Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-24 Thread Michael Niedermayer 
On Wed, Nov 22, 2017 at 10:56:07AM -0800, Dale Curtis wrote:
> On Tue, Nov 21, 2017 at 7:05 PM, Michael Niedermayer  > wrote:
> >
> > I dont think wrap_bits can/should be > 64 or do i miss something ?
> >
> 
> Good point, this seems true with the current code.
> 
> 
> >
> > maybe a av_assert* for that would be better.
> >
> 
> Done; used av_assert2().

>  utils.c |5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
> e49bb30e3ddb00bc9f6780c924bfe97e710d7e99  wrap_bits_v5.patch
> From 0297fdc52f043592235d93076f91d38c3df40a14 Mon Sep 17 00:00:00 2001
> From: Dale Curtis 
> Date: Fri, 17 Nov 2017 13:35:56 -0800
> Subject: [PATCH] [avformat] Prevent undefined shift with wrap_bits > 64.
> 
> 2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the
> code to use a uint64_t (2ULL) and add an av_assert2() to
> ensure wrap_bits <= 64.
> 
> Signed-off-by: Dale Curtis 
> ---
>  libavformat/utils.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)

will apply

thx

[...]

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

What does censorship reveal? It reveals fear. -- Julian Assange


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-22 Thread Dale Curtis 
On Tue, Nov 21, 2017 at 7:05 PM, Michael Niedermayer  wrote:
>
> I dont think wrap_bits can/should be > 64 or do i miss something ?
>

Good point, this seems true with the current code.


>
> maybe a av_assert* for that would be better.
>

Done; used av_assert2().


wrap_bits_v5.patch
Description: Binary data
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-21 Thread Michael Niedermayer 
On Tue, Nov 21, 2017 at 03:19:38PM -0800, Dale Curtis wrote:
> Ah, realized this approach can work for wrap_bits == 64 too. Updated the
> patch.
> 
> On Mon, Nov 20, 2017 at 5:42 PM, Dale Curtis 
> wrote:
> 
> > On Mon, Nov 20, 2017 at 2:24 PM, Michael Niedermayer <
> > mich...@niedermayer.cc> wrote:
> >
> >>
> >> I think that could end with the correct result
> >>
> >>
> > Thanks for the review. Done.
> >
> > - dale
> >

>  utils.c |6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 37722f8edea291bc79742519d06fbea906031074  wrap_bits_v4.patch
> From 6f087bbdb6499dc21a53fcb838348ea271d4ca5a Mon Sep 17 00:00:00 2001
> From: Dale Curtis 
> Date: Fri, 17 Nov 2017 13:35:56 -0800
> Subject: [PATCH] [avformat] Prevent undefined shift with wrap_bits > 64.
> 
> 2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the
> code to use a uint64_t (2ULL) and apply the check used in other
> places to ensure wrap_bits <= 64.
> 
> Signed-off-by: Dale Curtis 
> ---
>  libavformat/utils.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index ff5e14df6c..2cf8d61e82 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -1738,9 +1738,9 @@ int av_read_frame(AVFormatContext *s, AVPacket *pkt)
>  // current one had no dts, we will set this to 
> AV_NOPTS_VALUE.
>  int64_t last_dts = next_pkt->dts;
>  while (pktl && next_pkt->pts == AV_NOPTS_VALUE) {
> -if (pktl->pkt.stream_index == next_pkt->stream_index &&
> -(av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2LL << 
> (wrap_bits - 1)) < 0)) {
> -if (av_compare_mod(pktl->pkt.pts, pktl->pkt.dts, 2LL 
> << (wrap_bits - 1))) {

> +if (pktl->pkt.stream_index == next_pkt->stream_index && 
> wrap_bits <= 64 &&

I dont think wrap_bits can/should be > 64 or do i miss something ?

maybe a av_assert* for that would be better.

Static analyzers like coverity love to assume that a check implies
the possibility of a field having some value. That could lead to
strange things and false positves if its not actually possible


[...]

