subject:"Re\: \[FFmpeg\-devel\] \[PATCH 1\/3\] avcodec\/aacdec_template\: Fix undefined integer overflow in apply

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-15 Thread Kieran Kunhya

>
> 
>
> Its just a automatically generated email signature
>
> for this specific one here, i think terrorism is a major problem the
> world faces
> Not so much because of terrorists or their victims but because of
> what is being done by law makers and governments to counter terrorism.
> (just think about it, if you wanted to do a terror attack would any of
>  the new anti terror laws prevent you from doing it ?)
> The terrorists are a negligbible point in human mortality statistics,
> you are more likely to become president than being killed in an attack.
> the freedoms everyone looses from the laws are a big part of the
> damage the terrorists have achieved. Thats besides fear and innocent
> lifes.
>
> IMO terrorism is self limiting, the attacker dies, give him a darwin
> award if you must, but not what he wants to achieve.
>
> You can disagree 100% about everything. In fact i might myself have a
> somewhat different oppinion in a few years. But just having people
> think about this whole subject logically is a step towards a solution.
>
> I was not sure anyone reads these silly signatures at all, or cares
> about them.
>
> 
>

So if you don't mind please keep these views to yourself or post them in a
suitable place. I guess nobody else cares but I'd rather FFmpeg development
stay clear of people's personal political views since pretty much
everywhere online you are forced to read people's unsolicited views.

Kieran
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-15 Thread Michael Niedermayer

On Fri, Jul 14, 2017 at 10:55:56AM +, Kieran Kunhya wrote:
> On Thu, 13 Jul 2017 at 23:06 Michael Niedermayer 
> wrote:
> 
> > On Wed, Jul 12, 2017 at 01:54:28PM +, Kieran Kunhya wrote:
> > > >
> > > > I actually would request a short note explaining the SUINTFLOAT type
> > usage.
> > > > Something like:
> > > > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT,
> > > > Used as temporal cast to avoid undefined sign overflow operations.
> > > >
> > > > Maybe add such note to all "signed value in unsigned type" typedefs.
> > > >
> > >
> > > Needs to be in main documentation because nobody is going to understand
> > > this in 50 years time when mailing lists have bitrotted.
> >
> > ill post a patch that adds this as a doxygen comment in the patch,
> > that way it should be in the doxygen documentation
> >
> > if you meant it to be put some other place clarify where
> 
> 
> I mean full documentation of the thought process behind all these changes
> in doc/.
> Just like James spent weeks trying to fix the undocumented IDCTs from 15
> years ago, someone will probably end up struggling to understand this SUINT
> stuff in 20 years time.

you are correct. Most code is undocumented, its never good.

Ill post a patch that adds some docs for undefined / suint.

> 
> 
> > --
> > Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
> >
> > Modern terrorism, a quick summary: Need oil, start war with country that
> > has oil, kill hundread thousand in war. Let country fall into chaos,
> > be surprised about raise of fundamantalists. Drop more bombs, kill more
> > people, be surprised about them taking revenge and drop even more bombs
> > and strip your own citizens of their rights and freedoms. to be continued
> 
> 
> What relevance do your political views have on this mailing list about
> FFmpeg?

Its just a automatically generated email signature

for this specific one here, i think terrorism is a major problem the
world faces
Not so much because of terrorists or their victims but because of
what is being done by law makers and governments to counter terrorism.
(just think about it, if you wanted to do a terror attack would any of
 the new anti terror laws prevent you from doing it ?)
The terrorists are a negligbible point in human mortality statistics,
you are more likely to become president than being killed in an attack.
the freedoms everyone looses from the laws are a big part of the
damage the terrorists have achieved. Thats besides fear and innocent
lifes.

IMO terrorism is self limiting, the attacker dies, give him a darwin
award if you must, but not what he wants to achieve.

You can disagree 100% about everything. In fact i might myself have a
somewhat different oppinion in a few years. But just having people
think about this whole subject logically is a step towards a solution.

