From patchwork Thu Sep 13 07:49:50 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhao Zhili X-Patchwork-Id: 10312 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:12c4:0:0:0:0:0 with SMTP id 65-v6csp292425jap; Thu, 13 Sep 2018 00:50:23 -0700 (PDT) X-Google-Smtp-Source: ANB0VdbLePbyKHMEHcJ5/TwbhawBd5UkepQnsVUEIipQaGCiAe3NHuVGqqx5au3K/YHCgjHWhyK2 X-Received: by 2002:a1c:4e16:: with SMTP id g22-v6mr4115892wmh.111.1536825023688; Thu, 13 Sep 2018 00:50:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536825023; cv=none; d=google.com; s=arc-20160816; b=Jy5Bfm61DAjcsG/CaQiDaaEEp/kg5j1tBE2RuLOlnn+EnPQ7yvD505F/m+tDprClSH djxBxgk6p8KyS03izjQl/vE/WsbdIcefNxEzVv/ybEJw60CHGHH4/me889hsEv0woavZ 3OPUIfxNpxVGk0oZTh/oCIb8oNrJukE4AppeXO7qJCrDJDpHEcvclQNsx1JgQEsDshw8 1ubDjcTKsG933CP+QnaY7h99jGhTgIB7cU7M/sRj96bvPGaXVOVNDf2xUpjXNv/d49is Nrlq+OBA4SigskB5b9S6iduFxK/uYmAeTHutnJs3sdN8UyknmnDjHLqGB7IFwThbDb7f jHvg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:feedback-id:message-id:date:to:from :dkim-signature:delivered-to; bh=FqueRJVJ7dqOxrH2tAjNHtKukVgzi0uRsqD3fl9axn0=; b=TdpPwO94TmDBnI/TNe05uiUSUoPE9EI/N57WWdqjQtpuytXBpaABUAAW2y5fWhDAN6 xbB0xi1jqmQskIayhPfNGZ0hkFep7TV2CcFmVuyx5vizrFlT8ItPPy89Hk/trQ9Wb7cG SDKIPhOyGt65DsJv4KDsq+NzOJiUtnZMR9BGCvmELXvUlH7T4pPfjbrbUm0ia3JSmp4Q SeEPNffUUWZg49SyO8o+o16WotBzLxD9VDEnjaqTw+a1iFlAHRcIIkH/L7T9E1YqNE7r JGDcOs904CPq9fKBOzgBVba5Oga9BENe9cp2DPSTXDgXQDK6LT0SMBIPFoUojTI03lh+ YeUg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@foxmail.com header.s=s201512 header.b=z0DuhqcG; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=foxmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id e15-v6si3247066wrq.43.2018.09.13.00.50.22; Thu, 13 Sep 2018 00:50:23 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@foxmail.com header.s=s201512 header.b=z0DuhqcG; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=foxmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6A70B68A1AD; Thu, 13 Sep 2018 10:50:09 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from smtpbgau1.qq.com (smtpbgau1.qq.com [54.206.16.166]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 73929689E50 for ; Thu, 13 Sep 2018 10:50:02 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1536825004; bh=sbSNIOqo5TaEaNZP8EkIpDnRfhvNj8o5VA/i1e9+Ooc=; h=From:To:Cc:Subject:Date:Message-Id; b=z0DuhqcGblM3OUdeOePmJtNxXhUj9uYGl8W0HghJagJiIT2aApfVZDL9y5R8VGjfH DG8fGjBkpJUwQWBGp48vbth3Fw7EaVvdLxLtotQcjdTKLS+1HxHIOBFIW/DH1VvwHZ Wxie9HDpkvzb25+BjWM9TkrE7z++AKO+eXadN6Qc= X-QQ-mid: esmtp3t1536825003tc5lm8v33 Received: from localhost.localdomain (unknown [119.145.5.45]) by esmtp4.qq.com (ESMTP) with id ; Thu, 13 Sep 2018 15:49:54 +0800 (CST) X-QQ-SSF: A1000000000000F0F91003000000001 X-QQ-FEAT: H1NnLTI89tzG3ifNsbdykaYrI90L2xPFBZBhbJ3OWsbfXJ+5kWPKUy5XurXA+ WaBroSOGWOrWkMNiCoaXYQfkjNj/yPcKrgw6TDYteDqBw8FAVGkxaJISeCkdUKZFcUs/10K JO2llh9F2+DZjhLqQLf81H5aDa/P0W/oqFx5zMjt8vePwEM9kGV/sX34ZmwQVbJbItx3mhU LPSMZwwT+7/5Ur5RsUFl018/yNdMG1W1ihk24Ss49hiUEojlps5s/Rjkx00hXYhxcVaa7Go OrjYrrtizqHZ3BmFwfIgkSLlhisW4nof3vNA== X-QQ-GoodBg: 0 From: Zhao Zhili To: ffmpeg-devel@ffmpeg.org Date: Thu, 13 Sep 2018 15:49:50 +0800 Message-Id: <20180913074952.2873-1-quinkblack@foxmail.com> X-Mailer: git-send-email 2.9.5 X-QQ-SENDSIZE: 520 Feedback-ID: esmtp:foxmail.com:bgforeign:bgforeign2 X-QQ-Bgrelay: 1 Subject: [FFmpeg-devel] [PATCH 1/3] avfilter/vf_sr: fix read out of bounds X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Zhao Zhili MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" --- libavfilter/vf_sr.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavfilter/vf_sr.c b/libavfilter/vf_sr.c index 5ad1baa..26cacde 100644 --- a/libavfilter/vf_sr.c +++ b/libavfilter/vf_sr.c @@ -239,7 +239,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) 0, sr_context->sws_slice_h, out->data, out->linesize); sws_scale(sr_context->sws_contexts[1], (const uint8_t **)out->data, out->linesize, - 0, out->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize); + 0, out->height, (uint8_t * const*)(&sr_context->input.data), + (int [4]){sr_context->sws_input_linesize, 0, 0, 0}); break; case ESPCN: if (sr_context->sws_contexts[0]){ @@ -250,7 +251,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) } sws_scale(sr_context->sws_contexts[1], (const uint8_t **)in->data, in->linesize, - 0, in->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize); + 0, in->height, (uint8_t * const*)(&sr_context->input.data), + (int [4]){sr_context->sws_input_linesize, 0, 0, 0}); } av_frame_free(&in); @@ -260,7 +262,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) return AVERROR(EIO); } - sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), &sr_context->sws_output_linesize, + sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), + (int [4]){sr_context->sws_output_linesize, 0, 0, 0}, 0, out->height, (uint8_t * const*)out->data, out->linesize); return ff_filter_frame(outlink, out);