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Democracy is the form of government in which you can choose your dictator


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-21 Thread Dale Curtis 
Ah, realized this approach can work for wrap_bits == 64 too. Updated the
patch.

On Mon, Nov 20, 2017 at 5:42 PM, Dale Curtis 
wrote:

> On Mon, Nov 20, 2017 at 2:24 PM, Michael Niedermayer <
> mich...@niedermayer.cc> wrote:
>
>>
>> I think that could end with the correct result
>>
>>
> Thanks for the review. Done.
>
> - dale
>
From 6f087bbdb6499dc21a53fcb838348ea271d4ca5a Mon Sep 17 00:00:00 2001
From: Dale Curtis 
Date: Fri, 17 Nov 2017 13:35:56 -0800
Subject: [PATCH] [avformat] Prevent undefined shift with wrap_bits > 64.

2LL << (wrap_bits=64 - 1) does not fit in int64_t; change the
code to use a uint64_t (2ULL) and apply the check used in other
places to ensure wrap_bits <= 64.

Signed-off-by: Dale Curtis 
---
 libavformat/utils.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index ff5e14df6c..2cf8d61e82 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -1738,9 +1738,9 @@ int av_read_frame(AVFormatContext *s, AVPacket *pkt)
 // current one had no dts, we will set this to AV_NOPTS_VALUE.
 int64_t last_dts = next_pkt->dts;
 while (pktl && next_pkt->pts == AV_NOPTS_VALUE) {
-if (pktl->pkt.stream_index == next_pkt->stream_index &&
-(av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2LL << (wrap_bits - 1)) < 0)) {
-if (av_compare_mod(pktl->pkt.pts, pktl->pkt.dts, 2LL << (wrap_bits - 1))) {
+if (pktl->pkt.stream_index == next_pkt->stream_index && wrap_bits <= 64 &&
+av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2ULL << (wrap_bits - 1)) < 0) {
+if (av_compare_mod(pktl->pkt.pts, pktl->pkt.dts, 2ULL << (wrap_bits - 1))) {
 // not B-frame
 next_pkt->pts = pktl->pkt.dts;
 }
-- 
2.15.0.448.gf294e3d99a-goog

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-20 Thread Dale Curtis 
On Mon, Nov 20, 2017 at 2:24 PM, Michael Niedermayer  wrote:

>
> I think that could end with the correct result
>
>
Thanks for the review. Done.

- dale
From fc7fb3511aa40810e64d9dacbd33d1e9336d0c52 Mon Sep 17 00:00:00 2001
From: Dale Curtis 
Date: Fri, 17 Nov 2017 13:35:56 -0800
Subject: [PATCH] [avformat] Prevent undefined shift with wrap_bits > 63.

2LL << (wrap_bits=63 - 1) does not fit in int64_t; change the
code to use a uint64_t (2ULL) and apply the check used in other
places to ensure wrap_bits <= 63.

Signed-off-by: Dale Curtis 
---
 libavformat/utils.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index ff5e14df6c..08d2f9b2e1 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -1738,9 +1738,9 @@ int av_read_frame(AVFormatContext *s, AVPacket *pkt)
 // current one had no dts, we will set this to AV_NOPTS_VALUE.
 int64_t last_dts = next_pkt->dts;
 while (pktl && next_pkt->pts == AV_NOPTS_VALUE) {
-if (pktl->pkt.stream_index == next_pkt->stream_index &&
-(av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2LL << (wrap_bits - 1)) < 0)) {
-if (av_compare_mod(pktl->pkt.pts, pktl->pkt.dts, 2LL << (wrap_bits - 1))) {
+if (pktl->pkt.stream_index == next_pkt->stream_index && wrap_bits < 64 &&
+av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2ULL << (wrap_bits - 1)) < 0) {
+if (av_compare_mod(pktl->pkt.pts, pktl->pkt.dts, 2ULL << (wrap_bits - 1))) {
 // not B-frame
 next_pkt->pts = pktl->pkt.dts;
 }
-- 
2.15.0.448.gf294e3d99a-goog

