virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avcodec/mpegvideo_motion: Fix gmc chroma dimensions

Browse Source 
Fixes integer overflow and out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2015-02-04 22:30:08 +01:00
parent 7457afc64d
commit fd52d2d3d1
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/mpegvideo_motion.c
View File

@ -178,7 +178,7 @@ static void gmc_motion(MpegEncContext *s,
s->sprite_delta[0][0], s->sprite_delta[0][1], s->sprite_delta[0][0], s->sprite_delta[0][1],
s->sprite_delta[1][0], s->sprite_delta[1][1], s->sprite_delta[1][0], s->sprite_delta[1][1],
a + 1, (1 << (2 * a + 1)) - s->no_rounding, a + 1, (1 << (2 * a + 1)) - s->no_rounding,
s->h_edge_pos >> 1, s->v_edge_pos >> 1); (s->h_edge_pos + 1) >> 1, (s->v_edge_pos + 1) >> 1);
ptr = ref_picture[2]; ptr = ref_picture[2];
s->mdsp.gmc(dest_cr, ptr, uvlinesize, 8, s->mdsp.gmc(dest_cr, ptr, uvlinesize, 8,
@ -186,7 +186,7 @@ static void gmc_motion(MpegEncContext *s,
s->sprite_delta[0][0], s->sprite_delta[0][1], s->sprite_delta[0][0], s->sprite_delta[0][1],
s->sprite_delta[1][0], s->sprite_delta[1][1], s->sprite_delta[1][0], s->sprite_delta[1][1],
a + 1, (1 << (2 * a + 1)) - s->no_rounding, a + 1, (1 << (2 * a + 1)) - s->no_rounding,
s->h_edge_pos >> 1, s->v_edge_pos >> 1); (s->h_edge_pos + 1) >> 1, (s->v_edge_pos + 1) >> 1);
} }
static inline int hpel_motion(MpegEncContext *s, static inline int hpel_motion(MpegEncContext *s,