I was not sure anyone reads these silly signatures at all, or cares
about them.

[...]

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Everything should be made as simple as possible, but not simpler.
-- Albert Einstein

signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-14 Thread Ronald S. Bultje

Hi,

On Fri, Jul 14, 2017 at 6:55 AM, Kieran Kunhya  wrote:

> On Thu, 13 Jul 2017 at 23:06 Michael Niedermayer 
> wrote:
>
> > On Wed, Jul 12, 2017 at 01:54:28PM +, Kieran Kunhya wrote:
> > > >
> > > > I actually would request a short note explaining the SUINTFLOAT type
> > usage.
> > > > Something like:
> > > > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT,
> > > > Used as temporal cast to avoid undefined sign overflow operations.
> > > >
> > > > Maybe add such note to all "signed value in unsigned type" typedefs.
> > > >
> > >
> > > Needs to be in main documentation because nobody is going to understand
> > > this in 50 years time when mailing lists have bitrotted.
> >
> > ill post a patch that adds this as a doxygen comment in the patch,
> > that way it should be in the doxygen documentation
> >
> > if you meant it to be put some other place clarify where
>
>
> I mean full documentation of the thought process behind all these changes
> in doc/.
> Just like James spent weeks trying to fix the undocumented IDCTs from 15
> years ago, someone will probably end up struggling to understand this SUINT
> stuff in 20 years time.


The IDCTs are still not documented by the way... :-). Part of that is hard
because some changes are to reduce round-trip error which requires
source+encoder access...

Ronald
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-14 Thread Kieran Kunhya

On Thu, 13 Jul 2017 at 23:06 Michael Niedermayer 
wrote:

> On Wed, Jul 12, 2017 at 01:54:28PM +, Kieran Kunhya wrote:
> > >
> > > I actually would request a short note explaining the SUINTFLOAT type
> usage.
> > > Something like:
> > > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT,
> > > Used as temporal cast to avoid undefined sign overflow operations.
> > >
> > > Maybe add such note to all "signed value in unsigned type" typedefs.
> > >
> >
> > Needs to be in main documentation because nobody is going to understand
> > this in 50 years time when mailing lists have bitrotted.
>
> ill post a patch that adds this as a doxygen comment in the patch,
> that way it should be in the doxygen documentation
>
> if you meant it to be put some other place clarify where


I mean full documentation of the thought process behind all these changes
in doc/.
Just like James spent weeks trying to fix the undocumented IDCTs from 15
years ago, someone will probably end up struggling to understand this SUINT
stuff in 20 years time.


> --
> Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
>
> Modern terrorism, a quick summary: Need oil, start war with country that
> has oil, kill hundread thousand in war. Let country fall into chaos,
> be surprised about raise of fundamantalists. Drop more bombs, kill more
> people, be surprised about them taking revenge and drop even more bombs
> and strip your own citizens of their rights and freedoms. to be continued


What relevance do your political views have on this mailing list about
FFmpeg?

Kieran
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-13 Thread Michael Niedermayer

On Wed, Jul 12, 2017 at 01:54:28PM +, Kieran Kunhya wrote:
> >
> > I actually would request a short note explaining the SUINTFLOAT type usage.
> > Something like:
> > +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT,
> > Used as temporal cast to avoid undefined sign overflow operations.
> >
> > Maybe add such note to all "signed value in unsigned type" typedefs.
> >
> 
> Needs to be in main documentation because nobody is going to understand
> this in 50 years time when mailing lists have bitrotted.

ill post a patch that adds this as a doxygen comment in the patch,
that way it should be in the doxygen documentation

if you meant it to be put some other place clarify where

thx

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Modern terrorism, a quick summary: Need oil, start war with country that
has oil, kill hundread thousand in war. Let country fall into chaos,
be surprised about raise of fundamantalists. Drop more bombs, kill more
people, be surprised about them taking revenge and drop even more bombs
and strip your own citizens of their rights and freedoms. to be continued


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-12 Thread Kieran Kunhya

>
> I actually would request a short note explaining the SUINTFLOAT type usage.
> Something like:
> +typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT,
> Used as temporal cast to avoid undefined sign overflow operations.
>
> Maybe add such note to all "signed value in unsigned type" typedefs.
>

Needs to be in main documentation because nobody is going to understand
this in 50 years time when mailing lists have bitrotted.

