From 7c5d256c9c6f8361cd9dde24544b61cec177b3ec Mon Sep 17 00:00:00 2001 From: Andreas Rheinhardt Date: Fri, 21 Oct 2022 16:40:37 +0200 Subject: [PATCH] avcodec/motion_est_template: Avoid using last + 1 element of array For an int array[8][2] using &array[8][0] (which is an int* pointing to the element beyond the last element of array) triggers a "runtime error: index 8 out of bounds for type 'int[8][2]'" from (Clang-)UBSan in the fate-vsynth(1|2|_lena)-snow tests. I don't know whether this is really undefined behaviour or does not actually fall under the "pointer arithmetic with the element beyond the last element of the array is allowed as long as it is not accessed" exception". All I know is that the code itself does not read from beyond the last element of the array. Nevertheless rewrite the code to a form that UBSan does not complain about. Signed-off-by: Andreas Rheinhardt --- libavcodec/motion_est_template.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/motion_est_template.c b/libavcodec/motion_est_template.c index f3e94b7ebb..1888697db7 100644 --- a/libavcodec/motion_est_template.c +++ b/libavcodec/motion_est_template.c @@ -281,7 +281,7 @@ static int qpel_motion_search(MpegEncContext * s, for(i=0; i<8; i++){ if(score < best[i]){ memmove(&best[i+1], &best[i], sizeof(int)*(7-i)); - memmove(&best_pos[i+1][0], &best_pos[i][0], sizeof(int)*2*(7-i)); + memmove(&best_pos[i + 1], &best_pos[i], sizeof(*best_pos) * (7 - i)); best[i]= score; best_pos[i][0]= nx + 4*mx; best_pos[i][1]= ny + 4*my;