diff mbox series

[FFmpeg-devel,2/5] checkasm/sw_scale: Fix stack-buffer-overflow

Message ID 20200519104601.12817-2-andreas.rheinhardt@gmail.com
State Accepted
Commit 57e570b508d967785b758e54c505db76c1597927
Headers show
Series [FFmpeg-devel,1/5] avformat/aiffenc: Don't forget chapters | expand

Checks

Context Check Description
andriy/default pending
andriy/make success Make finished
andriy/make_fate success Make fate finished

Commit Message

Andreas Rheinhardt May 19, 2020, 10:45 a.m. UTC 
A buffer whose size is not a multiple of four has been initialized using
consecutive writes of 32bits. This results in a stack-buffer-overflow
reported by ASAN in the checkasm-sw_scale FATE-test.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
---
Instead of using FFALIGN one could also just remove the "- 1" if that's
preferred.

 tests/checkasm/sw_scale.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Michael Niedermayer May 20, 2020, 1:39 p.m. UTC | #1 
On Tue, May 19, 2020 at 12:45:58PM +0200, Andreas Rheinhardt wrote:
> A buffer whose size is not a multiple of four has been initialized using
> consecutive writes of 32bits. This results in a stack-buffer-overflow
> reported by ASAN in the checkasm-sw_scale FATE-test.
> 
> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
> ---
> Instead of using FFALIGN one could also just remove the "- 1" if that's
> preferred.
> 
>  tests/checkasm/sw_scale.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

LGTM

thx

[...]
Andreas Rheinhardt May 20, 2020, 9:59 p.m. UTC | #2 
Michael Niedermayer:
> On Tue, May 19, 2020 at 12:45:58PM +0200, Andreas Rheinhardt wrote:
>> A buffer whose size is not a multiple of four has been initialized using
>> consecutive writes of 32bits. This results in a stack-buffer-overflow
>> reported by ASAN in the checkasm-sw_scale FATE-test.
>>
>> Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
>> ---
>> Instead of using FFALIGN one could also just remove the "- 1" if that's
>> preferred.
>>
>>  tests/checkasm/sw_scale.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> LGTM
> 
> thx
> 
> [...]
> 
> 
Applied, thanks.

- Andreas
diff mbox series

Patch

diff --git a/tests/checkasm/sw_scale.c b/tests/checkasm/sw_scale.c
index 2680e47897..9efa2b4def 100644
--- a/tests/checkasm/sw_scale.c
+++ b/tests/checkasm/sw_scale.c
@@ -53,7 +53,7 @@  static void check_hscale(void)
     struct SwsContext *ctx;
 
     // padded
-    LOCAL_ALIGNED_32(uint8_t, src, [SRC_PIXELS + MAX_FILTER_WIDTH - 1]);
+    LOCAL_ALIGNED_32(uint8_t, src, [FFALIGN(SRC_PIXELS + MAX_FILTER_WIDTH - 1, 4)]);
     LOCAL_ALIGNED_32(uint32_t, dst0, [SRC_PIXELS]);
     LOCAL_ALIGNED_32(uint32_t, dst1, [SRC_PIXELS]);