mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2025-01-13 21:28:01 +02:00
swscale/utils: More carefully merge and clear coefficients outside the input
Fixes out of array read Fixes: asan_heap-oob_35ca682_1474_cov_3230122439_aletrek_tga_16bit.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
4d1b017c38
commit
1895d414aa
@ -612,14 +612,24 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos,
|
||||
|
||||
if ((*filterPos)[i] + filterSize > srcW) {
|
||||
int shift = (*filterPos)[i] + FFMIN(filterSize - srcW, 0);
|
||||
int64_t acc = 0;
|
||||
|
||||
// move filter coefficients right to compensate for filterPos
|
||||
for (j = filterSize - 2; j >= 0; j--) {
|
||||
int right = FFMIN(j + shift, filterSize - 1);
|
||||
filter[i * filterSize + right] += filter[i * filterSize + j];
|
||||
filter[i * filterSize + j] = 0;
|
||||
for (j = filterSize - 1; j >= 0; j--) {
|
||||
if ((*filterPos)[i] + j >= srcW) {
|
||||
acc += filter[i * filterSize + j];
|
||||
filter[i * filterSize + j] = 0;
|
||||
}
|
||||
}
|
||||
for (j = filterSize - 1; j >= 0; j--) {
|
||||
if (j < shift) {
|
||||
filter[i * filterSize + j] = 0;
|
||||
} else {
|
||||
filter[i * filterSize + j] = filter[i * filterSize + j - shift];
|
||||
}
|
||||
}
|
||||
|
||||
(*filterPos)[i]-= shift;
|
||||
filter[i * filterSize + srcW - 1 - (*filterPos)[i]] += acc;
|
||||
}
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user