virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-08 13:22:53 +02:00
Code Issues Releases Activity

avcodec/pngenc: Replace memcpy by av_image_copy()

Browse Source 
Fixes out of array access
Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ec9c5ce8a)

Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2016-01-15 00:35:57 +01:00
parent 07da25548f
commit 0c5a71fece
1 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/pngenc.c
View File

@ -747,8 +747,7 @@ static int apng_encode_frame(AVCodecContext *avctx, const AVFrame *pict,
// Do disposal
if (last_fctl_chunk.dispose_op != APNG_DISPOSE_OP_PREVIOUS) {
memcpy(diffFrame->data[0], s->last_frame->data[0],
s->last_frame->linesize[0] * s->last_frame->height);
av_frame_copy(diffFrame, s->last_frame);
if (last_fctl_chunk.dispose_op == APNG_DISPOSE_OP_BACKGROUND) {
for (y = last_fctl_chunk.y_offset; y < last_fctl_chunk.y_offset + last_fctl_chunk.height; ++y) {
@ -760,8 +759,7 @@ static int apng_encode_frame(AVCodecContext *avctx, const AVFrame *pict,
if (!s->prev_frame)
continue;
memcpy(diffFrame->data[0], s->prev_frame->data[0],
s->prev_frame->linesize[0] * s->prev_frame->height);
av_frame_copy(diffFrame, s->prev_frame);
}
// Do inverse blending
@ -923,8 +921,7 @@ static int encode_apng(AVCodecContext *avctx, AVPacket *pkt,
}
// Do disposal, but not blending
memcpy(s->prev_frame->data[0], s->last_frame->data[0],
s->last_frame->linesize[0] * s->last_frame->height);
av_frame_copy(s->prev_frame, s->last_frame);
if (s->last_frame_fctl.dispose_op == APNG_DISPOSE_OP_BACKGROUND) {
uint32_t y;
uint8_t bpp = (s->bits_per_pixel + 7) >> 3;