[FFmpeg-devel] Re: [PATCH] avcodec/dxv: fix index validation against texture size

Wed, 07 Jan 2026 19:21:35 -0800 

Hi 0xBat

On Mon, Jan 05, 2026 at 01:35:00AM +0100, 0xBat via ffmpeg-devel wrote:
> Validate the calculated index against both the current position and the total 
> texture size to prevent out-of-bounds memory access.
> 
> Signed-off-by: 0xBat <[email protected]>
> ---
>  libavcodec/dxv.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavcodec/dxv.c b/libavcodec/dxv.c
> index 07eee253e7..8d11dfe1a1 100644
> --- a/libavcodec/dxv.c
> +++ b/libavcodec/dxv.c
> @@ -72,8 +72,8 @@ typedef struct DXVContext {
>              idx = x;                                                         
>  \
>              break;                                                           
>  \
>          case 2:                                                              
>  \
> -            idx = (bytestream2_get_byte(gbc) + 2) * x;                       
>  \
> -            if (idx > pos) {                                                 
>  \
> +            idx = (bytestream2_get_byte(gbc) + 2) * x;
> +            if (idx > pos || idx > ctx->tex_size) {                          
>  \
>                  av_log(avctx, AV_LOG_ERROR, "idx %d > %d\n", idx, pos);      
>  \

this is a syntax error, that macro doesnt build


src/libavcodec/dxv.c:76:13: error: expected identifier or ‘(’ before ‘if’
   76 |             if (idx > pos || idx > ctx->tex_size) {                     
      \
      |             ^~
src/libavcodec/dxv.c:80:13: error: expected identifier or ‘(’ before ‘break’
   80 |             break;                                                      
      \
      |             ^~~~~
src/libavcodec/dxv.c:81:9: error: expected identifier or ‘(’ before ‘case’
   81 |         case 3:                                                         
      \
      |         ^~~~
src/libavcodec/dxv.c:83:13: error: expected identifier or ‘(’ before ‘if’
   83 |             if (idx > pos) {                                            
      \
      |             ^~
src/libavcodec/dxv.c:87:13: error: expected identifier or ‘(’ before ‘break’
   87 |             break;                                                      
      \
      |             ^~~~~
src/libavcodec/dxv.c:88:9: error: expected identifier or ‘(’ before ‘}’ token
   88 |         }                                                               
      \
      |         ^
src/libavcodec/dxv.c:89:5: error: expected identifier or ‘(’ before ‘}’ token
   89 |     } while(0)
      |     ^
src/libavcodec/dxv.c:89:7: error: expected identifier or ‘(’ before ‘while’
   89 |     } while(0)
      |       ^~~~~
make: *** [src/ffbuild/common.mak:90: libavcodec/dxv.o] Error 1


[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Awnsering whenever a program halts or runs forever is
On a turing machine, in general impossible (turings halting problem).
On any real computer, always possible as a real computer has a finite number
of states N, and will either halt in less than N cycles or never halt.

Attachment: signature.asc
Description: PGP signature

_______________________________________________
ffmpeg-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to