Nuo Mi: > On Mon, Feb 15, 2021 at 2:02 AM Carl Eugen Hoyos <ceffm...@gmail.com> wrote: > >> Am So., 14. Feb. 2021 um 18:57 Uhr schrieb Nuo Mi <nuomi2...@gmail.com>: >> >>>> >> https://github.com/FFmpeg/FFmpeg/blob/21346672270ae723aa774a9c8b0749954a75b3df/libavcodec/movtextenc.c#L110 >>>>>>> s->count * sizeof(*s->style_attributes) never > 32 bits. >>>> >>>> This is not correct afaict: >>>> The relevant line is 369 not 110, count is of type unsigned and if you >>>> multiply it with something >1, it can overflow. >>>> >>> You are right, the count is unsigned int, but >>> >> https://github.com/FFmpeg/FFmpeg/blob/21346672270ae723aa774a9c8b0749954a75b3df/libavcodec/movtextenc.c#L112 >>> tells us the value never > 16 bits >> >> No, this is not correct: >> Line 112 does not know how often line 369 was called. >> > Yes, we can check s->count <= UINT16_MAX before 369. It will make sure we > never overflow. > No, it doesn't. There is nothing that guarantees that UINT16_MAX * sizeof(StyleBox) is representable in a size_t. (Remember the compiler can add arbitrary padding in a struct.) But it is nevertheless possible to avoid these warnings on Clang; GCC is a bit stupider, though, and I see no way to avoid the warnings for GCC (the problem is that sizeof isn't available to the preprocessor, so one can't #if this away). Will send patches soon.
- Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
