[FFmpeg-devel] [PATCH 3/3] avcodec/mlpdec: Check quant_step_size against huff_lsbs

Michael Niedermayer michael at niedermayer.cc
Sun Jun 4 00:30:52 EEST 2017


On Mon, May 22, 2017 at 05:36:10PM +0200, Michael Niedermayer wrote:
> On Sun, May 21, 2017 at 01:42:18PM +0200, wm4 wrote:
> > On Sat, 20 May 2017 23:01:04 +0200
> > Michael Niedermayer <michael at niedermayer.cc> wrote:
> > 
> > > This reorders the operations so as to avoid computations with the above arguments
> > > before they have been initialized.
> > > Fixes part of 1708/clusterfuzz-testcase-minimized-5035111957397504
> > > 
> > > Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/targets/ffmpeg
> > > Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> > > ---
> > >  libavcodec/mlpdec.c | 34 +++++++++++++++++++++++++---------
> > >  1 file changed, 25 insertions(+), 9 deletions(-)
> > > 
> > > diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c
> > > index c0a23c5f0d..11be380d27 100644
> > > --- a/libavcodec/mlpdec.c
> > > +++ b/libavcodec/mlpdec.c
> > > @@ -825,8 +825,6 @@ static int read_channel_params(MLPDecodeContext *m, unsigned int substr,
> > >          return AVERROR_INVALIDDATA;
> > >      }
> > >  
> > > -    cp->sign_huff_offset = calculate_sign_huff(m, substr, ch);
> > > -
> > >      return 0;
> > >  }
> > >  
> > > @@ -838,7 +836,8 @@ static int read_decoding_params(MLPDecodeContext *m, GetBitContext *gbp,
> > >  {
> > >      SubStream *s = &m->substream[substr];
> > >      unsigned int ch;
> > > -    int ret;
> > > +    int ret = 0;
> > > +    unsigned recompute_sho = 0;
> > >  
> > >      if (s->param_presence_flags & PARAM_PRESENCE)
> > >          if (get_bits1(gbp))
> > > @@ -878,19 +877,36 @@ static int read_decoding_params(MLPDecodeContext *m, GetBitContext *gbp,
> > >      if (s->param_presence_flags & PARAM_QUANTSTEP)
> > >          if (get_bits1(gbp))
> > >              for (ch = 0; ch <= s->max_channel; ch++) {
> > > -                ChannelParams *cp = &s->channel_params[ch];
> > > -
> > >                  s->quant_step_size[ch] = get_bits(gbp, 4);
> > >  
> > > -                cp->sign_huff_offset = calculate_sign_huff(m, substr, ch);
> > > +                recompute_sho |= 1<<ch;
> > >              }
> > >  
> > >      for (ch = s->min_channel; ch <= s->max_channel; ch++)
> > > -        if (get_bits1(gbp))
> > > +        if (get_bits1(gbp)) {
> > > +            recompute_sho |= 1<<ch;
> > >              if ((ret = read_channel_params(m, substr, gbp, ch)) < 0)
> > > -                return ret;
> > > +                goto fail;
> > > +        }
> > >  
> > > -    return 0;
> > > +
> > 
> > 
> > > +fail:
> > > +    for (ch = 0; ch <= s->max_channel; ch++) {
> > > +        if (recompute_sho & (1<<ch)) {
> > > +            ChannelParams *cp = &s->channel_params[ch];
> > > +
> > > +            if (cp->codebook > 0 && cp->huff_lsbs < s->quant_step_size[ch]) {
> > > +                if (ret >= 0) {
> > > +                    av_log(m->avctx, AV_LOG_ERROR, "quant_step_size larger than huff_lsbs\n");
> > > +                    ret = AVERROR_INVALIDDATA;
> > > +                }
> > > +                s->quant_step_size[ch] = 0;
> > > +            }
> > > +
> > > +            cp->sign_huff_offset = calculate_sign_huff(m, substr, ch);
> > > +        }
> > > +    }
> > > +    return ret;
> > 
> > What's all this stuff for?
> 
> As described in the commit message it
> "Check quant_step_size against huff_lsbs"
> 
> both these are updated independant and conditionally, so the loop
> checking them is seperate after both which is ugly.
> If you have an idea how to do this cleaner ...
> 
> as it is in git the case checked for results in negative shift
> exponents

applied

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Its not that you shouldnt use gotos but rather that you should write
readable code and code with gotos often but not always is less readable
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20170603/d7a655e0/attachment.sig>


More information about the ffmpeg-devel mailing list