From patchwork Wed Sep 19 02:55:11 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Zhao Zhili <quinkblack@foxmail.com>
X-Patchwork-Id: 10401
Delivered-To: ffmpegpatchwork@gmail.com
Received: by 2002:a02:12c4:0:0:0:0:0 with SMTP id 65-v6csp181830jap;
	Tue, 18 Sep 2018 19:55:43 -0700 (PDT)
X-Google-Smtp-Source: 
 ANB0VdanM5FBZ+SMNLjs08fJyz43jjLUSWz4oL+zFoPveCMRI4xwldr2Gvm4wX6BITFv2PK/X9kr
X-Received: by 2002:a1c:1d0:: with SMTP id
	199-v6mr18074859wmb.2.1537325743348;
	Tue, 18 Sep 2018 19:55:43 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537325743; cv=none;
	d=google.com; s=arc-20160816;
	b=yOh+xMLWiDMFNyq/3+IrTjKcJXaZ3RyAduZfMAaS9KWVYjo03spD9KAFQ9C9HkB+J0
	ryi4GXA1BFCNwd0NNlPa90WA/Jx+0GgCjgorRoFmEcvY/ybhFHSIkXaBJFpVPHKkPziG
	S/Zl4SoOVfcZCG4l9yPJJW1Ct+zpT3iEdmQeC+3ZcbdZrWJOScQr2HPxAaJeWAonoHJD
	3ul9VmH5WOYlq7/KGvaWBsEKTxbbPwb1pPBcxrrY9Pjxd2AkV/xounUMgYjur738yYPs
	dWYLutwzjxxIKD2wqwDWk+GhO3zVEQiUUqMVbLiiVrcrDgt5K5Rrj2sf6pL1L8i/nB/l
	Tslg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
	s=arc-20160816;
	h=sender:errors-to:content-transfer-encoding:mime-version:cc:reply-to
	:list-subscribe:list-help:list-post:list-archive:list-unsubscribe
	:list-id:precedence:subject:feedback-id:references:in-reply-to
	:message-id:date:to:from:dkim-signature:delivered-to;
	bh=QZthYAPRAIPjR2GuddUZTWAU/45B0jX9Q2Si2UfrgOg=;
	b=ozXl+3g9ggJzICCECU7S4zME3JoQTQnch8nfRGNl4nAYijvErJeibKo5GDE+ubfzvL
	6ahigmSBltBfUjpI+3n+7HOQuTjFpSuKpy+g1463jm2PWqXRl7iNXwn1X0hN1JpYODHk
	KMWNMQX2GQybXQrMEEJlfA5JSGkAone9/vyyCzAMY0yH2CFZkv3lGD/1XJcjnkeAU+2U
	jJ/L5azMzBV0KFNXz2FP0YW1i0NnmPlb9PZH+BjGXDCq8uDb7xfzxROyiZbyXimFGWOv
	6ehfCi3Fo3/dof2+A/zZkuuWPudd4e2MU02ctWia15xS7p7LbTqtwXKie8wxn9Hy23xs
	umMA==
ARC-Authentication-Results: i=1; mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@foxmail.com
	header.s=s201512 header.b=Wyqj8oXL;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=foxmail.com
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100])
	by mx.google.com with ESMTP id
	b79-v6si293665wmf.126.2018.09.18.19.55.42;
	Tue, 18 Sep 2018 19:55:43 -0700 (PDT)
Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	client-ip=79.124.17.100;
Authentication-Results: mx.google.com;
	dkim=neutral (body hash did not verify) header.i=@foxmail.com
	header.s=s201512 header.b=Wyqj8oXL;
	spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org
	designates 79.124.17.100 as permitted sender)
	smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org;
	dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=foxmail.com
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5A23168A50C;
	Wed, 19 Sep 2018 05:55:27 +0300 (EEST)
X-Original-To: ffmpeg-devel@ffmpeg.org
Delivered-To: ffmpeg-devel@ffmpeg.org
Received: from smtpbguseast2.qq.com (smtpbguseast2.qq.com [54.204.34.130])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 8B3AF689B47
	for <ffmpeg-devel@ffmpeg.org>; Wed, 19 Sep 2018 05:55:20 +0300 (EEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foxmail.com;
	s=s201512; t=1537325729;
	bh=8bzT9Vy9wIPxjHVzINO1YGKMQ/Jh1Y3VNrX8xzgRrys=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References;
	b=Wyqj8oXLTZgeq5xF99PA3skbDxvJT7CMwi61cf2vQLwEJz0ue+DCHLNE/RbCAiGE3
	VV9hX/b2fUrw0M0NTV/et+BX9YBwK0njEuODYKlsk2WV/rRtdmbMnRXdNF1ZGP/Hy9
	L1eql0W9krSJcwCfVCn3upMlWo2pvpsKuhFfApj4=
X-QQ-mid: esmtp3t1537325728tell4lkhc
Received: from localhost.localdomain (unknown [119.145.5.45])
	by esmtp4.qq.com (ESMTP) with
	id ; Wed, 19 Sep 2018 10:55:15 +0800 (CST)
X-QQ-SSF: A1000000000000F0FF1000000000001
X-QQ-FEAT: yUqBE/5l+geuJ7InXNC5oqm+CBfSt0aRta4+yRorcYrZnyGLiAnpXWjeTR9/4
	DlttGFHAGsMmi5vWrAUDBurTNS21UhdKSaoHNXThQVF0/+j1GFZpFLK1p5zVqlZ7J9Ojmkt
	X8zMsOlUXKhtrwhFBE5KE+bC5JvNmCczo7KciXSdwl++RCZZJRwTrvbsE82NSgNIjcZb/E0
	qNdjBhT4VwHT2N3qpbIaXDYeiCS1d1hz6QfD1ldrp6CMwLRh5dMu3MYJB2SYQUgazh4B3yK
	8lijuzdLk04r16oDEu76A/9LuQIbSmh+QNYw==
X-QQ-GoodBg: 0
From: Zhao Zhili <quinkblack@foxmail.com>
To: ffmpeg-devel@ffmpeg.org
Date: Wed, 19 Sep 2018 10:55:11 +0800
Message-Id: <20180919025513.20438-1-quinkblack@foxmail.com>
X-Mailer: git-send-email 2.9.5
In-Reply-To: 
 <CAKN1MR6wOEaK7_LnUTS2r8omeWDxJLcX0tUHZ2pPd6hQU87y0A@mail.gmail.com>
References: 
 <CAKN1MR6wOEaK7_LnUTS2r8omeWDxJLcX0tUHZ2pPd6hQU87y0A@mail.gmail.com>
X-QQ-SENDSIZE: 520
Feedback-ID: esmtp:foxmail.com:bgforeign:bgforeign2
X-QQ-Bgrelay: 1
Subject: [FFmpeg-devel] [V2 PATCH 1/3] avfilter/vf_sr: fix read out of bounds
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <http://ffmpeg.org/mailman/options/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <http://ffmpeg.org/pipermail/ffmpeg-devel/>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <http://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
	<mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches
	<ffmpeg-devel@ffmpeg.org>
Cc: Zhao Zhili <quinkblack@foxmail.com>
MIME-Version: 1.0
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>