Kieran
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-12 Thread Ivan Kalvachev

On 7/11/17, Michael Niedermayer  wrote:
> On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote:
>> On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote:
>> > On Sun,  2 Jul 2017 04:28:54 +0200
>> > Michael Niedermayer  wrote:
>> >
>> > > Fixes: runtime error: signed integer overflow: -2147483648 -
>> > > 1202286525 cannot be represented in type 'int'
>> > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304
>> > >
>> > > Found-by: continuous fuzzing process
>> > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
>> > > Signed-off-by: Michael Niedermayer 
>> > > ---
>> > >  libavcodec/aac_defines.h | 2 ++
>> > >  libavcodec/aacdec_template.c | 5 +++--
>> > >  2 files changed, 5 insertions(+), 2 deletions(-)
>> > >
>> > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h
>> > > index 3c79a8a4a1..ee4c73a87d 100644
>> > > --- a/libavcodec/aac_defines.h
>> > > +++ b/libavcodec/aac_defines.h
>> > > @@ -35,6 +35,7 @@
>> > >  #define AAC_RENAME(x)   x ## _fixed
>> > >  #define AAC_RENAME_32(x)x ## _fixed_32
>> > >  typedef int INTFLOAT;
>> > > +typedef unsignedSUINTFLOAT;
>> > >  typedef int64_t INT64FLOAT;
>> > >  typedef int16_t SHORTFLOAT;
>> > >  typedef SoftFloat   AAC_FLOAT;
>> > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE;
>> > >  #define AAC_RENAME(x)   x
>> > >  #define AAC_RENAME_32(x)x
>> > >  typedef float   INTFLOAT;
>> > > +typedef float   SUINTFLOAT;
>> >
>> > Not more of this damn shit.
>>
>> i dont think i understand your comment
>>
>> The code is templated and uses largely the INTFLOAT data type
>> which is either signed int or float depending on if the code is build
>> for the fixed point or floating point decoder
>>
>> to fix the undefined behavior in the fixed point decoder a type which
>> is unsigned int is the obvious choice.
>> Such type must be float in the floating point decoder.
>>
>> This patch adds such type.
>>
>> do you object to fixing the issue ?
>> do you want to suggest a different solution ?
>
> over a week passed, noone replied.
> Is everyone ok with patch 1/3 ?
> does someone object to it ?
> does anyone have a better solution ?
>
> If noone replies, i will apply this patch, i do not want to leave
> undefined behavior in the codebase.

I actually would request a short note explaining the SUINTFLOAT type usage.
Something like:
+typedef unsignedSUINTFLOAT; // Equivalent to INTFLOAT,
Used as temporal cast to avoid undefined sign overflow operations.

Maybe add such note to all "signed value in unsigned type" typedefs.
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-12 Thread wm4

On Wed, 12 Jul 2017 12:16:15 +0200
Michael Niedermayer  wrote:

