1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

avfilter/vf_scale: fix off-by-one in loop bounds

Results in over-read of the array. Fortunately, the excess element was
never actually used, but it still triggers ASAN (and could in theory trigger
a segfault).

Fixes: 04ce01df0b
This commit is contained in:
Niklas Haas 2024-11-25 14:27:38 +01:00
parent 3c3bf6c109
commit bcbf3a5630

View File

@ -482,7 +482,7 @@ static int query_formats(const AVFilterContext *ctx,
formats = ff_all_color_spaces();
for (int i = 0; i < formats->nb_formats; i++) {
if (!sws_test_colorspace(formats->formats[i], 0)) {
for (int j = i--; j < formats->nb_formats; j++)
for (int j = i--; j + 1 < formats->nb_formats; j++)
formats->formats[j] = formats->formats[j + 1];
formats->nb_formats--;
}
@ -501,7 +501,7 @@ static int query_formats(const AVFilterContext *ctx,
formats = ff_all_color_spaces();
for (int i = 0; i < formats->nb_formats; i++) {
if (!sws_test_colorspace(formats->formats[i], 1)) {
for (int j = i--; j < formats->nb_formats; j++)
for (int j = i--; j + 1 < formats->nb_formats; j++)
formats->formats[j] = formats->formats[j + 1];
formats->nb_formats--;
}