---
 libavfilter/vf_sr.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libavfilter/vf_sr.c b/libavfilter/vf_sr.c
index 8a77a1d..c1ae6c5 100644
--- a/libavfilter/vf_sr.c
+++ b/libavfilter/vf_sr.c
@@ -227,7 +227,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
                   0, sr_context->sws_slice_h, out->data, out->linesize);
 
         sws_scale(sr_context->sws_contexts[1], (const uint8_t **)out->data, out->linesize,
-                  0, out->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize);
+                  0, out->height, (uint8_t * const*)(&sr_context->input.data),
+                  (const int [4]){sr_context->sws_input_linesize, 0, 0, 0});
     }
     else{
         if (sr_context->sws_contexts[0]){
@@ -238,7 +239,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
         }
 
         sws_scale(sr_context->sws_contexts[1], (const uint8_t **)in->data, in->linesize,
-                  0, in->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize);
+                  0, in->height, (uint8_t * const*)(&sr_context->input.data),
+                  (const int [4]){sr_context->sws_input_linesize, 0, 0, 0});
     }
     av_frame_free(&in);
 
@@ -248,7 +250,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
         return AVERROR(EIO);
     }
 
-    sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), &sr_context->sws_output_linesize,
+    sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data),
+              (const int[4]){sr_context->sws_output_linesize, 0, 0, 0},
               0, out->height, (uint8_t * const*)out->data, out->linesize);
 
     return ff_filter_frame(outlink, out);