virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-10-30 23:18:11 +02:00
Code Issues Releases Activity

avcodec/videodsp_template: Adjust pointers to avoid undefined pointer things

Browse Source 
Fixes: subtraction of unsigned offset from 0xf6602770 overflowed to 0xf6638c80
Fixes: 48567/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_THEORA_fuzzer-495074400600064

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer
2023-01-12 00:29:02 +01:00
parent df1a38d520
commit f0150cd41c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/videodsp_template.c
View File

@@ -64,7 +64,7 @@ void FUNC(ff_emulated_edge_mc)(uint8_t *buf, const uint8_t *src,
av_assert2(start_x < end_x && block_w);
w = end_x - start_x;
src += start_y * src_linesize + start_x * sizeof(pixel);
src += start_y * src_linesize + start_x * (ptrdiff_t)sizeof(pixel);
buf += start_x * sizeof(pixel);
// top
@@ -87,7 +87,7 @@ void FUNC(ff_emulated_edge_mc)(uint8_t *buf, const uint8_t *src,
buf += buf_linesize;
}
buf -= block_h * buf_linesize + start_x * sizeof(pixel);
buf -= block_h * buf_linesize + start_x * (ptrdiff_t)sizeof(pixel);
while (block_h--) {
pixel *bufp = (pixel *) buf;