[FFmpeg-devel] [PATCH] gifdec: use truncated width for image manipulation

Christophe Gisquet christophe.gisquet at gmail.com
Sun Aug 17 21:47:25 CEST 2014


Hi,

2014-08-17 20:39 GMT+02:00 Michael Niedermayer <michaelni at gmx.at>:
>> +    if (width > s->screen_width) {
>> +        av_log(s->avctx, AV_LOG_ERROR, "Invalid image width.\n");
>> +        return AVERROR_INVALIDDATA;
>> +    }
>> +    if (left + width > s->screen_width) {
>> +        /* width must be kept around to avoid lzw vs line desync */
>> +        pw = s->screen_width - left;
>> +        av_log(s->avctx, AV_LOG_WARNING, "Image too wide by %d, truncating.\n",
>> +               left + width - s->screen_width);
>> +    } else {
>> +        pw = width;
>> +    }
>> +    if (top + height > s->screen_height) {
>> +        /* we don't care about the extra invisible lines */
>> +        av_log(s->avctx, AV_LOG_WARNING, "Image too high by %d, truncating.\n",
>> +               top + height - s->screen_height);
>> +        height = s->screen_height - top;
>> +    }
>
> i think these need a check for top >= s->screen_height and
> left >= s->screen_width

Because of integer wraparound/overflow/... and/or values being
potentially negative? If yes, I don't think it can happen:
    left   = bytestream2_get_le16u(&s->gb);
    top    = bytestream2_get_le16u(&s->gb);
    width  = bytestream2_get_le16u(&s->gb);
    height = bytestream2_get_le16u(&s->gb);

And the conditions are then already part of the new checks, right?

-- 
Christophe


More information about the ffmpeg-devel mailing list