From 98d0d19208959766a58f13dd6a678d1f765a26ac Mon Sep 17 00:00:00 2001 From: "Ronald S. Bultje" Date: Thu, 2 Aug 2012 20:46:09 -0700 Subject: [PATCH] lagarith: pad RGB buffer by 1 byte. For left HFYU prediction, we predict from the buffer buf+1 using 8- or 16-byte reads. This means that aligning the buffer by 16 bytes is in itself not sufficient, because if the width itself is 16- or 8-byte aligned, the buffer will not be padded, and thus a read of size 16 at buf+1 will overflow boundaries at the right edge. Padding the buffer by 1 byte is sufficient to not overflow its boundaries. Fixes bug 342. --- libavcodec/lagarith.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavcodec/lagarith.c b/libavcodec/lagarith.c index 35f5a07e4c..e72674c481 100644 --- a/libavcodec/lagarith.c +++ b/libavcodec/lagarith.c @@ -553,7 +553,7 @@ static int lag_decode_frame(AVCodecContext *avctx, if (!l->rgb_planes) { l->rgb_stride = FFALIGN(avctx->width, 16); - l->rgb_planes = av_malloc(l->rgb_stride * avctx->height * planes); + l->rgb_planes = av_malloc(l->rgb_stride * avctx->height * planes + 1); if (!l->rgb_planes) { av_log(avctx, AV_LOG_ERROR, "cannot allocate temporary buffer\n"); return AVERROR(ENOMEM);