[FFmpeg-cvslog] tests/tiny_ssim: check dimensions

Michael Niedermayer git at videolan.org
Mon May 5 18:57:45 CEST 2014


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Mon May  5 18:39:30 2014 +0200| [a69e16a97e40f3841766347bd0c0ba2c672c51ca] | committer: Michael Niedermayer

tests/tiny_ssim: check dimensions

Fix integer overflow

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a69e16a97e40f3841766347bd0c0ba2c672c51ca
---

 tests/tiny_ssim.c |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/tests/tiny_ssim.c b/tests/tiny_ssim.c
index fe65e47..767a0fe 100644
--- a/tests/tiny_ssim.c
+++ b/tests/tiny_ssim.c
@@ -29,6 +29,7 @@
 
 #include "config.h"
 #include <inttypes.h>
+#include <limits.h>
 #include <math.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -195,7 +196,13 @@ int main(int argc, char* argv[])
     f[0] = fopen(argv[1], "rb");
     f[1] = fopen(argv[2], "rb");
     sscanf(argv[3], "%dx%d", &w, &h);
-    frame_size = w*h*3/2;
+
+    if (w<=0 || h<=0 || w*(int64_t)h >= INT_MAX/3 || 2LL*w+12 >= INT_MAX / sizeof(*temp)) {
+        fprintf(stderr, "Dimensions are too large\n");
+        return -2;
+    }
+
+    frame_size = w*h*3LL/2;
     for( i=0; i<2; i++ )
     {
         buf[i] = malloc(frame_size);



More information about the ffmpeg-cvslog mailing list