Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
> > > > Its just a automatically generated email signature > > for this specific one here, i think terrorism is a major problem the > world faces > Not so much because of terrorists or their victims but because of > what is being done by law makers and governments to counter terrorism. > (just think about it, if you wanted to do a terror attack would any of > the new anti terror laws prevent you from doing it ?) > The terrorists are a negligbible point in human mortality statistics, > you are more likely to become president than being killed in an attack. > the freedoms everyone looses from the laws are a big part of the > damage the terrorists have achieved. Thats besides fear and innocent > lifes. > > IMO terrorism is self limiting, the attacker dies, give him a darwin > award if you must, but not what he wants to achieve. > > You can disagree 100% about everything. In fact i might myself have a > somewhat different oppinion in a few years. But just having people > think about this whole subject logically is a step towards a solution. > > I was not sure anyone reads these silly signatures at all, or cares > about them. > > > So if you don't mind please keep these views to yourself or post them in a suitable place. I guess nobody else cares but I'd rather FFmpeg development stay clear of people's personal political views since pretty much everywhere online you are forced to read people's unsolicited views. Kieran ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Fri, Jul 14, 2017 at 10:55:56AM +, Kieran Kunhya wrote: > On Thu, 13 Jul 2017 at 23:06 Michael Niedermayer> wrote: > > > On Wed, Jul 12, 2017 at 01:54:28PM +, Kieran Kunhya wrote: > > > > > > > > I actually would request a short note explaining the SUINTFLOAT type > > usage. > > > > Something like: > > > > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT, > > > > Used as temporal cast to avoid undefined sign overflow operations. > > > > > > > > Maybe add such note to all "signed value in unsigned type" typedefs. > > > > > > > > > > Needs to be in main documentation because nobody is going to understand > > > this in 50 years time when mailing lists have bitrotted. > > > > ill post a patch that adds this as a doxygen comment in the patch, > > that way it should be in the doxygen documentation > > > > if you meant it to be put some other place clarify where > > > I mean full documentation of the thought process behind all these changes > in doc/. > Just like James spent weeks trying to fix the undocumented IDCTs from 15 > years ago, someone will probably end up struggling to understand this SUINT > stuff in 20 years time. you are correct. Most code is undocumented, its never good. Ill post a patch that adds some docs for undefined / suint. > > > > -- > > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > > > Modern terrorism, a quick summary: Need oil, start war with country that > > has oil, kill hundread thousand in war. Let country fall into chaos, > > be surprised about raise of fundamantalists. Drop more bombs, kill more > > people, be surprised about them taking revenge and drop even more bombs > > and strip your own citizens of their rights and freedoms. to be continued > > > What relevance do your political views have on this mailing list about > FFmpeg? Its just a automatically generated email signature for this specific one here, i think terrorism is a major problem the world faces Not so much because of terrorists or their victims but because of what is being done by law makers and governments to counter terrorism. (just think about it, if you wanted to do a terror attack would any of the new anti terror laws prevent you from doing it ?) The terrorists are a negligbible point in human mortality statistics, you are more likely to become president than being killed in an attack. the freedoms everyone looses from the laws are a big part of the damage the terrorists have achieved. Thats besides fear and innocent lifes. IMO terrorism is self limiting, the attacker dies, give him a darwin award if you must, but not what he wants to achieve. You can disagree 100% about everything. In fact i might myself have a somewhat different oppinion in a few years. But just having people think about this whole subject logically is a step towards a solution. I was not sure anyone reads these silly signatures at all, or cares about them. [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Everything should be made as simple as possible, but not simpler. -- Albert Einstein signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
