 0x02010100:
>  s->avctx->pix_fmt = AV_PIX_FMT_BAYER_RGGB8;
>  break;
> @@ -721,12 +721,12 @@ static int init_image(TiffContext *s, ThreadFrame 
> *frame)
>  break;
>  default:
>  av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 
> 0x%X\n",
> -   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 
> | s->pattern[3] << 24);
> +   AV_RL32(s->pattern));
>  return AVERROR_PATCHWELCOME;
>  }
>  break;
>  case 10121:
> -switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
> s->pattern[3] << 24) {
> +switch (AV_RL32(s->pattern)) {
>  case 0x02010100:
>  s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : 
> AV_PIX_FMT_BAYER_RGGB16BE;
>  break;
> @@ -741,12 +741,12 @@ static int init_image(TiffContext *s, ThreadFrame 
> *frame)
>  break;
>  default:
>  av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 
> 0x%X\n",
> -   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 
> | s->pattern[3] << 24);
> +   AV_RL32(s->pattern));
>  return AVERROR_PATCHWELCOME;
>  }
>  break;
>  case 10161:
> -switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
> s->pattern[3] << 24) {
> +switch (AV_RL32(s->pattern)) {
>  case 0x02010100:
>  s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : 
> AV_PIX_FMT_BAYER_RGGB16BE;
>  break;
> @@ -761,7 +761,7 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
>  break;
>  default:
>  av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 
> 0x%X\n",
> -   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 
> | s->pattern[3] << 24);
> +   AV_RL32(s->pattern));

This is much nicer :)

/Tomas
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] avcodec/tiff: Fix integer overflows in left shift in init_image()

2018-11-25 Thread Michael Niedermayer

Fixes: left shift of 255 by 24 places cannot be represented in type 'int'
Fixes: 
11377/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_TIFF_fuzzer-5694319101476864

Found-by: continuous fuzzing process 
https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer 
---
 libavcodec/tiff.c | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/libavcodec/tiff.c b/libavcodec/tiff.c
index 6271c937c3..751f23ef33 100644
--- a/libavcodec/tiff.c
+++ b/libavcodec/tiff.c
@@ -706,7 +706,7 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
 s->avctx->pix_fmt = s->palette_is_set ? AV_PIX_FMT_PAL8 : 
AV_PIX_FMT_GRAY8;
 break;
 case 10081:
-switch (s->pattern[0] | (s->pattern[1] << 8) | (s->pattern[2] << 16) | 
(s->pattern[3] << 24)) {
+switch (AV_RL32(s->pattern)) {
 case 0x02010100:
 s->avctx->pix_fmt = AV_PIX_FMT_BAYER_RGGB8;
 break;
@@ -721,12 +721,12 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
 break;
 default:
 av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
-   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
s->pattern[3] << 24);
+   AV_RL32(s->pattern));
 return AVERROR_PATCHWELCOME;
 }
 break;
 case 10121:
-switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
s->pattern[3] << 24) {
+switch (AV_RL32(s->pattern)) {
 case 0x02010100:
 s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : 
AV_PIX_FMT_BAYER_RGGB16BE;
 break;
@@ -741,12 +741,12 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
 break;
 default:
 av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
-   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
s->pattern[3] << 24);
+   AV_RL32(s->pattern));
 return AVERROR_PATCHWELCOME;
 }
 break;
 case 10161:
-switch (s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
s->pattern[3] << 24) {
+switch (AV_RL32(s->pattern)) {
 case 0x02010100:
 s->avctx->pix_fmt = s->le ? AV_PIX_FMT_BAYER_RGGB16LE : 
AV_PIX_FMT_BAYER_RGGB16BE;
 break;
@@ -761,7 +761,7 @@ static int init_image(TiffContext *s, ThreadFrame *frame)
 break;
 default:
 av_log(s->avctx, AV_LOG_ERROR, "Unsupported Bayer pattern: 0x%X\n",
-   s->pattern[0] | s->pattern[1] << 8 | s->pattern[2] << 16 | 
s->pattern[3] << 24);
+   AV_RL32(s->pattern));
 return AVERROR_PATCHWELCOME;
 }
 break;
-- 
2.19.1

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH] avcodec/tiff: Fix integer overflows in left shift in init_image()

Re: [FFmpeg-devel] [PATCH] avcodec/tiff: Fix integer overflows in left shift in init_image()

[FFmpeg-devel] [PATCH] avcodec/tiff: Fix integer overflows in left shift in init_image()

3 matches

Site Navigation

Mail list logo

Footer information