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-20 Thread Michael Niedermayer 
On Mon, Nov 20, 2017 at 01:15:24PM -0800, Dale Curtis wrote:
> On Mon, Nov 20, 2017 at 12:40 PM, Michael Niedermayer <
> mich...@niedermayer.cc> wrote:
> 
> > On Mon, Nov 20, 2017 at 12:05:05PM -0800, Dale Curtis wrote:
> > > On Sat, Nov 18, 2017 at 2:44 AM, Michael Niedermayer
> >  > > > wrote:
> > > >
> > > > this would skip the code for wrap_bits >= 63, this does not look
> > > > correct
> > > >
> > >
> > > Why do you think that's incorrect? The max int64_t value is 1 << 63 and 2
> > > << 63 == 1 << 64 ?
> >
> > I think its incorrect because the change would completely skip the loop
> > but a wrap of "1<<64" would still need pts to be filled in.
> >
> 
> There's no way this code can work with a wrap_bits > 63.  2<<64 > uint64_t.

i dont dispute that, what i meant was more high level

that is, "what that code should be doing", i think is different from
skiping the code


> The best we can do over my change is to make wrap_bits == 63 work by
> changing the line from 2LL << (wrap_bits - 1) to 2ULL << (wrap_bits -
> 1). av_compare_mod takes a uint64_t in this position so that should be
> okay. How does that sound?

I think that could end with the correct result

thanks

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

If a bugfix only changes things apparently unrelated to the bug with no
further explanation, that is a good sign that the bugfix is wrong.


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-20 Thread Dale Curtis 
On Mon, Nov 20, 2017 at 12:40 PM, Michael Niedermayer <
mich...@niedermayer.cc> wrote:

> On Mon, Nov 20, 2017 at 12:05:05PM -0800, Dale Curtis wrote:
> > On Sat, Nov 18, 2017 at 2:44 AM, Michael Niedermayer
>  > > wrote:
> > >
> > > this would skip the code for wrap_bits >= 63, this does not look
> > > correct
> > >
> >
> > Why do you think that's incorrect? The max int64_t value is 1 << 63 and 2
> > << 63 == 1 << 64 ?
>
> I think its incorrect because the change would completely skip the loop
> but a wrap of "1<<64" would still need pts to be filled in.
>

There's no way this code can work with a wrap_bits > 63.  2<<64 > uint64_t.
The best we can do over my change is to make wrap_bits == 63 work by
changing the line from 2LL << (wrap_bits - 1) to 2ULL << (wrap_bits -
1). av_compare_mod takes a uint64_t in this position so that should be
okay. How does that sound?

- dale
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-20 Thread Michael Niedermayer 
On Mon, Nov 20, 2017 at 12:05:05PM -0800, Dale Curtis wrote:
> On Sat, Nov 18, 2017 at 2:44 AM, Michael Niedermayer  > wrote:
> >
> > this would skip the code for wrap_bits >= 63, this does not look
> > correct
> >
> 
> Why do you think that's incorrect? The max int64_t value is 1 << 63 and 2
> << 63 == 1 << 64 ?

I think its incorrect because the change would completely skip the loop
but a wrap of "1<<64" would still need pts to be filled in.

[...]
-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-20 Thread Dale Curtis 
On Sat, Nov 18, 2017 at 2:44 AM, Michael Niedermayer  wrote:
>
> this would skip the code for wrap_bits >= 63, this does not look
> correct
>

Why do you think that's incorrect? The max int64_t value is 1 << 63 and 2
<< 63 == 1 << 64 ?

