[FFmpeg-devel] [PATCH] ffmdec: sanitize codec parameters

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Thu Nov 17 20:35:01 EET 2016 

On 17.11.2016 02:26, Michael Niedermayer wrote:
> On Thu, Nov 17, 2016 at 01:08:31AM +0100, Andreas Cadhalpun wrote:
>> +    SANITIZE_PARAMETER(pix_fmt,                "pixel format",                    codec->pix_fmt < AV_PIX_FMT_NONE || codec->pix_fmt > AV_PIX_FMT_NB,             AV_PIX_FMT_NONE)
>> +    SANITIZE_PARAMETER(bits_per_coded_sample,  "bits per coded sample",           codec->bits_per_coded_sample < 0,                                               0)
>> +    SANITIZE_PARAMETER(bits_per_raw_sample,    "bits per raw sample",             codec->bits_per_raw_sample < 0,                                                 0)
>> +    SANITIZE_PARAMETER(extradata_size,         "extradata size",                  codec->extradata_size < 0 || codec->extradata_size >= FF_MAX_EXTRADATA_SIZE,    0)
>> +    SANITIZE_PARAMETER(color_range,            "color range",                     (unsigned)codec->color_range > AVCOL_RANGE_NB,                                  AVCOL_RANGE_UNSPECIFIED)
>> +    SANITIZE_PARAMETER(color_primaries,        "color primaries",                 (unsigned)codec->color_primaries > AVCOL_PRI_NB,                                AVCOL_PRI_UNSPECIFIED)
>> +    SANITIZE_PARAMETER(color_trc,              "color transfer characteristics ", (unsigned)codec->color_trc > AVCOL_TRC_NB,                                      AVCOL_TRC_UNSPECIFIED)
>> +    SANITIZE_PARAMETER(colorspace,             "color space",                     (unsigned)codec->colorspace > AVCOL_SPC_NB,                                     AVCOL_SPC_UNSPECIFIED)
>> +    SANITIZE_PARAMETER(chroma_sample_location, "chroma location",                 (unsigned)codec->chroma_sample_location > AVCHROMA_LOC_NB,                      AVCHROMA_LOC_UNSPECIFIED)
>> +    SANITIZE_PARAMETER(has_b_frames,           "video delay",                     codec->has_b_frames < 0,                                                        0)
>> +    SANITIZE_PARAMETER(sample_fmt,             "sample format",                   codec->sample_fmt < AV_SAMPLE_FMT_NONE || codec->sample_fmt > AV_SAMPLE_FMT_NB, AV_SAMPLE_FMT_NONE)
> 
> This breaks API/ABI

You mean this uses private API/ABI.

> for example AVCOL_SPC_NB is not part of the public API of libavutil

But it's already used in e.g. libavcodec/options_table.h -- which reminds
me that this is a much better place to sanitize options.
I'll send a separate patch doing that. Attached is an updated version
of this patch.

> one should be able to use av_color_space_name() to detect invalid color
> spaces

Indeed, that would have worked, too.

Best regards,
Andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-ffmdec-sanitize-codec-parameters.patch
Type: text/x-diff
Size: 10167 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20161117/e2b7069e/attachment.patch>

More information about the ffmpeg-devel mailing list