diff mbox series

[FFmpeg-devel,2/2] avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()

Message ID 20210219204345.14218-2-michael@niedermayer.cc
State Superseded
Headers show
Series [FFmpeg-devel,1/2] avutil/common: Add FFINCREASE_PTR() | expand

Checks

Context Check Description
andriy/x86_make_warn warning New warnings during build
andriy/x86_make success Make finished
andriy/x86_make_fate success Make fate finished
andriy/PPC64_make success Make finished
andriy/PPC64_make_fate success Make fate finished

Commit Message

Michael Niedermayer Feb. 19, 2021, 8:43 p.m. UTC 
Found-by: Jeremy Leconte <jleconte@google.com>
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/vf_scale.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Michael Niedermayer March 13, 2021, 3:18 p.m. UTC | #1 
On Fri, Feb 19, 2021 at 09:43:45PM +0100, Michael Niedermayer wrote:
> Found-by: Jeremy Leconte <jleconte@google.com>
> Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
> ---
>  libavfilter/vf_scale.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)

will apply

[...]
diff mbox series

Patch

diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c
index 58eee96744..f1fbbf2978 100644
--- a/libavfilter/vf_scale.c
+++ b/libavfilter/vf_scale.c
@@ -635,8 +635,8 @@  static int scale_slice(AVFilterLink *link, AVFrame *out_buf, AVFrame *cur_pic, s
         int vsub= ((i+1)&2) ? scale->vsub : 0;
          in_stride[i] = cur_pic->linesize[i] * mul;
         out_stride[i] = out_buf->linesize[i] * mul;
-         in[i] = cur_pic->data[i] + ((y>>vsub)+field) * cur_pic->linesize[i];
-        out[i] = out_buf->data[i] +            field  * out_buf->linesize[i];
+         in[i] = FFINCREASE_PTR(cur_pic->data[i], ((y>>vsub)+field) * cur_pic->linesize[i]);
+        out[i] = FFINCREASE_PTR(out_buf->data[i],            field  * out_buf->linesize[i]);
     }
     if (scale->input_is_pal)
          in[1] = cur_pic->data[1];