From patchwork Sun Jun 11 14:05:44 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Timo Rothenpieler <timo@rothenpieler.org>
X-Patchwork-Id: 3910
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 10.103.10.195 with SMTP id 186csp512030vsk;
	Sun, 11 Jun 2017 07:06:32 -0700 (PDT)
X-Received: by 10.223.172.118 with SMTP id v109mr5110519wrc.84.1497189992398;
	Sun, 11 Jun 2017 07:06:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1497189992; cv=none;
	d=google.com; s=arc-20160816;
	b=ZOIt/J42ycO4PGtdlaO42/h+++PbDXKrCt09+2UkqZw0D6tNiK1w6mSTPMKRAWRMtv
	OfIcyVf96tg4n0FhcZLCewk4vvx28cCa5SJmIxfLqryuuQnhruur18vYhUfWH25xOmBZ
	88m9kBB+v9QL+6dI03v0M94beizltfh3Mq85xITShvG1Us/gn427om1lAGQ4qqfVuWtT
	PjxgA3vF5b2ZZdfURuYLrZmQIHk4XTlpxOjlJX6O31TACQ34vRYdexPqrnhxw6Sn846Q
	FTw8UgZE0bHcqdk36FGca8NGzzV5ZONkcjz8NQ3S7MbbsbWr9zwyJVKi48aOCrgplqJK
	hcAw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to
	:list-subscribe:list-help:list-post:list-archive:list-unsubscribe
	:list-id:precedence:subject:references:in-reply-to:message-id:date
	:to:from:dkim-signature:delivered-to:arc-authentication-results;
	bh=CD7KZtcRj6mlQbYsPu0U0IKf63Zmip5k/5VGBRS2/xI=;
	b=uuvT9q7gk07fBnJk27qnL8d2WcWkAVKDZV2le4eqWnWdCye5/Ah/4w6R8oSGeidOW1
	G27NrFfDdcJX5jexzEWZvyyMHpo5lbiFNMyEermUBZ5kDNGN+xXIM/yjEid05k8+97GC
	zpSF0c5guFeSymfycmXrqyD7aMZ3aecI7JjzjUUjpFW/ktHeydTUpFqqRbLDFtxRMnsm
	HH6kGA1Np6Niz6sRwvvD6Cbhqshe/6YJX1TfbVkJzpnVLbfyQktDQN0zQNFjGfb8D/Od
	gijQNgkaxN1pinecQlCHsfrU0xopR9QJBwN7VjMj4+8+UD5Dur3H1+qyI1d9qr8IaTkB
	aD5w==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@rothenpieler.org;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id 81si7167152wrc.11.2017.06.11.07.06.32;
	Sun, 11 Jun 2017 07:06:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@rothenpieler.org;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id B72DE689B93;
	Sun, 11 Jun 2017 17:06:08 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from btbn.de (btbn.de [5.9.118.179])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id B23AC6882AF
	for <ffmpeg-devel@ffmpeg.org>; Sun, 11 Jun 2017 17:06:01 +0300 (EEST)
Received: from localhost.localdomain (unknown
	[IPv6:2a02:8109:43f:959c:ba97:5aff:fe10:ec69])
	by btbn.de (Postfix) with ESMTPSA id AB7776A50F;
	Sun, 11 Jun 2017 16:06:02 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=rothenpieler.org;
	s=mail; t=1497189962;
	bh=UgMSjMN2nkRykesR+PO310Y+4ZRPU5NicX6pLTb6Yuw=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References;
	b=qZm10pR7WMr6VCD+8L7JUxWF7f7DkR+BymmzgFy4IuoELp9/OZgUX/dNtGhLX0sdr
	LWNgV1mWxBid45mACwe7EUYB9nZyUyo8HVYGYb39KyBrlSswmI7w1vRu7QjdcCd2Ap
	2hlfllnK5LZpwC2+gTTfjMyh+u1TjK6C/8mWjEDA=
From: Timo Rothenpieler <timo@rothenpieler.org>
To: ffmpeg-devel@ffmpeg.org
Date: Sun, 11 Jun 2017 16:05:44 +0200
Message-Id: <20170611140551.11844-2-timo@rothenpieler.org>
X-Mailer: git-send-email 2.13.0
In-Reply-To: <20170611140551.11844-1-timo@rothenpieler.org>
References: <20170611140551.11844-1-timo@rothenpieler.org>
Subject: [FFmpeg-devel] [PATCH 02/11] avfilter/vf_scale_npp: fix
	out-of-bounds reads
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: Timo Rothenpieler <timo@rothenpieler.org>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

Fixes CIDs 1396414 and 1396415
---
 libavfilter/vf_scale_npp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/vf_scale_npp.c b/libavfilter/vf_scale_npp.c
index b5acce653b..c36772e800 100644
--- a/libavfilter/vf_scale_npp.c
+++ b/libavfilter/vf_scale_npp.c
@@ -400,7 +400,7 @@ static int nppscale_resize(AVFilterContext *ctx, NPPScaleStageContext *stage,
     NppStatus err;
     int i;
 
-    for (i = 0; i < FF_ARRAY_ELEMS(in->data) && in->data[i]; i++) {
+    for (i = 0; i < FF_ARRAY_ELEMS(stage->planes_in) && i < FF_ARRAY_ELEMS(in->data) && in->data[i]; i++) {
         int iw = stage->planes_in[i].width;
         int ih = stage->planes_in[i].height;
         int ow = stage->planes_out[i].width;