Skip to content

numInputImageItems to avifImageApplyExpression32b#2986

Closed
wantehchang wants to merge 1 commit intoAOMediaCodec:mainfrom
wantehchang:pass-numInputImageItems
Closed

numInputImageItems to avifImageApplyExpression32b#2986
wantehchang wants to merge 1 commit intoAOMediaCodec:mainfrom
wantehchang:pass-numInputImageItems

Conversation

@wantehchang
Copy link
Collaborator

@wantehchang wantehchang commented Jan 31, 2026

Pass numInputImageItems (the size of the inputImageItems array) to avifImageApplyExpression32b(). Validate the index for the inputImageItems array.

@wantehchang
numInputImageItems to avifImageApplyExpression32b
5ef970c 
Pass numInputImageItems (the size of the inputImageItems array) to
avifImageApplyExpression32b(). Validate the index for the
inputImageItems array.
vrabaud
vrabaud approved these changes Jan 31, 2026
View reviewed changes
src/sampletransform.c
} else if (token->type == AVIF_SAMPLE_TRANSFORM_INPUT_IMAGE_ITEM_INDEX) {
const avifImage * image = inputImageItems[token->inputImageItemIndex - 1]; // 1-based
// inputImageItemIndex is 1-based.
const uint8_t zeroBasedIndex = token->inputImageItemIndex - 1;
Copy link
Contributor

@vrabaud vrabaud Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is absolutely no way inputImageItemIndex is 0 I guess?

Copy link
Contributor

@y-guyon y-guyon Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed. It is checked in avifSampleTransformExpressionIsValid(), but so is inputImageItemIndex <= numInputImageItems.

Copy link
Collaborator Author

@wantehchang wantehchang Feb 19, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yannis: The reason I wrote this PR is that it looks bad to pass an array but not the array size to a function. But then the function should use the array size, and the only meaningful way to use the array size in this function is to validate the array index token->inputImageItemIndex.

When I wrote this PR, I didn't analyze the code well enough to see if the caller has already validated token->inputImageItemIndex. Since that is true, this pull request will validate token->inputImageItemIndex redundantly. So I will abandon this pull request.

y-guyon
y-guyon approved these changes Feb 2, 2026
View reviewed changes
src/sampletransform.c
} else if (token->type == AVIF_SAMPLE_TRANSFORM_INPUT_IMAGE_ITEM_INDEX) {
const avifImage * image = inputImageItems[token->inputImageItemIndex - 1]; // 1-based
// inputImageItemIndex is 1-based.
const uint8_t zeroBasedIndex = token->inputImageItemIndex - 1;
Copy link
Contributor

@y-guyon y-guyon Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed. It is checked in avifSampleTransformExpressionIsValid(), but so is inputImageItemIndex <= numInputImageItems.

@wantehchang wantehchang deleted the pass-numInputImageItems branch February 19, 2026 18:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vrabaud vrabaud vrabaud approved these changes

@y-guyon y-guyon y-guyon approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@wantehchang @vrabaud @y-guyon

Comments