Re: [FFmpeg-devel] [PATCH] huffyuvdec: validate image size
On Sun, Jun 28, 2015 at 11:23:12AM +0200, Andreas Cadhalpun wrote: On 27.06.2015 22:40, Michael Niedermayer wrote: On Sat, Jun 27, 2015 at 07:42:48PM +0200, Andreas Cadhalpun wrote: Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com --- libavcodec/huffyuvdec.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c index 98c6128..71fb9e3 100644 --- a/libavcodec/huffyuvdec.c +++ b/libavcodec/huffyuvdec.c @@ -291,6 +291,12 @@ static av_cold int decode_init(AVCodecContext *avctx) HYuvContext *s = avctx-priv_data; int ret; +if (avctx-width = 0 || avctx-height = 0) { LGTM alternatively av_image_check_size() could be used but this should be equally fine On 27.06.2015 22:40, Luca Barbato wrote: There is a function to validate the dimensions. That isn't enough, I think I sent a patch recently that does that for another codec. OK, new patch using av_image_check_size attached. Best regards, Andreas huffyuvdec.c |5 + 1 file changed, 5 insertions(+) bc13fbe9569565b84fde3c4757c64f3f391a4f9b 0001-huffyuvdec-validate-image-size.patch From b840a905bebfb6549c1de689911dd740746627fa Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun andreas.cadhal...@googlemail.com Date: Sun, 28 Jun 2015 11:21:54 +0200 Subject: [PATCH] huffyuvdec: validate image size Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com LGTM thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Avoid a single point of failure, be that a person or equipment. signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] huffyuvdec: validate image size
On 28.06.2015 14:17, Michael Niedermayer wrote: On Sun, Jun 28, 2015 at 11:23:12AM +0200, Andreas Cadhalpun wrote: huffyuvdec.c |5 + 1 file changed, 5 insertions(+) bc13fbe9569565b84fde3c4757c64f3f391a4f9b 0001-huffyuvdec-validate-image-size.patch From b840a905bebfb6549c1de689911dd740746627fa Mon Sep 17 00:00:00 2001 From: Andreas Cadhalpun andreas.cadhal...@googlemail.com Date: Sun, 28 Jun 2015 11:21:54 +0200 Subject: [PATCH] huffyuvdec: validate image size Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com LGTM thx Pushed. Best regards, Andreas ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] huffyuvdec: validate image size
Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com --- libavcodec/huffyuvdec.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c index 98c6128..71fb9e3 100644 --- a/libavcodec/huffyuvdec.c +++ b/libavcodec/huffyuvdec.c @@ -291,6 +291,12 @@ static av_cold int decode_init(AVCodecContext *avctx) HYuvContext *s = avctx-priv_data; int ret; +if (avctx-width = 0 || avctx-height = 0) { +av_log(avctx, AV_LOG_ERROR, invalid image size %dx%d\n, + avctx-width, avctx-height); +return AVERROR_INVALIDDATA; +} + ff_huffyuvdsp_init(s-hdsp); memset(s-vlc, 0, 4 * sizeof(VLC)); -- 2.1.4 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] huffyuvdec: validate image size
On Sat, Jun 27, 2015 at 07:42:48PM +0200, Andreas Cadhalpun wrote: Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com --- libavcodec/huffyuvdec.c | 6 ++ 1 file changed, 6 insertions(+) diff --git a/libavcodec/huffyuvdec.c b/libavcodec/huffyuvdec.c index 98c6128..71fb9e3 100644 --- a/libavcodec/huffyuvdec.c +++ b/libavcodec/huffyuvdec.c @@ -291,6 +291,12 @@ static av_cold int decode_init(AVCodecContext *avctx) HYuvContext *s = avctx-priv_data; int ret; +if (avctx-width = 0 || avctx-height = 0) { LGTM alternatively av_image_check_size() could be used but this should be equally fine [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB What does censorship reveal? It reveals fear. -- Julian Assange signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel