From patchwork Sat Jun 3 09:04:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin Mark X-Patchwork-Id: 3816 Delivered-To: ffmpegpatchwork@gmail.com Received: by 10.103.10.2 with SMTP id 2csp552480vsk; Sat, 3 Jun 2017 02:25:11 -0700 (PDT) X-Received: by 10.223.151.107 with SMTP id r98mr7770365wrb.6.1496481911746; Sat, 03 Jun 2017 02:25:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1496481911; cv=none; d=google.com; s=arc-20160816; b=GTn478Yer26w19iu7yN26CPCeKeoDI4+srTsFPEpE2Uxln3JK5NxaY0jY+yE1PDemN 2MFdqrLtITGuNgl9kR2mGu+EEyB8yWWfrq+HeCvsQV4hp0lxk3eQdsB7OdYHDvOF5/bl vRCMKe9dyTyp/IaRWRkPIMcxrq3erDB6ej/+2yMUxK5WYBLijPJ8xsPSz5LZbyZR7B5c WzZoQDiHsN9K5t1XUZNXPyX3Pw9koj1ttqW2O8fH/osty2Z7KTQDJgfxn4DCaPaSDHNk AkCeocn2l0U0OvrZ1PTvQAd2aXVgvEa0wu79gPdKNcaBSamKyDcP/b0+O5sWxiZXweU7 gZwQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=7DlxBzBoNhCxvqxm/Q4nLHhSO10GLPrJ3bEq9W3+cgk=; b=aQdStWZ03IbCpFKI5n7NO9D9GHPADP+3TS4vBloR7+DtauBw9kSFvIQDnJebT3PAFE aDDvb7lwrN5bKWQgef9NP8tBw0nG7f0NOszLQHfgh0GKPWbcIiuOLV+H+zXKwA14jik5 ZtXdGLoBtLIrDWizkLyceAMQWoCsZNj6zlc3tnss5CsspCLqyS42CdlhOoJjywl2SO8O ftzUE2iiTtx25nIQ9u4KA5QZWAhQ2u2SIvlmh7fk5MI7OpAG18CIkK96PDy7SVxZoTl4 FscfBo2CG8Hx31uZGxb9IQiuFZ5vJ2h0CvIMYapP233pLI58k9EJgxNTFaZuUXcNmylX wCUQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id q5si24534379wrb.291.2017.06.03.02.25.11; Sat, 03 Jun 2017 02:25:11 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@gmail.com; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=gmail.com Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 842B8689C66; Sat, 3 Jun 2017 12:25:03 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mail-qk0-f195.google.com (mail-qk0-f195.google.com [209.85.220.195]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id E6282689C4E for ; Sat, 3 Jun 2017 12:24:56 +0300 (EEST) Received: by mail-qk0-f195.google.com with SMTP id y201so7884343qka.3 for ; Sat, 03 Jun 2017 02:25:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=8NEVUAwJKX5L4Bc1ohTXAjPuO06t2ZLB0icCK1AqgOs=; b=fePUqdn1RLypt/2uyMwAXuX1Wi1DbLflsrvUhwiwrtrJV2oxkTlX1Lx+7/y4EYzFfI ilFKGTl1T7SbGZQ97w1rMfa1HORuwuYPiGCAedTnj9unG2kht9sjEMfq8vQcF1mZooZ0 OB7wuUD3uvrK7BkePT4jAcwnO2eGc7Rp/kvyC+N61H5u/TtY5iPz38l2UpZPCs60UDYi 7jOQuMcCMyJ5Cca/uv87rVPqF5rHtmYe6J4cgc9Jc9ErGqVeH5tK6DxtQQsHz2fpW5Rf +yL5EaLXDGvIopnixJxa9qRR6Erb6z0XTt5QLslO8h82+Fh0nocWWcn270GRCrW3gH9+ garw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=8NEVUAwJKX5L4Bc1ohTXAjPuO06t2ZLB0icCK1AqgOs=; b=D3z6Rr6oVfLwxIkcwcvnbzE6Oi63rK1bNCYUGssMO6Th+j7p+FHcCxCGX7DKfz+IG3 oc+VrUDLAG14Fl6RkBbd7VSjOu55xroHwX0f0JPNkTHfMxe3cSoTCHMok7GAgHiasNEZ 690y1pTo8zSDjQLwGF6QsoVcCyV0VoFM/RLn3LGBQOogkej1BJzgGa57wP9AqYNWg+g/ RXeyrZWgyfBFY8fN9jvo5jKCVyF6xB2gswFCyRsQR/8E0tvBRDphq9PJzbYc5YYJF1nl fv+ejVqIdvJC1m3a4bPrwjIV5BO/Y0Wvt5QaWtOjLeCyXYPLiaKJqxkwuT0lQlnb7ngv 9FOw== X-Gm-Message-State: AKS2vOxMqDVMdEd83zOXcgkhySKArJv4Xn5Lvu5rA5ADGrPimZ7fIoup wbjdqdvuVMBrcKiaYmw= X-Received: by 10.55.181.194 with SMTP id e185mr12525375qkf.195.1496481399197; Sat, 03 Jun 2017 02:16:39 -0700 (PDT) Received: from Klingon.fios-router.home (pool-173-69-140-247.bltmmd.fios.verizon.net. [173.69.140.247]) by smtp.gmail.com with ESMTPSA id y31sm17070681qtb.27.2017.06.03.02.16.38 (version=TLS1 cipher=AES128-SHA bits=128/128); Sat, 03 Jun 2017 02:16:38 -0700 (PDT) From: Kevin Mark To: ffmpeg-devel@ffmpeg.org Date: Sat, 3 Jun 2017 05:04:19 -0400 Message-Id: <20170603090419.44431-1-kmark937@gmail.com> X-Mailer: git-send-email 2.13.0 Subject: [FFmpeg-devel] [PATCH] libavfilter/scale2ref: Fix out-of-bounds array access X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Kevin Mark MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" ff_scale_eval_dimensions blindly assumes that two inputs are always available as of 3385989b98be7940044e4f0a6b431a0a00abf2fa. This is notably not the case when the function is called for the scale filter. With the scale filter inputs[1] does not exist. ff_scale_eval_dimensions now has an updated scale2ref check that makes certain two inputs are actually available before attempting to access the second one. Thanks to James Almer for reporting this bug. This should fix the 820 Valgrind tests I single-handedly managed to break. Signed-off-by: Kevin Mark --- libavfilter/scale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libavfilter/scale.c b/libavfilter/scale.c index e3a2fb5923..03745ddcb8 100644 --- a/libavfilter/scale.c +++ b/libavfilter/scale.c @@ -115,7 +115,7 @@ int ff_scale_eval_dimensions(void *log_ctx, int factor_w, factor_h; int eval_w, eval_h; int ret; - const char scale2ref = outlink->src->inputs[1] == inlink; + const char scale2ref = outlink->src->nb_inputs == 2 && outlink->src->inputs[1] == inlink; double var_values[VARS_NB + VARS_S2R_NB], res; const AVPixFmtDescriptor *main_desc; const AVFilterLink *main_link;