- dale
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-18 Thread Michael Niedermayer 
On Fri, Nov 17, 2017 at 01:46:39PM -0800, Dale Curtis wrote:
> Derp, actually, 2 << 63 doesn't fit in int64_t either, this check should be
> < 63. Fixed.
> 
> 
> 
> On Fri, Nov 17, 2017 at 1:38 PM, Dale Curtis 
> wrote:
> 
> > 2 << (wrap_bits=64 - 1) does not fit in int64_t; apply the check
> > used in other places that handle wrap bits to ensure the values
> > are <= 63.
> >
> > Signed-off-by: Dale Curtis 
> >
> >

>  utils.c |4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 2f61647f4321bebca803154960f74643d4670ee8  wrap_bits_v2.patch
> From 4ae4992326487ba0e42fa7fcf2a53fe3d4564780 Mon Sep 17 00:00:00 2001
> From: Dale Curtis 
> Date: Fri, 17 Nov 2017 13:35:56 -0800
> Subject: [PATCH] [avformat] Prevent undefined shift with wrap_bits >= 63.
> 
> 2 << (wrap_bits=63 - 1) does not fit in int64_t; apply the check
> used in other places that handle wrap bits to ensure the values
> are < 63.
> 
> Signed-off-by: Dale Curtis 
> ---
>  libavformat/utils.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libavformat/utils.c b/libavformat/utils.c
> index ff5e14df6c..65d111459f 100644
> --- a/libavformat/utils.c
> +++ b/libavformat/utils.c
> @@ -1738,8 +1738,8 @@ int av_read_frame(AVFormatContext *s, AVPacket *pkt)
>  // current one had no dts, we will set this to 
> AV_NOPTS_VALUE.
>  int64_t last_dts = next_pkt->dts;
>  while (pktl && next_pkt->pts == AV_NOPTS_VALUE) {
> -if (pktl->pkt.stream_index == next_pkt->stream_index &&
> -(av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2LL << 
> (wrap_bits - 1)) < 0)) {
> +if (pktl->pkt.stream_index == next_pkt->stream_index && 
> wrap_bits < 63 &&
> +av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2LL << 
> (wrap_bits - 1)) < 0) {

this would skip the code for wrap_bits >= 63, this does not look
correct

[...]

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Those who are best at talking, realize last or never when they are wrong.


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [avformat] Prevent undefined shift with wrap_bits > 63.

2017-11-17 Thread Dale Curtis 
Derp, actually, 2 << 63 doesn't fit in int64_t either, this check should be
< 63. Fixed.



On Fri, Nov 17, 2017 at 1:38 PM, Dale Curtis 
wrote:

> 2 << (wrap_bits=64 - 1) does not fit in int64_t; apply the check
> used in other places that handle wrap bits to ensure the values
> are <= 63.
>
> Signed-off-by: Dale Curtis 
>
>
From 4ae4992326487ba0e42fa7fcf2a53fe3d4564780 Mon Sep 17 00:00:00 2001
From: Dale Curtis 
Date: Fri, 17 Nov 2017 13:35:56 -0800
Subject: [PATCH] [avformat] Prevent undefined shift with wrap_bits >= 63.

2 << (wrap_bits=63 - 1) does not fit in int64_t; apply the check
used in other places that handle wrap bits to ensure the values
are < 63.

Signed-off-by: Dale Curtis 
---
 libavformat/utils.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavformat/utils.c b/libavformat/utils.c
index ff5e14df6c..65d111459f 100644
--- a/libavformat/utils.c
+++ b/libavformat/utils.c
@@ -1738,8 +1738,8 @@ int av_read_frame(AVFormatContext *s, AVPacket *pkt)
 // current one had no dts, we will set this to AV_NOPTS_VALUE.
 int64_t last_dts = next_pkt->dts;
 while (pktl && next_pkt->pts == AV_NOPTS_VALUE) {
-if (pktl->pkt.stream_index == next_pkt->stream_index &&
-(av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2LL << (wrap_bits - 1)) < 0)) {
+if (pktl->pkt.stream_index == next_pkt->stream_index && wrap_bits < 63 &&
+av_compare_mod(next_pkt->dts, pktl->pkt.dts, 2LL << (wrap_bits - 1)) < 0) {
 if (av_compare_mod(pktl->pkt.pts, pktl->pkt.dts, 2LL << (wrap_bits - 1))) {
 // not B-frame
 next_pkt->pts = pktl->pkt.dts;
-- 
2.15.0.448.gf294e3d99a-goog

___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel