virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

swscale/utils: Limit filter shifting so as not to read from prior the array

Browse Source 
Fixes out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2015-02-05 00:12:08 +01:00
parent fd52d2d3d1
commit 692b22626e
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
libswscale/utils.c
View File

@ -611,14 +611,15 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos,
} }
if ((*filterPos)[i] + filterSize > srcW) { if ((*filterPos)[i] + filterSize > srcW) {
int shift = (*filterPos)[i] + filterSize - srcW; int shift = (*filterPos)[i] + FFMIN(filterSize - srcW, 0);
// move filter coefficients right to compensate for filterPos // move filter coefficients right to compensate for filterPos
for (j = filterSize - 2; j >= 0; j--) { for (j = filterSize - 2; j >= 0; j--) {
int right = FFMIN(j + shift, filterSize - 1); int right = FFMIN(j + shift, filterSize - 1);
filter[i * filterSize + right] += filter[i * filterSize + j]; filter[i * filterSize + right] += filter[i * filterSize + j];
filter[i * filterSize + j] = 0; filter[i * filterSize + j] = 0;
} }
(*filterPos)[i]= srcW - filterSize; (*filterPos)[i]-= shift;
} }
} }