Hi, On Fri, Jul 14, 2017 at 6:55 AM, Kieran Kunhyawrote: > On Thu, 13 Jul 2017 at 23:06 Michael Niedermayer > wrote: > > > On Wed, Jul 12, 2017 at 01:54:28PM +, Kieran Kunhya wrote: > > > > > > > > I actually would request a short note explaining the SUINTFLOAT type > > usage. > > > > Something like: > > > > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT, > > > > Used as temporal cast to avoid undefined sign overflow operations. > > > > > > > > Maybe add such note to all "signed value in unsigned type" typedefs. > > > > > > > > > > Needs to be in main documentation because nobody is going to understand > > > this in 50 years time when mailing lists have bitrotted. > > > > ill post a patch that adds this as a doxygen comment in the patch, > > that way it should be in the doxygen documentation > > > > if you meant it to be put some other place clarify where > > > I mean full documentation of the thought process behind all these changes > in doc/. > Just like James spent weeks trying to fix the undocumented IDCTs from 15 > years ago, someone will probably end up struggling to understand this SUINT > stuff in 20 years time. The IDCTs are still not documented by the way... :-). Part of that is hard because some changes are to reduce round-trip error which requires source+encoder access... Ronald ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Thu, 13 Jul 2017 at 23:06 Michael Niedermayerwrote: > On Wed, Jul 12, 2017 at 01:54:28PM +, Kieran Kunhya wrote: > > > > > > I actually would request a short note explaining the SUINTFLOAT type > usage. > > > Something like: > > > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT, > > > Used as temporal cast to avoid undefined sign overflow operations. > > > > > > Maybe add such note to all "signed value in unsigned type" typedefs. > > > > > > > Needs to be in main documentation because nobody is going to understand > > this in 50 years time when mailing lists have bitrotted. > > ill post a patch that adds this as a doxygen comment in the patch, > that way it should be in the doxygen documentation > > if you meant it to be put some other place clarify where I mean full documentation of the thought process behind all these changes in doc/. Just like James spent weeks trying to fix the undocumented IDCTs from 15 years ago, someone will probably end up struggling to understand this SUINT stuff in 20 years time. > -- > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB > > Modern terrorism, a quick summary: Need oil, start war with country that > has oil, kill hundread thousand in war. Let country fall into chaos, > be surprised about raise of fundamantalists. Drop more bombs, kill more > people, be surprised about them taking revenge and drop even more bombs > and strip your own citizens of their rights and freedoms. to be continued What relevance do your political views have on this mailing list about FFmpeg? Kieran ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Wed, Jul 12, 2017 at 01:54:28PM +, Kieran Kunhya wrote: > > > > I actually would request a short note explaining the SUINTFLOAT type usage. > > Something like: > > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT, > > Used as temporal cast to avoid undefined sign overflow operations. > > > > Maybe add such note to all "signed value in unsigned type" typedefs. > > > > Needs to be in main documentation because nobody is going to understand > this in 50 years time when mailing lists have bitrotted. ill post a patch that adds this as a doxygen comment in the patch, that way it should be in the doxygen documentation if you meant it to be put some other place clarify where thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Modern terrorism, a quick summary: Need oil, start war with country that has oil, kill hundread thousand in war. Let country fall into chaos, be surprised about raise of fundamantalists. Drop more bombs, kill more people, be surprised about them taking revenge and drop even more bombs and strip your own citizens of their rights and freedoms. to be continued signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
