From patchwork Thu Dec 15 11:57:49 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Josh Dekker X-Patchwork-Id: 1804 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.65.86 with SMTP id o83csp700796vsa; Thu, 15 Dec 2016 03:58:07 -0800 (PST) X-Received: by 10.28.173.4 with SMTP id w4mr1043515wme.70.1481803087374; Thu, 15 Dec 2016 03:58:07 -0800 (PST) Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id gk8si1648762wjb.257.2016.12.15.03.58.05; Thu, 15 Dec 2016 03:58:07 -0800 (PST) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@itanimul.li; dkim=neutral (body hash did not verify) header.i=@messagingengine.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5AE2C689B20; Thu, 15 Dec 2016 13:57:57 +0200 (EET) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id D9234680A59 for ; Thu, 15 Dec 2016 13:57:50 +0200 (EET) Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 18650205F6 for ; Thu, 15 Dec 2016 06:57:56 -0500 (EST) Received: from frontend1 ([10.202.2.160]) by compute4.internal (MEProxy); Thu, 15 Dec 2016 06:57:56 -0500 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=itanimul.li; h= date:from:message-id:subject:to:x-me-sender:x-me-sender :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=gBk04YjVflH1+wbRPrLe0d2nIz0 =; b=pmlHVhZmBEF+AKsDruymVrNqDcI7Wl35Vf12T995cZaaoAEQVKT1RAVrZZj 6w1G+qqqBtU8eyMTihcCjz5NU6V0plT831/9/cxnCORnhuofziWehSb6Ac7y+ZfZ Sgv4TFAE/d+JrprBz+ZaF8Y4+5SBbtt703vVWRR4fe2zEyfM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=date:from:message-id:subject:to :x-me-sender:x-me-sender:x-sasl-enc:x-sasl-enc; s=smtpout; bh=gB k04YjVflH1+wbRPrLe0d2nIz0=; b=HgFlSs2/Ep3VkfwRHIcJtVg9gJ1l5bOlJe a2XT0VKt16FA6hhD9sfm6BOSq1s9NA6MDd5HfnmjOT/RELdJ9KhvQi143Z2nazqW 1HJwJfLPlRcytazyubW2TCEG5nGQpogRTIvNg0MM5OkHyoQF2MTuVzpxjy7SeggR 6c00aOsfQ= X-ME-Sender: X-Sasl-enc: y3kZXweNRqQ2QNpsiUaxahAzSDMiGbZWeeZVp3RHvzgO 1481803075 Received: from localhost (barton.ac.uk [212.219.11.27]) by mail.messagingengine.com (Postfix) with ESMTPA id A95D07EA02 for ; Thu, 15 Dec 2016 06:57:55 -0500 (EST) From: Josh de Kock To: ffmpeg-devel@ffmpeg.org Date: Thu, 15 Dec 2016 11:57:49 +0000 Message-Id: <20161215115749.37676-1-josh@itanimul.li> X-Mailer: git-send-email 2.10.1 (Apple Git-78) Subject: [FFmpeg-devel] [PATCH] lavf/vsrc_testsrc: fix SMPTE segfault with small output size X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" The memset (line 1336) in draw_bar is passed a negative size if the output width is less than 36 pixels Signed-off-by: Josh de Kock --- libavfilter/vsrc_testsrc.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/libavfilter/vsrc_testsrc.c b/libavfilter/vsrc_testsrc.c index 08f6e07..9f2e91f 100644 --- a/libavfilter/vsrc_testsrc.c +++ b/libavfilter/vsrc_testsrc.c @@ -1413,6 +1413,11 @@ static av_cold int smptebars_init(AVFilterContext *ctx) { TestSourceContext *test = ctx->priv; + if (test->w < 36 || test->h < 1) { + av_log(ctx, AV_LOG_FATAL, "Size should be 36x1 or larger (%dx%d).\n", test->w, test->h); + return AVERROR(EINVAL); + } + test->fill_picture_fn = smptebars_fill_picture; test->draw_once = 1; return init(ctx);