> On Wed, Jul 12, 2017 at 09:22:44AM +0200, wm4 wrote:
> > On Tue, 11 Jul 2017 22:34:24 +0200
> > Michael Niedermayer  wrote:
> >   
> > > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote:  
> > > > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote:
> > > > > On Sun,  2 Jul 2017 04:28:54 +0200
> > > > > Michael Niedermayer  wrote:
> > > > > 
> > > > > > Fixes: runtime error: signed integer overflow: -2147483648 - 
> > > > > > 1202286525 cannot be represented in type 'int'
> > > > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304
> > > > > > 
> > > > > > Found-by: continuous fuzzing process 
> > > > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > > > > Signed-off-by: Michael Niedermayer 
> > > > > > ---
> > > > > >  libavcodec/aac_defines.h | 2 ++
> > > > > >  libavcodec/aacdec_template.c | 5 +++--
> > > > > >  2 files changed, 5 insertions(+), 2 deletions(-)
> > > > > > 
> > > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h
> > > > > > index 3c79a8a4a1..ee4c73a87d 100644
> > > > > > --- a/libavcodec/aac_defines.h
> > > > > > +++ b/libavcodec/aac_defines.h
> > > > > > @@ -35,6 +35,7 @@
> > > > > >  #define AAC_RENAME(x)   x ## _fixed
> > > > > >  #define AAC_RENAME_32(x)x ## _fixed_32
> > > > > >  typedef int INTFLOAT;
> > > > > > +typedef unsignedSUINTFLOAT;
> > > > > >  typedef int64_t INT64FLOAT;
> > > > > >  typedef int16_t SHORTFLOAT;
> > > > > >  typedef SoftFloat   AAC_FLOAT;
> > > > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE;
> > > > > >  #define AAC_RENAME(x)   x
> > > > > >  #define AAC_RENAME_32(x)x
> > > > > >  typedef float   INTFLOAT;
> > > > > > +typedef float   SUINTFLOAT;
> > > > > 
> > > > > Not more of this damn shit.
> > > > 
> > > > i dont think i understand your comment
> > > > 
> > > > The code is templated and uses largely the INTFLOAT data type
> > > > which is either signed int or float depending on if the code is build
> > > > for the fixed point or floating point decoder
> > > > 
> > > > to fix the undefined behavior in the fixed point decoder a type which
> > > > is unsigned int is the obvious choice.
> > > > Such type must be float in the floating point decoder.
> > > > 
> > > > This patch adds such type.
> > > > 
> > > > do you object to fixing the issue ?
> > > > do you want to suggest a different solution ?
> > > 
> > > over a week passed, noone replied.
> > > Is everyone ok with patch 1/3 ?
> > > does someone object to it ?
> > > does anyone have a better solution ?
> > > 
> > > If noone replies, i will apply this patch, i do not want to leave
> > > undefined behavior in the codebase.  
> > 
> > Fix the type name?  
> 
> Iam happy to change the name, what name would you prefer ?

UINTFLOAT obviously.

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-12 Thread Michael Niedermayer

On Wed, Jul 12, 2017 at 09:22:44AM +0200, wm4 wrote:
> On Tue, 11 Jul 2017 22:34:24 +0200
> Michael Niedermayer  wrote:
> 
> > On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote:
> > > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote:  
> > > > On Sun,  2 Jul 2017 04:28:54 +0200
> > > > Michael Niedermayer  wrote:
> > > >   
> > > > > Fixes: runtime error: signed integer overflow: -2147483648 - 
> > > > > 1202286525 cannot be represented in type 'int'
> > > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304
> > > > > 
> > > > > Found-by: continuous fuzzing process 
> > > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > > > Signed-off-by: Michael Niedermayer 
> > > > > ---
> > > > >  libavcodec/aac_defines.h | 2 ++
> > > > >  libavcodec/aacdec_template.c | 5 +++--
> > > > >  2 files changed, 5 insertions(+), 2 deletions(-)
> > > > > 
> > > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h
> > > > > index 3c79a8a4a1..ee4c73a87d 100644
> > > > > --- a/libavcodec/aac_defines.h
> > > > > +++ b/libavcodec/aac_defines.h
> > > > > @@ -35,6 +35,7 @@
> > > > >  #define AAC_RENAME(x)   x ## _fixed
> > > > >  #define AAC_RENAME_32(x)x ## _fixed_32
> > > > >  typedef int INTFLOAT;
> > > > > +typedef unsignedSUINTFLOAT;
> > > > >  typedef int64_t INT64FLOAT;
> > > > >  typedef int16_t SHORTFLOAT;
> > > > >  typedef SoftFloat   AAC_FLOAT;
> > > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE;
> > > > >  #define AAC_RENAME(x)   x
> > > > >  #define AAC_RENAME_32(x)x
> > > > >  typedef float   INTFLOAT;
> > > > > +typedef float   SUINTFLOAT;  
> > > > 
> > > > Not more of this damn shit.  
> > > 
> > > i dont think i understand your comment
> > > 
> > > The code is templated and uses largely the INTFLOAT data type
> > > which is either signed int or float depending on if the code is build
> > > for the fixed point or floating point decoder
> > > 
> > > to fix the undefined behavior in the fixed point decoder a type which
> > > is unsigned int is the obvious choice.
> > > Such type must be float in the floating point decoder.
> > > 
> > > This patch adds such type.
> > > 
> > > do you object to fixing the issue ?
> > > do you want to suggest a different solution ?  
> > 
> > over a week passed, noone replied.
> > Is everyone ok with patch 1/3 ?
> > does someone object to it ?
> > does anyone have a better solution ?
> > 
> > If noone replies, i will apply this patch, i do not want to leave
> > undefined behavior in the codebase.
> 
> Fix the type name?

