| Message ID | 20161210120659.5642-1-cus@passwd.hu |
|---|---|
| State | Accepted |
| Commit | 1f3910262e1b9091f597ebbb710b478d40319986 |
| Headers | show |
On Sat, Dec 10, 2016 at 01:06:59PM +0100, Marton Balint wrote: > As I used simple RGBA formats for subtitles and for the video texture if > avfilter is disabled I kind of assumed that sws_scale won't access data > pointers and strides above index 0, but apparently that is not the case. > > Fixes Coverity CID 1396737, 1396738, 1396739, 1396740. > > Signed-off-by: Marton Balint <cus@passwd.hu> > --- > ffplay.c | 16 ++++++++-------- > 1 file changed, 8 insertions(+), 8 deletions(-) LGTM thx also please backport to the releases thx [...]
On Sat, 10 Dec 2016, Michael Niedermayer wrote: > On Sat, Dec 10, 2016 at 01:06:59PM +0100, Marton Balint wrote: >> As I used simple RGBA formats for subtitles and for the video texture if >> avfilter is disabled I kind of assumed that sws_scale won't access data >> pointers and strides above index 0, but apparently that is not the case. >> >> Fixes Coverity CID 1396737, 1396738, 1396739, 1396740. >> >> Signed-off-by: Marton Balint <cus@passwd.hu> >> --- >> ffplay.c | 16 ++++++++-------- >> 1 file changed, 8 insertions(+), 8 deletions(-) > > LGTM > > thx > > also please backport to the releases > Pushed to master and 3.2. 3.1 and before is using the SDL1 version which is not affected. Thanks, Marton
On Sat, Dec 10, 2016 at 11:39:25PM +0100, Marton Balint wrote: > > On Sat, 10 Dec 2016, Michael Niedermayer wrote: > > >On Sat, Dec 10, 2016 at 01:06:59PM +0100, Marton Balint wrote: > >>As I used simple RGBA formats for subtitles and for the video texture if > >>avfilter is disabled I kind of assumed that sws_scale won't access data > >>pointers and strides above index 0, but apparently that is not the case. > >> > >>Fixes Coverity CID 1396737, 1396738, 1396739, 1396740. > >> > >>Signed-off-by: Marton Balint <cus@passwd.hu> > >>--- > >> ffplay.c | 16 ++++++++-------- > >> 1 file changed, 8 insertions(+), 8 deletions(-) > > > >LGTM > > > >thx > > > >also please backport to the releases > > > > Pushed to master and 3.2. 3.1 and before is using the SDL1 version > which is not affected. thx [...]
diff --git a/ffplay.c b/ffplay.c index bb781a2..911fd7f 100644 --- a/ffplay.c +++ b/ffplay.c @@ -883,11 +883,11 @@ static int upload_texture(SDL_Texture *tex, AVFrame *frame, struct SwsContext ** frame->width, frame->height, frame->format, frame->width, frame->height, AV_PIX_FMT_BGRA, sws_flags, NULL, NULL, NULL); if (*img_convert_ctx != NULL) { - uint8_t *pixels; - int pitch; - if (!SDL_LockTexture(tex, NULL, (void **)&pixels, &pitch)) { + uint8_t *pixels[4]; + int pitch[4]; + if (!SDL_LockTexture(tex, NULL, (void **)pixels, pitch)) { sws_scale(*img_convert_ctx, (const uint8_t * const *)frame->data, frame->linesize, - 0, frame->height, &pixels, &pitch); + 0, frame->height, pixels, pitch); SDL_UnlockTexture(tex); } } else { @@ -913,8 +913,8 @@ static void video_image_display(VideoState *is) if (vp->pts >= sp->pts + ((float) sp->sub.start_display_time / 1000)) { if (!sp->uploaded) { - uint8_t *pixels; - int pitch; + uint8_t* pixels[4]; + int pitch[4]; int i; if (!sp->width || !sp->height) { sp->width = vp->width; @@ -939,9 +939,9 @@ static void video_image_display(VideoState *is) av_log(NULL, AV_LOG_FATAL, "Cannot initialize the conversion context\n"); return; } - if (!SDL_LockTexture(is->sub_texture, (SDL_Rect *)sub_rect, (void **)&pixels, &pitch)) { + if (!SDL_LockTexture(is->sub_texture, (SDL_Rect *)sub_rect, (void **)pixels, pitch)) { sws_scale(is->sub_convert_ctx, (const uint8_t * const *)sub_rect->data, sub_rect->linesize, - 0, sub_rect->h, &pixels, &pitch); + 0, sub_rect->h, pixels, pitch); SDL_UnlockTexture(is->sub_texture); } }
As I used simple RGBA formats for subtitles and for the video texture if avfilter is disabled I kind of assumed that sws_scale won't access data pointers and strides above index 0, but apparently that is not the case. Fixes Coverity CID 1396737, 1396738, 1396739, 1396740. Signed-off-by: Marton Balint <cus@passwd.hu> --- ffplay.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-)