> > I actually would request a short note explaining the SUINTFLOAT type usage. > Something like: > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT, > Used as temporal cast to avoid undefined sign overflow operations. > > Maybe add such note to all "signed value in unsigned type" typedefs. > Needs to be in main documentation because nobody is going to understand this in 50 years time when mailing lists have bitrotted. Kieran ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On 7/11/17, Michael Niedermayerwrote: > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: >> On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: >> > On Sun, 2 Jul 2017 04:28:54 +0200 >> > Michael Niedermayer wrote: >> > >> > > Fixes: runtime error: signed integer overflow: -2147483648 - >> > > 1202286525 cannot be represented in type 'int' >> > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 >> > > >> > > Found-by: continuous fuzzing process >> > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg >> > > Signed-off-by: Michael Niedermayer >> > > --- >> > > libavcodec/aac_defines.h | 2 ++ >> > > libavcodec/aacdec_template.c | 5 +++-- >> > > 2 files changed, 5 insertions(+), 2 deletions(-) >> > > >> > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h >> > > index 3c79a8a4a1..ee4c73a87d 100644 >> > > --- a/libavcodec/aac_defines.h >> > > +++ b/libavcodec/aac_defines.h >> > > @@ -35,6 +35,7 @@ >> > > #define AAC_RENAME(x) x ## _fixed >> > > #define AAC_RENAME_32(x)x ## _fixed_32 >> > > typedef int INTFLOAT; >> > > +typedef unsignedSUINTFLOAT; >> > > typedef int64_t INT64FLOAT; >> > > typedef int16_t SHORTFLOAT; >> > > typedef SoftFloat AAC_FLOAT; >> > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; >> > > #define AAC_RENAME(x) x >> > > #define AAC_RENAME_32(x)x >> > > typedef float INTFLOAT; >> > > +typedef float SUINTFLOAT; >> > >> > Not more of this damn shit. >> >> i dont think i understand your comment >> >> The code is templated and uses largely the INTFLOAT data type >> which is either signed int or float depending on if the code is build >> for the fixed point or floating point decoder >> >> to fix the undefined behavior in the fixed point decoder a type which >> is unsigned int is the obvious choice. >> Such type must be float in the floating point decoder. >> >> This patch adds such type. >> >> do you object to fixing the issue ? >> do you want to suggest a different solution ? > > over a week passed, noone replied. > Is everyone ok with patch 1/3 ? > does someone object to it ? > does anyone have a better solution ? > > If noone replies, i will apply this patch, i do not want to leave > undefined behavior in the codebase. I actually would request a short note explaining the SUINTFLOAT type usage. Something like: +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT, Used as temporal cast to avoid undefined sign overflow operations. Maybe add such note to all "signed value in unsigned type" typedefs. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Wed, 12 Jul 2017 12:16:15 +0200 Michael Niedermayerwrote: > On Wed, Jul 12, 2017 at 09:22:44AM +0200, wm4 wrote: > > On Tue, 11 Jul 2017 22:34:24 +0200 > > Michael Niedermayer wrote: > > > > > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: > > > > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > > > > > On Sun, 2 Jul 2017 04:28:54 +0200 > > > > > Michael Niedermayer wrote: > > > > > > > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - > > > > > > 1202286525 cannot be represented in type 'int' > > > > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > > > > > > > > > Found-by: continuous fuzzing process > > > > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > > > Signed-off-by: Michael Niedermayer > > > > > > --- > > > > > > libavcodec/aac_defines.h | 2 ++ > > > > > > libavcodec/aacdec_template.c | 5 +++-- > > > > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > > > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > > > > > index 3c79a8a4a1..ee4c73a87d 100644 > > > > > > --- a/libavcodec/aac_defines.h > > > > > > +++ b/libavcodec/aac_defines.h > > > > > > @@ -35,6 +35,7 @@ > > > > > > #define AAC_RENAME(x) x ## _fixed > > > > > > #define AAC_RENAME_32(x)x ## _fixed_32 > > > > > > typedef int INTFLOAT; > > > > > > +typedef unsignedSUINTFLOAT; > > > > > > typedef int64_t INT64FLOAT; > > > > > > typedef int16_t SHORTFLOAT; > > > > > > typedef SoftFloat AAC_FLOAT; > > > > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > > > > > #define AAC_RENAME(x) x > > > > > > #define AAC_RENAME_32(x)x > > > > > > typedef float INTFLOAT; > > > > > > +typedef float SUINTFLOAT; > > > > > > > > > > Not more of this damn shit. > > > > > > > > i dont think i understand your comment > > > > > > > > The code is templated and uses largely the INTFLOAT data type > > > > which is either signed int or float depending on if the code is build > > > > for the fixed point or floating point decoder > > > > > > > > to fix the undefined behavior in the fixed point decoder a type which > > > > is unsigned int is the obvious choice. > > > > Such type must be float in the floating point decoder. > > > > > > > > This patch adds such type. > > > > > > > > do you object to fixing the issue ? > > > > do you want to suggest a different solution ? > > > > > > over a week passed, noone replied. > > > Is everyone ok with patch 1/3 ? > > > does someone object to it ? > > > does anyone have a better solution ? > > > > > > If noone replies, i will apply this patch, i do not want to leave > > > undefined behavior in the codebase. > > > > Fix the type name? > > Iam happy to change the name, what name would you prefer ? UINTFLOAT obviously. ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Wed, Jul 12, 2017 at 09:22:44AM +0200, wm4 wrote: > On Tue, 11 Jul 2017 22:34:24 +0200 > Michael Niedermayerwrote: > > > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: > > > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > > > > On Sun, 2 Jul 2017 04:28:54 +0200 > > > > Michael Niedermayer wrote: > > > > > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - > > > > > 1202286525 cannot be represented in type 'int' > > > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > > > > > > > Found-by: continuous fuzzing process > > > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > > Signed-off-by: Michael Niedermayer > > > > > --- > > > > > libavcodec/aac_defines.h | 2 ++ > > > > > libavcodec/aacdec_template.c | 5 +++-- > > > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > > > > index 3c79a8a4a1..ee4c73a87d 100644 > > > > > --- a/libavcodec/aac_defines.h > > > > > +++ b/libavcodec/aac_defines.h > > > > > @@ -35,6 +35,7 @@ > > > > > #define AAC_RENAME(x) x ## _fixed > > > > > #define AAC_RENAME_32(x)x ## _fixed_32 > > > > > typedef int INTFLOAT; > > > > > +typedef unsignedSUINTFLOAT; > > > > > typedef int64_t INT64FLOAT; > > > > > typedef int16_t SHORTFLOAT; > > > > > typedef SoftFloat AAC_FLOAT; > > > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > > > > #define AAC_RENAME(x) x > > > > > #define AAC_RENAME_32(x)x > > > > > typedef float INTFLOAT; > > > > > +typedef float SUINTFLOAT; > > > > > > > > Not more of this damn shit. > > > > > > i dont think i understand your comment > > > > > > The code is templated and uses largely the INTFLOAT data type > > > which is either signed int or float depending on if the code is build > > > for the fixed point or floating point decoder > > > > > > to fix the undefined behavior in the fixed point decoder a type which > > > is unsigned int is the obvious choice. > > > Such type must be float in the floating point decoder. > > > > > > This patch adds such type. > > > > > > do you object to fixing the issue ? > > > do you want to suggest a different solution ? > > > > over a week passed, noone replied. > > Is everyone ok with patch 1/3 ? > > does someone object to it ? > > does anyone have a better solution ? > > > > If noone replies, i will apply this patch, i do not want to leave > > undefined behavior in the codebase. > > Fix the type name? Iam happy to change the name, what name would you prefer ? [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Elect your leaders based on what they did after the last election, not based on what they say before an election. signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Tue, 11 Jul 2017 22:34:24 +0200 Michael