From patchwork Thu Sep 13 07:58:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhao Zhili X-Patchwork-Id: 10315 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:12c4:0:0:0:0:0 with SMTP id 65-v6csp298372jap; Thu, 13 Sep 2018 00:58:45 -0700 (PDT) X-Google-Smtp-Source: ANB0VdYKJmtZzUPq6DpgSvDUKMSRFV8zZey5ad4me3vNRV0+IkXSRqbG20ZND31y45GYcjAMbj2N X-Received: by 2002:a1c:a941:: with SMTP id s62-v6mr4130850wme.76.1536825525089; Thu, 13 Sep 2018 00:58:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1536825525; cv=none; d=google.com; s=arc-20160816; b=z/oF9KKqEJ2iTLSlIsj3PZRbQv1QX61l87kgh90PnGXZ0Ryp8B2YL4BCJJbeqv9GEU 87bEkYqNleFZ17ituLegRorr1CJ9fgdgBFAuUr59M/VuVXAy4HjJxzFYn5yguXhN2kyB S/pnU9kE4djLNCJjsAWtunZMQe6Cx1vDW9Ldsrbhe0qC/OcaPdCSTYoaiu/JVE4TtLDB X1CTmcF/DQ7BLqSgy36m4RRvZVQ7Lyk5rWXxwR7oa3Q6t+TgWGTzMgYtyJvSlu1ZA6Iw 1MAYzPqrNCDzm+uIjJyVKbMVhlh+NJjv93+QhamV5T8SE4Zg3o9QwBWiVeyowETunejP TrfQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:feedback-id:references:in-reply-to :message-id:date:to:from:dkim-signature:delivered-to; bh=75p6z2bqy8nGA5JH0E85wYJw2kACF2SWT88lNcyaAj4=; b=gs+pDC/OmNma/6sIxBJviF4lRLQBKi0LKxoMOfViSxFENdnYvSGQa18Xx7V/9i1Fkp nhrGlIxaJrkP3LUBh34wMzNGrrQLCNnLoFLFhk0OAQQ0qq/DHgAR7dOPZDr2fgfQVpid +lGfK3Sorsa5VGrJBqacpH1aCQqWrfskbFwskmyrrIz6a27MzXVsFOcUVygOE+MG65dh 43/JvxCVGHp2PoNgy/IAAMoG47gyGI9hJ99iBNEA/q+z3wXBtqhwJ3z21VnBPI6P7t1U JpegklGYl+chhEW0KuRjc9Ox6XQQb0min2kwj/hBIx4iv2lBkzHwx0ZewPR+VkF7sr6P L3zw== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@foxmail.com header.s=s201512 header.b=nbUUM4cw; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=foxmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id g4-v6si2917450wru.338.2018.09.13.00.58.44; Thu, 13 Sep 2018 00:58:45 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@foxmail.com header.s=s201512 header.b=nbUUM4cw; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=foxmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id CC92C68A56B; Thu, 13 Sep 2018 10:58:32 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from smtpbg202.qq.com (smtpbg202.qq.com [184.105.206.29]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id A12A968A168 for ; Thu, 13 Sep 2018 10:58:25 +0300 (EEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com; s=s201512; t=1536825502; bh=P+EHySMkIU5hZZk3vUt7rM1fLTvyXnLWO/4t8WWPiLk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References; b=nbUUM4cwr93oare8osAhRbmomzrv5p0qj9leXX2GpurXhDF9ITvzWLXlWquTr/Jz4 GTjZdTr6SwFN1RnUjiUc1x0DJMf3ctoMUzVI6N3PNKDslOYgL6C6hKWu8UahyVijEI 89FnmyrGl/Kftz6xoMJT3+e7h138ST930I8sk1Ac= X-QQ-mid: esmtp6t1536825501t7zjsh5ev Received: from localhost.localdomain (unknown [119.145.5.45]) by esmtp4.qq.com (ESMTP) with id ; Thu, 13 Sep 2018 15:58:13 +0800 (CST) X-QQ-SSF: A1000000000000F0FF1003000000001 X-QQ-FEAT: Tp2hW+Mew+fn7CKILAyvwMYvLPNf8X05mhYFijkXI9pOcT0XjrjGzo/0H3V2J NL3kLRqSQvpdbd4fcyadIVwCabsBgBtXFg8NO48vBQXrgPhQ6b5auVNd1OUY7NhMRjm4d55 rTLm864bmW7IgIozhZKZgRi3Y0EScs38bOjMGhUybn4PdCPHCy5lik09KvlWkQlZWQAJdby i4toj54ktVYdchHgTz3HvO8bvxCynCAmWUFgBX3ig0N8TEOoaIpCVnOV6tkTIpC2zL7nYyQ ZN/gqJnbhwPyQHcZVApesbfPn60T05V3KYPg== X-QQ-GoodBg: 0 From: Zhao Zhili To: ffmpeg-devel@ffmpeg.org Date: Thu, 13 Sep 2018 15:58:11 +0800 Message-Id: <20180913075811.3752-1-quinkblack@foxmail.com> X-Mailer: git-send-email 2.9.5 In-Reply-To: <20180913074952.2873-1-quinkblack@foxmail.com> References: <20180913074952.2873-1-quinkblack@foxmail.com> X-QQ-SENDSIZE: 520 Feedback-ID: esmtp:foxmail.com:bgforeign:bgforeign4 X-QQ-Bgrelay: 1 Subject: [FFmpeg-devel] [PATCH] avfilter/vf_sr: fix read out of bounds X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Zhao Zhili MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" --- libavfilter/vf_sr.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/libavfilter/vf_sr.c b/libavfilter/vf_sr.c index 5ad1baa..bc9d186 100644 --- a/libavfilter/vf_sr.c +++ b/libavfilter/vf_sr.c @@ -239,7 +239,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) 0, sr_context->sws_slice_h, out->data, out->linesize); sws_scale(sr_context->sws_contexts[1], (const uint8_t **)out->data, out->linesize, - 0, out->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize); + 0, out->height, (uint8_t * const*)(&sr_context->input.data), + (const int [4]){sr_context->sws_input_linesize, 0, 0, 0}); break; case ESPCN: if (sr_context->sws_contexts[0]){ @@ -250,7 +251,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) } sws_scale(sr_context->sws_contexts[1], (const uint8_t **)in->data, in->linesize, - 0, in->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize); + 0, in->height, (uint8_t * const*)(&sr_context->input.data), + (const int [4]){sr_context->sws_input_linesize, 0, 0, 0}); } av_frame_free(&in); @@ -260,7 +262,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) return AVERROR(EIO); } - sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), &sr_context->sws_output_linesize, + sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), + (const int [4]){sr_context->sws_output_linesize, 0, 0, 0}, 0, out->height, (uint8_t * const*)out->data, out->linesize); return ff_filter_frame(outlink, out);