virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

pngdec/filter: dont access out of array elements at the end

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer
2013-02-12 19:53:40 +01:00
parent 1ecce266fa
commit 1ac0fa50ef
1 changed files with 4 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
libavcodec/pngdec.c
View File

@@ -190,7 +190,7 @@ void ff_add_png_paeth_prediction(uint8_t *dst, uint8_t *src, uint8_t *top, int w
if(bpp >= 2) g = dst[1];\ if(bpp >= 2) g = dst[1];\
if(bpp >= 3) b = dst[2];\ if(bpp >= 3) b = dst[2];\
if(bpp >= 4) a = dst[3];\ if(bpp >= 4) a = dst[3];\
for(; i < size; i+=bpp) {\ for(; i <= size - bpp; i+=bpp) {\
dst[i+0] = r = op(r, src[i+0], last[i+0]);\ dst[i+0] = r = op(r, src[i+0], last[i+0]);\
if(bpp == 1) continue;\ if(bpp == 1) continue;\
dst[i+1] = g = op(g, src[i+1], last[i+1]);\ dst[i+1] = g = op(g, src[i+1], last[i+1]);\
@@ -206,13 +206,9 @@ void ff_add_png_paeth_prediction(uint8_t *dst, uint8_t *src, uint8_t *top, int w
else if(bpp == 2) UNROLL1(2, op)\ else if(bpp == 2) UNROLL1(2, op)\
else if(bpp == 3) UNROLL1(3, op)\ else if(bpp == 3) UNROLL1(3, op)\
else if(bpp == 4) UNROLL1(4, op)\ else if(bpp == 4) UNROLL1(4, op)\
else {\ for (; i < size; i++) {\
for (; i < size; i += bpp) {\ dst[i] = op(dst[i-bpp], src[i], last[i]);\
int j;\
for (j = 0; j < bpp; j++)\
dst[i+j] = op(dst[i+j-bpp], src[i+j], last[i+j]);\
}\ }\
}
/* NOTE: 'dst' can be equal to 'last' */ /* NOTE: 'dst' can be equal to 'last' */
static void png_filter_row(PNGDSPContext *dsp, uint8_t *dst, int filter_type, static void png_filter_row(PNGDSPContext *dsp, uint8_t *dst, int filter_type,