Iam happy to change the name, what name would you prefer ?

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Elect your leaders based on what they did after the last election, not
based on what they say before an election.



signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-12 Thread wm4

On Tue, 11 Jul 2017 22:34:24 +0200
Michael Niedermayer  wrote:

> On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote:
> > On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote:  
> > > On Sun,  2 Jul 2017 04:28:54 +0200
> > > Michael Niedermayer  wrote:
> > >   
> > > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 
> > > > cannot be represented in type 'int'
> > > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304
> > > > 
> > > > Found-by: continuous fuzzing process 
> > > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > > Signed-off-by: Michael Niedermayer 
> > > > ---
> > > >  libavcodec/aac_defines.h | 2 ++
> > > >  libavcodec/aacdec_template.c | 5 +++--
> > > >  2 files changed, 5 insertions(+), 2 deletions(-)
> > > > 
> > > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h
> > > > index 3c79a8a4a1..ee4c73a87d 100644
> > > > --- a/libavcodec/aac_defines.h
> > > > +++ b/libavcodec/aac_defines.h
> > > > @@ -35,6 +35,7 @@
> > > >  #define AAC_RENAME(x)   x ## _fixed
> > > >  #define AAC_RENAME_32(x)x ## _fixed_32
> > > >  typedef int INTFLOAT;
> > > > +typedef unsignedSUINTFLOAT;
> > > >  typedef int64_t INT64FLOAT;
> > > >  typedef int16_t SHORTFLOAT;
> > > >  typedef SoftFloat   AAC_FLOAT;
> > > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE;
> > > >  #define AAC_RENAME(x)   x
> > > >  #define AAC_RENAME_32(x)x
> > > >  typedef float   INTFLOAT;
> > > > +typedef float   SUINTFLOAT;  
> > > 
> > > Not more of this damn shit.  
> > 
> > i dont think i understand your comment
> > 
> > The code is templated and uses largely the INTFLOAT data type
> > which is either signed int or float depending on if the code is build
> > for the fixed point or floating point decoder
> > 
> > to fix the undefined behavior in the fixed point decoder a type which
> > is unsigned int is the obvious choice.
> > Such type must be float in the floating point decoder.
> > 
> > This patch adds such type.
> > 
> > do you object to fixing the issue ?
> > do you want to suggest a different solution ?  
> 
> over a week passed, noone replied.
> Is everyone ok with patch 1/3 ?
> does someone object to it ?
> does anyone have a better solution ?
> 
> If noone replies, i will apply this patch, i do not want to leave
> undefined behavior in the codebase.

