From f722313c743663dcf48d6650d18a4b99165a8d72 Mon Sep 17 00:00:00 2001 From: Wan-Teh Chang Date: Thu, 4 Jun 2026 15:47:51 -0700 Subject: [PATCH] Validate int param is not INT_MIN before negating Validate that an int parameter is not equal to INT_MIN before negating it. Remove redundant src_width > 32768 || src_height > 32768 checks in callers of ScalePlane(), ScalePlane_16(), ScalePlane_12(), and UVScale(). Change UVScale() to validate its parameters in the same way as ScalePlane(), ScalePlane_16(), and ScalePlane_12(). Change-Id: I64e03257cf090760030c966b49c4d23e4cec25e5 Reviewed-on: https://chromium-review.googlesource.com/c/libyuv/libyuv/+/7902889 Reviewed-by: Frank Barchard Commit-Queue: Wan-Teh Chang --- source/convert.cc | 42 ++++++++++---------- source/scale.cc | 96 +++++++++++++++++++++++----------------------- source/scale_uv.cc | 4 +- 3 files changed, 71 insertions(+), 71 deletions(-) diff --git a/source/convert.cc b/source/convert.cc index 84198c137..c5e4be418 100644 --- a/source/convert.cc +++ b/source/convert.cc @@ -57,16 +57,16 @@ static int I4xxToI420(const uint8_t* src_y, int src_y_height, int src_uv_width, int src_uv_height) { + int r; + if ((!src_y && dst_y) || !src_u || !src_v || !dst_u || !dst_v || + src_y_width <= 0 || src_y_height == 0 || src_y_height == INT_MIN || + src_uv_width <= 0 || src_uv_height == 0) { + return -1; + } const int dst_y_width = src_y_width; const int dst_y_height = Abs(src_y_height); const int dst_uv_width = SUBSAMPLE(dst_y_width, 1, 1); const int dst_uv_height = SUBSAMPLE(dst_y_height, 1, 1); - int r; - if ((!src_y && dst_y) || !src_u || !src_v || !dst_u || !dst_v || - src_y_width <= 0 || src_y_height == 0 || src_uv_width <= 0 || - src_uv_height == 0) { - return -1; - } if (dst_y) { CopyPlane(src_y, src_stride_y, dst_y, dst_stride_y, src_y_width, src_y_height); @@ -184,13 +184,13 @@ static int Planar16bitTo8bit(const uint16_t* src_y, int subsample_x, int subsample_y, int depth) { - int uv_width = SUBSAMPLE(width, subsample_x, subsample_x); - int uv_height = SUBSAMPLE(height, subsample_y, subsample_y); - int scale = 1 << (24 - depth); if ((!src_y && dst_y) || !src_u || !src_v || !dst_u || !dst_v || width <= 0 || height == 0 || height == INT_MIN) { return -1; } + int uv_width = SUBSAMPLE(width, subsample_x, subsample_x); + int uv_height = SUBSAMPLE(height, subsample_y, subsample_y); + int scale = 1 << (24 - depth); // Negative height means invert the image. if (height < 0) { height = -height; @@ -533,17 +533,17 @@ static int Ix10ToI010(const uint16_t* src_y, int height, int subsample_x, int subsample_y) { + int r; + if ((!src_y && dst_y) || !src_u || !src_v || !dst_u || !dst_v || width <= 0 || + height == 0 || height == INT_MIN) { + return -1; + } const int dst_y_width = width; const int dst_y_height = Abs(height); const int src_uv_width = SUBSAMPLE(width, subsample_x, subsample_x); const int src_uv_height = SUBSAMPLE(height, subsample_y, subsample_y); const int dst_uv_width = SUBSAMPLE(dst_y_width, 1, 1); const int dst_uv_height = SUBSAMPLE(dst_y_height, 1, 1); - int r; - if ((!src_y && dst_y) || !src_u || !src_v || !dst_u || !dst_v || width <= 0 || - height == 0 || height == INT_MIN) { - return -1; - } if (dst_y) { CopyPlane_16(src_y, src_stride_y, dst_y, dst_stride_y, width, height); } @@ -613,11 +613,11 @@ static int IxxxToPxxx(const uint16_t* src_y, int subsample_x, int subsample_y, int depth) { - const int uv_width = SUBSAMPLE(width, subsample_x, subsample_x); - const int uv_height = SUBSAMPLE(height, subsample_y, subsample_y); if (width <= 0 || height == 0 || height == INT_MIN) { return -1; } + const int uv_width = SUBSAMPLE(width, subsample_x, subsample_x); + const int uv_height = SUBSAMPLE(height, subsample_y, subsample_y); ConvertToMSBPlane_16(src_y, src_stride_y, dst_y, dst_stride_y, width, height, depth); @@ -4216,13 +4216,13 @@ static int Biplanar16bitTo8bit(const uint16_t* src_y, int subsample_x, int subsample_y, int depth) { - int uv_width = SUBSAMPLE(width, subsample_x, subsample_x); - int uv_height = SUBSAMPLE(height, subsample_y, subsample_y); - int scale = 1 << (24 - depth); if ((!src_y && dst_y) || !src_uv || !dst_uv || width <= 0 || height == 0 || height == INT_MIN) { return -1; } + int uv_width = SUBSAMPLE(width, subsample_x, subsample_x); + int uv_height = SUBSAMPLE(height, subsample_y, subsample_y); + int scale = 1 << (24 - depth); // Negative height means invert the image. if (height < 0) { height = -height; @@ -4283,12 +4283,12 @@ static int Planar8bitTo8bit(const uint8_t* src_y, int bias_y, int scale_uv, int bias_uv) { - int uv_width = SUBSAMPLE(width, subsample_x, subsample_x); - int uv_height = SUBSAMPLE(height, subsample_y, subsample_y); if ((!src_y && dst_y) || !src_u || !src_v || !dst_u || !dst_v || width <= 0 || height == 0 || height == INT_MIN) { return -1; } + int uv_width = SUBSAMPLE(width, subsample_x, subsample_x); + int uv_height = SUBSAMPLE(height, subsample_y, subsample_y); // Negative height means invert the image. if (height < 0) { height = -height; diff --git a/source/scale.cc b/source/scale.cc index c504365ae..0064a0991 100644 --- a/source/scale.cc +++ b/source/scale.cc @@ -2224,17 +2224,17 @@ int I420Scale(const uint8_t* src_y, int dst_width, int dst_height, enum FilterMode filtering) { + int r; + + if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { + return -1; + } int src_halfwidth = SUBSAMPLE(src_width, 1, 1); int src_halfheight = SUBSAMPLE(src_height, 1, 1); int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); int dst_halfheight = SUBSAMPLE(dst_height, 1, 1); - int r; - - if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { - return -1; - } r = ScalePlane(src_y, src_stride_y, src_width, src_height, dst_y, dst_stride_y, dst_width, dst_height, filtering); @@ -2269,17 +2269,17 @@ int I420Scale_16(const uint16_t* src_y, int dst_width, int dst_height, enum FilterMode filtering) { + int r; + + if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { + return -1; + } int src_halfwidth = SUBSAMPLE(src_width, 1, 1); int src_halfheight = SUBSAMPLE(src_height, 1, 1); int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); int dst_halfheight = SUBSAMPLE(dst_height, 1, 1); - int r; - - if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { - return -1; - } r = ScalePlane_16(src_y, src_stride_y, src_width, src_height, dst_y, dst_stride_y, dst_width, dst_height, filtering); @@ -2314,17 +2314,17 @@ int I420Scale_12(const uint16_t* src_y, int dst_width, int dst_height, enum FilterMode filtering) { + int r; + + if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { + return -1; + } int src_halfwidth = SUBSAMPLE(src_width, 1, 1); int src_halfheight = SUBSAMPLE(src_height, 1, 1); int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); int dst_halfheight = SUBSAMPLE(dst_height, 1, 1); - int r; - - if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { - return -1; - } r = ScalePlane_12(src_y, src_stride_y, src_width, src_height, dst_y, dst_stride_y, dst_width, dst_height, filtering); @@ -2365,8 +2365,8 @@ int I444Scale(const uint8_t* src_y, int r; if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { return -1; } @@ -2406,8 +2406,8 @@ int I444Scale_16(const uint16_t* src_y, int r; if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { return -1; } @@ -2447,8 +2447,8 @@ int I444Scale_12(const uint16_t* src_y, int r; if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { return -1; } @@ -2488,15 +2488,15 @@ int I422Scale(const uint8_t* src_y, int dst_width, int dst_height, enum FilterMode filtering) { - int src_halfwidth = SUBSAMPLE(src_width, 1, 1); - int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); int r; if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { return -1; } + int src_halfwidth = SUBSAMPLE(src_width, 1, 1); + int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); r = ScalePlane(src_y, src_stride_y, src_width, src_height, dst_y, dst_stride_y, dst_width, dst_height, filtering); @@ -2531,15 +2531,15 @@ int I422Scale_16(const uint16_t* src_y, int dst_width, int dst_height, enum FilterMode filtering) { - int src_halfwidth = SUBSAMPLE(src_width, 1, 1); - int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); int r; if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { return -1; } + int src_halfwidth = SUBSAMPLE(src_width, 1, 1); + int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); r = ScalePlane_16(src_y, src_stride_y, src_width, src_height, dst_y, dst_stride_y, dst_width, dst_height, filtering); @@ -2574,15 +2574,15 @@ int I422Scale_12(const uint16_t* src_y, int dst_width, int dst_height, enum FilterMode filtering) { - int src_halfwidth = SUBSAMPLE(src_width, 1, 1); - int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); int r; if (!src_y || !src_u || !src_v || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_u || !dst_v || dst_width <= 0 || dst_height <= 0) { + src_height == INT_MIN || !dst_y || !dst_u || !dst_v || dst_width <= 0 || + dst_height <= 0) { return -1; } + int src_halfwidth = SUBSAMPLE(src_width, 1, 1); + int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); r = ScalePlane_12(src_y, src_stride_y, src_width, src_height, dst_y, dst_stride_y, dst_width, dst_height, filtering); @@ -2616,17 +2616,17 @@ int NV12Scale(const uint8_t* src_y, int dst_width, int dst_height, enum FilterMode filtering) { + int r; + + if (!src_y || !src_uv || src_width <= 0 || src_height == 0 || + src_height == INT_MIN || !dst_y || !dst_uv || dst_width <= 0 || + dst_height <= 0) { + return -1; + } int src_halfwidth = SUBSAMPLE(src_width, 1, 1); int src_halfheight = SUBSAMPLE(src_height, 1, 1); int dst_halfwidth = SUBSAMPLE(dst_width, 1, 1); int dst_halfheight = SUBSAMPLE(dst_height, 1, 1); - int r; - - if (!src_y || !src_uv || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_uv || dst_width <= 0 || dst_height <= 0) { - return -1; - } r = ScalePlane(src_y, src_stride_y, src_width, src_height, dst_y, dst_stride_y, dst_width, dst_height, filtering); @@ -2655,8 +2655,8 @@ int NV24Scale(const uint8_t* src_y, int r; if (!src_y || !src_uv || src_width <= 0 || src_height == 0 || - src_height == INT_MIN || src_width > 32768 || src_height > 32768 || - !dst_y || !dst_uv || dst_width <= 0 || dst_height <= 0) { + src_height == INT_MIN || !dst_y || !dst_uv || dst_width <= 0 || + dst_height <= 0) { return -1; } diff --git a/source/scale_uv.cc b/source/scale_uv.cc index 3574bbe7b..43a464732 100644 --- a/source/scale_uv.cc +++ b/source/scale_uv.cc @@ -1061,8 +1061,8 @@ int UVScale(const uint8_t* src_uv, int dst_width, int dst_height, enum FilterMode filtering) { - if (!src_uv || src_width <= 0 || src_height == 0 || src_height == INT_MIN || - src_width > 32768 || src_height > 32768 || !dst_uv || dst_width <= 0 || + if (!src_uv || src_width <= 0 || src_height == 0 || src_width > 32768 || + src_height < -32768 || src_height > 32768 || !dst_uv || dst_width <= 0 || dst_height <= 0) { return -1; }