Audit avifImageYUVAnyToRGBAnySlow(): use signed arithmetic for UV sam…#3063
Audit avifImageYUVAnyToRGBAnySlow(): use signed arithmetic for UV sam…#3063rootvector2 wants to merge 3 commits intoAOMediaCodec:mainfrom
Conversation
|
Dexter.k: Thank you for the pull request. We are in the middle of creating the libavif v1.4.0 release. I will review this PR next week. |
| const uint8_t * ptrU8 = uPlane ? &uPlane[(uvJ * uRowBytes)] : NULL; | ||
| const uint8_t * ptrV8 = vPlane ? &vPlane[(uvJ * vRowBytes)] : NULL; | ||
| const uint8_t * ptrA8 = aPlane ? &aPlane[j * aRowBytes] : NULL; | ||
| const uint8_t * ptrY8 = &yPlane[(size_t)j * yRowBytes]; |
There was a problem hiding this comment.
Please use uint64_t as size_t can be 32 bit on 32 bit platforms.
There was a problem hiding this comment.
Vincent: Please see my comment at #3097 (review), which explains why we can multiply rowBytes by height or an index that is less than height using the size_t type after the pixel buffer has been allocated successfully.
This is why libavif uses the size_t type in such multiplications. Before we allocate a pixel buffer, it is not safe to do these multiplications using the size_t type, so we need to either detect overflow or use the uin64_t type.
In the avifImageYUVAnyToRGBAnySlow() function (the subject of this pull request), we may multiply rowBytes by -1 to go back the the previous row, so we need to use the signed ptrdiff_t type in those places. We need to review the changes to this function carefully.
|
@vrabaud done |
|
Reverted |
|
@wantehchang any update |
3 participants
…pling offsets