Fix the type name?
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-11 Thread Michael Niedermayer

On Sun, Jul 02, 2017 at 01:33:16PM +0200, Michael Niedermayer wrote:
> On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote:
> > On Sun,  2 Jul 2017 04:28:54 +0200
> > Michael Niedermayer  wrote:
> > 
> > > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 
> > > cannot be represented in type 'int'
> > > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304
> > > 
> > > Found-by: continuous fuzzing process 
> > > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > > Signed-off-by: Michael Niedermayer 
> > > ---
> > >  libavcodec/aac_defines.h | 2 ++
> > >  libavcodec/aacdec_template.c | 5 +++--
> > >  2 files changed, 5 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h
> > > index 3c79a8a4a1..ee4c73a87d 100644
> > > --- a/libavcodec/aac_defines.h
> > > +++ b/libavcodec/aac_defines.h
> > > @@ -35,6 +35,7 @@
> > >  #define AAC_RENAME(x)   x ## _fixed
> > >  #define AAC_RENAME_32(x)x ## _fixed_32
> > >  typedef int INTFLOAT;
> > > +typedef unsignedSUINTFLOAT;
> > >  typedef int64_t INT64FLOAT;
> > >  typedef int16_t SHORTFLOAT;
> > >  typedef SoftFloat   AAC_FLOAT;
> > > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE;
> > >  #define AAC_RENAME(x)   x
> > >  #define AAC_RENAME_32(x)x
> > >  typedef float   INTFLOAT;
> > > +typedef float   SUINTFLOAT;
> > 
> > Not more of this damn shit.
> 
> i dont think i understand your comment
> 
> The code is templated and uses largely the INTFLOAT data type
> which is either signed int or float depending on if the code is build
> for the fixed point or floating point decoder
> 
> to fix the undefined behavior in the fixed point decoder a type which
> is unsigned int is the obvious choice.
> Such type must be float in the floating point decoder.
> 
> This patch adds such type.
> 
> do you object to fixing the issue ?
> do you want to suggest a different solution ?

over a week passed, noone replied.
Is everyone ok with patch 1/3 ?
does someone object to it ?
does anyone have a better solution ?

If noone replies, i will apply this patch, i do not want to leave
undefined behavior in the codebase.

Thanks

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is dangerous to be right in matters on which the established authorities
are wrong. -- Voltaire


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-02 Thread Michael Niedermayer

On Sun, Jul 02, 2017 at 01:14:31PM +0200, wm4 wrote:
> On Sun,  2 Jul 2017 04:28:54 +0200
> Michael Niedermayer  wrote:
> 
> > Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 
> > cannot be represented in type 'int'
> > Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304
> > 
> > Found-by: continuous fuzzing process 
> > https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> > Signed-off-by: Michael Niedermayer 
> > ---
> >  libavcodec/aac_defines.h | 2 ++
> >  libavcodec/aacdec_template.c | 5 +++--
> >  2 files changed, 5 insertions(+), 2 deletions(-)
> > 
> > diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h
> > index 3c79a8a4a1..ee4c73a87d 100644
> > --- a/libavcodec/aac_defines.h
> > +++ b/libavcodec/aac_defines.h
> > @@ -35,6 +35,7 @@
> >  #define AAC_RENAME(x)   x ## _fixed
> >  #define AAC_RENAME_32(x)x ## _fixed_32
> >  typedef int INTFLOAT;
> > +typedef unsignedSUINTFLOAT;
> >  typedef int64_t INT64FLOAT;
> >  typedef int16_t SHORTFLOAT;
> >  typedef SoftFloat   AAC_FLOAT;
> > @@ -83,6 +84,7 @@ typedef int AAC_SIGNE;
> >  #define AAC_RENAME(x)   x
> >  #define AAC_RENAME_32(x)x
> >  typedef float   INTFLOAT;
> > +typedef float   SUINTFLOAT;
> 
> Not more of this damn shit.

i dont think i understand your comment

The code is templated and uses largely the INTFLOAT data type
which is either signed int or float depending on if the code is build
for the fixed point or floating point decoder

to fix the undefined behavior in the fixed point decoder a type which
is unsigned int is the obvious choice.
Such type must be float in the floating point decoder.

This patch adds such type.

do you object to fixing the issue ?
do you want to suggest a different solution ?

