[FFmpeg-devel] [PATCH V3] lavfi/nlmeans: Checking number precision when computing integral images

Michael Niedermayer michael at niedermayer.cc
Thu Mar 7 22:27:51 EET 2019


On Thu, Mar 07, 2019 at 09:18:42PM +0100, Michael Niedermayer wrote:
> On Thu, Mar 07, 2019 at 09:45:12AM +0800, Jun Zhao wrote:
> > From: Jun Zhao <barryjzhao at tencent.com>
> > 
> > accumulation of 8-bits uint_8 (uint8_t *src) into 32-bits (uint32_t *ii)
> > data type, it will have a risk of an integral value becoming larger than
> > the 32-bits integer capacity and resulting in an integer overflow. For
> > this risk, add a checking with warning message.
> > 
> > Signed-off-by: Jun Zhao <barryjzhao at tencent.com>
> > ---
> >  libavfilter/vf_nlmeans.c |    7 +++++++
> >  1 files changed, 7 insertions(+), 0 deletions(-)
> > 
> > diff --git a/libavfilter/vf_nlmeans.c b/libavfilter/vf_nlmeans.c
> > index dcb5a03..9876aae 100644
> > --- a/libavfilter/vf_nlmeans.c
> > +++ b/libavfilter/vf_nlmeans.c
> > @@ -236,6 +236,13 @@ static void compute_ssd_integral_image(const NLMeansDSPContext *dsp,
> >      // adjusted end x position of the safe area after width of the safe area gets aligned
> >      const int endx_safe = startx_safe + safe_pw;
> >  
> > +    // accumulation of 8-bits uint_8 (uint8_t *src) into 32-bits (uint32_t *ii)
> > +    // data type, it will have a risk of an integral value becoming larger than
> > +    // the 32-bits integer capacity and resulting in an integer overflow.
> > +    if ((UINT32_MAX / (uint64_t)w) < (255 * (uint64_t)h))
> > +        av_log(NULL, AV_LOG_WARNING,
> > +               "image (%d x %d) integral value may overflow.\n", w ,h);
> 
> Printing a warning is not an adequate response for a integer overflow.
> Such thing is undefined behavior (in case signed of signed int) and must
> not occur.

And if no signed ints are involved, while this is then not undefined it still
gives the wrong result. Thats a bug, the bug should be fixed not a warning
be printed that the bug might be triggered

Thanks

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

There will always be a question for which you do not know the correct answer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20190307/5dc03a0e/attachment.sig>


More information about the ffmpeg-devel mailing list