| Message ID | 20161215115749.37676-1-josh@itanimul.li |
|---|---|
| State | Superseded |
| Headers | show |
On 12/15/16, Josh de Kock <josh@itanimul.li> wrote: > The memset (line 1336) in draw_bar is passed a negative size if the output > width is less than 36 pixels > > Signed-off-by: Josh de Kock <josh@itanimul.li> > --- > libavfilter/vsrc_testsrc.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/libavfilter/vsrc_testsrc.c b/libavfilter/vsrc_testsrc.c > index 08f6e07..9f2e91f 100644 > --- a/libavfilter/vsrc_testsrc.c > +++ b/libavfilter/vsrc_testsrc.c > @@ -1413,6 +1413,11 @@ static av_cold int smptebars_init(AVFilterContext > *ctx) > { > TestSourceContext *test = ctx->priv; > > + if (test->w < 36 || test->h < 1) { > + av_log(ctx, AV_LOG_FATAL, "Size should be 36x1 or larger > (%dx%d).\n", test->w, test->h); > + return AVERROR(EINVAL); > + } > + > test->fill_picture_fn = smptebars_fill_picture; > test->draw_once = 1; > return init(ctx); > -- > 2.10.1 (Apple Git-78) > > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > http://ffmpeg.org/mailman/listinfo/ffmpeg-devel > Fixed differently. Thanks for reporting bug. smptehdbars filter uses same function so it had similar bug.
diff --git a/libavfilter/vsrc_testsrc.c b/libavfilter/vsrc_testsrc.c index 08f6e07..9f2e91f 100644 --- a/libavfilter/vsrc_testsrc.c +++ b/libavfilter/vsrc_testsrc.c @@ -1413,6 +1413,11 @@ static av_cold int smptebars_init(AVFilterContext *ctx) { TestSourceContext *test = ctx->priv; + if (test->w < 36 || test->h < 1) { + av_log(ctx, AV_LOG_FATAL, "Size should be 36x1 or larger (%dx%d).\n", test->w, test->h); + return AVERROR(EINVAL); + } + test->fill_picture_fn = smptebars_fill_picture; test->draw_once = 1; return init(ctx);
The memset (line 1336) in draw_bar is passed a negative size if the output width is less than 36 pixels Signed-off-by: Josh de Kock <josh@itanimul.li> --- libavfilter/vsrc_testsrc.c | 5 +++++ 1 file changed, 5 insertions(+)