[...]

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Good people do not need laws to tell them to act responsibly, while bad
people will find a way around the laws. -- Plato


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

2017-07-02 Thread wm4

On Sun,  2 Jul 2017 04:28:54 +0200
Michael Niedermayer  wrote:

> Fixes: runtime error: signed integer overflow: -2147483648 - 1202286525 
> cannot be represented in type 'int'
> Fixes: 2071/clusterfuzz-testcase-minimized-6036414271586304
> 
> Found-by: continuous fuzzing process 
> https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
> Signed-off-by: Michael Niedermayer 
> ---
>  libavcodec/aac_defines.h | 2 ++
>  libavcodec/aacdec_template.c | 5 +++--
>  2 files changed, 5 insertions(+), 2 deletions(-)
> 
> diff --git a/libavcodec/aac_defines.h b/libavcodec/aac_defines.h
> index 3c79a8a4a1..ee4c73a87d 100644
> --- a/libavcodec/aac_defines.h
> +++ b/libavcodec/aac_defines.h
> @@ -35,6 +35,7 @@
>  #define AAC_RENAME(x)   x ## _fixed
>  #define AAC_RENAME_32(x)x ## _fixed_32
>  typedef int INTFLOAT;
> +typedef unsignedSUINTFLOAT;
>  typedef int64_t INT64FLOAT;
>  typedef int16_t SHORTFLOAT;
>  typedef SoftFloat   AAC_FLOAT;
> @@ -83,6 +84,7 @@ typedef int AAC_SIGNE;
>  #define AAC_RENAME(x)   x
>  #define AAC_RENAME_32(x)x
>  typedef float   INTFLOAT;
> +typedef float   SUINTFLOAT;

Not more of this damn shit.

>  typedef float   INT64FLOAT;
>  typedef float   SHORTFLOAT;
>  typedef float   AAC_FLOAT;
> diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
> index 4b98142536..add333e862 100644
> --- a/libavcodec/aacdec_template.c
> +++ b/libavcodec/aacdec_template.c
> @@ -2389,7 +2389,7 @@ static int decode_extension_payload(AACContext *ac, 
> GetBitContext *gb, int cnt,
>   * @param   decode  1 if tool is used normally, 0 if tool is used in LTP.
>   * @param   coefspectral coefficients
>   */
> -static void apply_tns(INTFLOAT coef[1024], TemporalNoiseShaping *tns,
> +static void apply_tns(INTFLOAT coef_param[1024], TemporalNoiseShaping *tns,
>IndividualChannelStream *ics, int decode)
>  {
>  const int mmm = FFMIN(ics->tns_max_bands, ics->max_sfb);
> @@ -2397,6 +2397,7 @@ static void apply_tns(INTFLOAT coef[1024], 
> TemporalNoiseShaping *tns,
>  int bottom, top, order, start, end, size, inc;
>  INTFLOAT lpc[TNS_MAX_ORDER];
>  INTFLOAT tmp[TNS_MAX_ORDER+1];
> +SUINTFLOAT *coef = coef_param;
>  
>  for (w = 0; w < ics->num_windows; w++) {
>  bottom = ics->num_swb;
> @@ -2426,7 +2427,7 @@ static void apply_tns(INTFLOAT coef[1024], 
> TemporalNoiseShaping *tns,
>  // ar filter
>  for (m = 0; m < size; m++, start += inc)
>  for (i = 1; i <= FFMIN(m, order); i++)
> -coef[start] -= AAC_MUL26(coef[start - i * inc], 
> lpc[i - 1]);
> +coef[start] -= AAC_MUL26((INTFLOAT)coef[start - i * 
> inc], lpc[i - 1]);
>  } else {
>  // ma filter
>  for (m = 0; m < size; m++, start += inc) {

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

Re: [FFmpeg-devel] [PATCH 1/3] avcodec/aacdec_template: Fix undefined integer overflow in apply_tns()

13 matches

Site Navigation

Mail list logo

Footer information