[FFmpeg-devel] [PATCH 2/4] cbs_mpeg2: Improve checks for invalid values

Andreas Rheinhardt andreas.rheinhardt at gmail.com
Sun Apr 21 17:04:02 EEST 2019


horizontal/vertical_size_value (containing the twelve least significant
bits of the frame size) mustn't be zero according to the specifications;
and the value 0 is forbidden for the colour_description elements.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>
---
 libavcodec/cbs_mpeg2.c                 | 17 ++++++++++-------
 libavcodec/cbs_mpeg2_syntax_template.c | 10 +++++-----
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/libavcodec/cbs_mpeg2.c b/libavcodec/cbs_mpeg2.c
index 41f16bbabf..066ea83970 100644
--- a/libavcodec/cbs_mpeg2.c
+++ b/libavcodec/cbs_mpeg2.c
@@ -42,19 +42,22 @@
 
 #define ui(width, name) \
         xui(width, name, current->name, 0)
+#define uir(width, name, range_min, range_max) \
+        xuir(width, name, current->name, range_min, range_max, 0)
 #define uis(width, name, subs, ...) \
         xui(width, name, current->name, subs, __VA_ARGS__)
-
+#define xui(width, name, var, subs, ...) \
+        xuir(width, name, var, 0, (1 << width) - 1, subs, __VA_ARGS__)
 
 #define READ
 #define READWRITE read
 #define RWContext GetBitContext
 
-#define xui(width, name, var, subs, ...) do { \
+#define xuir(width, name, var, range_min, range_max, subs, ...) do { \
         uint32_t value = 0; \
         CHECK(ff_cbs_read_unsigned(ctx, rw, width, #name, \
                                    SUBSCRIPTS(subs, __VA_ARGS__), \
-                                   &value, 0, (1 << width) - 1)); \
+                                   &value, range_min, range_max)); \
         var = value; \
     } while (0)
 
@@ -72,7 +75,7 @@
 #undef READ
 #undef READWRITE
 #undef RWContext
-#undef xui
+#undef xuir
 #undef marker_bit
 #undef nextbits
 
@@ -81,10 +84,10 @@
 #define READWRITE write
 #define RWContext PutBitContext
 
-#define xui(width, name, var, subs, ...) do { \
+#define xuir(width, name, var, range_min, range_max, subs, ...) do { \
         CHECK(ff_cbs_write_unsigned(ctx, rw, width, #name, \
                                     SUBSCRIPTS(subs, __VA_ARGS__), \
-                                    var, 0, (1 << width) - 1)); \
+                                    var, range_min, range_max)); \
     } while (0)
 
 #define marker_bit() do { \
@@ -98,7 +101,7 @@
 #undef READ
 #undef READWRITE
 #undef RWContext
-#undef xui
+#undef xuir
 #undef marker_bit
 #undef nextbits
 
diff --git a/libavcodec/cbs_mpeg2_syntax_template.c b/libavcodec/cbs_mpeg2_syntax_template.c
index 10aaea7734..745a123649 100644
--- a/libavcodec/cbs_mpeg2_syntax_template.c
+++ b/libavcodec/cbs_mpeg2_syntax_template.c
@@ -26,8 +26,8 @@ static int FUNC(sequence_header)(CodedBitstreamContext *ctx, RWContext *rw,
 
     ui(8,  sequence_header_code);
 
-    ui(12, horizontal_size_value);
-    ui(12, vertical_size_value);
+    uir(12, horizontal_size_value, 1, 4095);
+    uir(12, vertical_size_value,   1, 4095);
 
     mpeg2->horizontal_size = current->horizontal_size_value;
     mpeg2->vertical_size   = current->vertical_size_value;
@@ -125,9 +125,9 @@ static int FUNC(sequence_display_extension)(CodedBitstreamContext *ctx, RWContex
 
     ui(1, colour_description);
     if (current->colour_description) {
-        ui(8, colour_primaries);
-        ui(8, transfer_characteristics);
-        ui(8, matrix_coefficients);
+        uir(8, colour_primaries,         1, 255);
+        uir(8, transfer_characteristics, 1, 255);
+        uir(8, matrix_coefficients,      1, 255);
     }
 
     ui(14, display_horizontal_size);
-- 
2.21.0



More information about the ffmpeg-devel mailing list