[FFmpeg-devel] [PATCH] avcodec/movtextenc: fix compile warning for type-limits
Andreas Rheinhardt
andreas.rheinhardt at gmail.com
Sun Feb 14 20:15:01 EET 2021
Nuo Mi:
> On Mon, Feb 15, 2021 at 2:02 AM Carl Eugen Hoyos <ceffmpeg at gmail.com> wrote:
>
>> Am So., 14. Feb. 2021 um 18:57 Uhr schrieb Nuo Mi <nuomi2021 at gmail.com>:
>>
>>>>
>> https://github.com/FFmpeg/FFmpeg/blob/21346672270ae723aa774a9c8b0749954a75b3df/libavcodec/movtextenc.c#L110
>>>>>>> s->count * sizeof(*s->style_attributes) never > 32 bits.
>>>>
>>>> This is not correct afaict:
>>>> The relevant line is 369 not 110, count is of type unsigned and if you
>>>> multiply it with something >1, it can overflow.
>>>>
>>> You are right, the count is unsigned int, but
>>>
>> https://github.com/FFmpeg/FFmpeg/blob/21346672270ae723aa774a9c8b0749954a75b3df/libavcodec/movtextenc.c#L112
>>> tells us the value never > 16 bits
>>
>> No, this is not correct:
>> Line 112 does not know how often line 369 was called.
>>
> Yes, we can check s->count <= UINT16_MAX before 369. It will make sure we
> never overflow.
>
No, it doesn't. There is nothing that guarantees that UINT16_MAX *
sizeof(StyleBox) is representable in a size_t. (Remember the compiler
can add arbitrary padding in a struct.)
But it is nevertheless possible to avoid these warnings on Clang; GCC is
a bit stupider, though, and I see no way to avoid the warnings for GCC
(the problem is that sizeof isn't available to the preprocessor, so one
can't #if this away). Will send patches soon.
- Andreas
More information about the ffmpeg-devel
mailing list