Niedermayerwrote: > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: > > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > > > On Sun, 2 Jul 2017 04:28:54 +0200 > > > Michael Niedermayer wrote: > > > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 > > > > cannot be represented in type 'int' > > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > > > > > Found-by: continuous fuzzing process > > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > > Signed-off-by: Michael Niedermayer > > > > --- > > > > libavcodec/aac_defines.h | 2 ++ > > > > libavcodec/aacdec_template.c | 5 +++-- > > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > > > index 3c79a8a4a1..ee4c73a87d 100644 > > > > --- a/libavcodec/aac_defines.h > > > > +++ b/libavcodec/aac_defines.h > > > > @@ -35,6 +35,7 @@ > > > > #define AAC_RENAME(x) x ## _fixed > > > > #define AAC_RENAME_32(x)x ## _fixed_32 > > > > typedef int INTFLOAT; > > > > +typedef unsignedSUINTFLOAT; > > > > typedef int64_t INT64FLOAT; > > > > typedef int16_t SHORTFLOAT; > > > > typedef SoftFloat AAC_FLOAT; > > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > > > #define AAC_RENAME(x) x > > > > #define AAC_RENAME_32(x)x > > > > typedef float INTFLOAT; > > > > +typedef float SUINTFLOAT; > > > > > > Not more of this damn shit. > > > > i dont think i understand your comment > > > > The code is templated and uses largely the INTFLOAT data type > > which is either signed int or float depending on if the code is build > > for the fixed point or floating point decoder > > > > to fix the undefined behavior in the fixed point decoder a type which > > is unsigned int is the obvious choice. > > Such type must be float in the floating point decoder. > > > > This patch adds such type. > > > > do you object to fixing the issue ? > > do you want to suggest a different solution ? > > over a week passed, noone replied. > Is everyone ok with patch 1/3 ? > does someone object to it ? > does anyone have a better solution ? > > If noone replies, i will apply this patch, i do not want to leave > undefined behavior in the codebase. Fix the type name? ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote: > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > > On Sun, 2 Jul 2017 04:28:54 +0200 > > Michael Niedermayerwrote: > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 > > > cannot be represented in type 'int' > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > > > Found-by: continuous fuzzing process > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > > Signed-off-by: Michael Niedermayer > > > --- > > > libavcodec/aac_defines.h | 2 ++ > > > libavcodec/aacdec_template.c | 5 +++-- > > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > > index 3c79a8a4a1..ee4c73a87d 100644 > > > --- a/libavcodec/aac_defines.h > > > +++ b/libavcodec/aac_defines.h > > > @@ -35,6 +35,7 @@ > > > #define AAC_RENAME(x) x ## _fixed > > > #define AAC_RENAME_32(x)x ## _fixed_32 > > > typedef int INTFLOAT; > > > +typedef unsignedSUINTFLOAT; > > > typedef int64_t INT64FLOAT; > > > typedef int16_t SHORTFLOAT; > > > typedef SoftFloat AAC_FLOAT; > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > > #define AAC_RENAME(x) x > > > #define AAC_RENAME_32(x)x > > > typedef float INTFLOAT; > > > +typedef float SUINTFLOAT; > > > > Not more of this damn shit. > > i dont think i understand your comment > > The code is templated and uses largely the INTFLOAT data type > which is either signed int or float depending on if the code is build > for the fixed point or floating point decoder > > to fix the undefined behavior in the fixed point decoder a type which > is unsigned int is the obvious choice. > Such type must be float in the floating point decoder. > > This patch adds such type. > > do you object to fixing the issue ? > do you want to suggest a different solution ? over a week passed, noone replied. Is everyone ok with patch 1/3 ? does someone object to it ? does anyone have a better solution ? If noone replies, i will apply this patch, i do not want to leave undefined behavior in the codebase. Thanks -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB It is dangerous to be right in matters on which the established authorities are wrong. -- Voltaire signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote: > On Sun, 2 Jul 2017 04:28:54 +0200 > Michael Niedermayerwrote: > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 > > cannot be represented in type 'int' > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > > > Found-by: continuous fuzzing process > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > > Signed-off-by: Michael Niedermayer > > --- > > libavcodec/aac_defines.h | 2 ++ > > libavcodec/aacdec_template.c | 5 +++-- > > 2 files changed, 5 insertions(+), 2 deletions(-) > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > > index 3c79a8a4a1..ee4c73a87d 100644 > > --- a/libavcodec/aac_defines.h > > +++ b/libavcodec/aac_defines.h > > @@ -35,6 +35,7 @@ > > #define AAC_RENAME(x) x ## _fixed > > #define AAC_RENAME_32(x)x ## _fixed_32 > > typedef int INTFLOAT; > > +typedef unsignedSUINTFLOAT; > > typedef int64_t INT64FLOAT; > > typedef int16_t SHORTFLOAT; > > typedef SoftFloat AAC_FLOAT; > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > > #define AAC_RENAME(x) x > > #define AAC_RENAME_32(x)x > > typedef float INTFLOAT; > > +typedef float SUINTFLOAT; > > Not more of this damn shit. i dont think i understand your comment The code is templated and uses largely the INTFLOAT data type which is either signed int or float depending on if the code is build for the fixed point or floating point decoder to fix the undefined behavior in the fixed point decoder a type which is unsigned int is the obvious choice. Such type must be float in the floating point decoder. This patch adds such type. do you object to fixing the issue ? do you want to suggest a different solution ? [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws. -- Plato signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()
On Sun, 2 Jul 2017 04:28:54 +0200 Michael Niedermayerwrote: > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 > cannot be represented in type 'int' > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304 > > Found-by: continuous fuzzing process > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg > Signed-off-by: Michael Niedermayer > --- > libavcodec/aac_defines.h | 2 ++ > libavcodec/aacdec_template.c | 5 +++-- > 2 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h > index 3c79a8a4a1..ee4c73a87d 100644 > --- a/libavcodec/aac_defines.h > +++ b/libavcodec/aac_defines.h > @@ -35,6 +35,7 @@ > #define AAC_RENAME(x) x ## _fixed > #define AAC_RENAME_32(x)x ## _fixed_32 > typedef int INTFLOAT; > +typedef unsignedSUINTFLOAT; > typedef int64_t INT64FLOAT; > typedef int16_t SHORTFLOAT; > typedef SoftFloat AAC_FLOAT; > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE; > #define AAC_RENAME(x) x > #define AAC_RENAME_32(x)x > typedef float INTFLOAT; > +typedef float SUINTFLOAT; Not more of this damn shit. > typedef float INT64FLOAT; > typedef float SHORTFLOAT; > typedef float AAC_FLOAT; > diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c > index 4b98142536..add333e862 100644 > --- a/libavcodec/aacdec_template.c > +++ b/libavcodec/aacdec_template.c > @@ -2389,7 +2389,7 @@ static int decode_extension_payload(AACContext *ac, > GetBitContext *gb, int cnt, > * @param decode 1 if tool is used normally, 0 if tool is used in LTP. > * @param coefspectral coefficients > */ > -static void apply_tns(INTFLOAT coef[1024], TemporalNoiseShaping *tns, > +static void apply_tns(INTFLOAT coef_param[1024], TemporalNoiseShaping *tns, >IndividualChannelStream *ics, int decode) > { > const int mmm = FFMIN(ics->tns_max_bands, ics->max_sfb); > @@ -2397,6 +2397,7 @@ static void apply_tns(INTFLOAT coef[1024], > TemporalNoiseShaping *tns, > int bottom, top, order, start, end, size, inc; > INTFLOAT lpc[TNS_MAX_ORDER]; > INTFLOAT tmp[TNS_MAX_ORDER+1]; > +SUINTFLOAT *coef = coef_param; > > for (w = 0; w < ics->num_windows; w++) { > bottom = ics->num_swb; > @@ -2426,7 +2427,7 @@ static void apply_tns(INTFLOAT coef[1024], > TemporalNoiseShaping *tns, > // ar filter > for (m = 0; m < size; m++, start += inc) > for (i = 1; i <= FFMIN(m, order); i++) > -coef[start] -= AAC_MUL26(coef[start - i * inc], > lpc[i - 1]); > +coef[start] -= AAC_MUL26((INTFLOAT)coef[start - i * > inc], lpc[i - 1]); > } else { > // ma filter > for (m = 0; m < size; m++, start += inc) { ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel