| Message ID | 20210905110257.58834-1-ffmpeg@haasn.xyz |
|---|---|
| State | New |
| Headers | show |
| Series | [FFmpeg-devel,1/2] avcodec/h274: don't read from uninitialized array members | expand |
| Context | Check | Description |
|---|---|---|
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
| andriy/make_ppc | success | Make finished |
| andriy/make_fate_ppc | success | Make fate finished |
diff --git a/libavcodec/h274.c b/libavcodec/h274.c index 5e2cf150ea..a59d09b66e 100644 --- a/libavcodec/h274.c +++ b/libavcodec/h274.c @@ -74,12 +74,14 @@ static void init_slice_c(int8_t out[64][64], uint8_t h, uint8_t v, // 64x64 inverse integer transform for (int y = 0; y < 64; y++) { - for (int x = 0; x < 64; x++) { + for (int x = 0; x <= freq_h; x++) { int32_t sum = 0; - for (int p = 0; p < 64; p++) + for (int p = 0; p <= freq_v; p++) sum += R64T[y][p] * out[x][p]; tmp[y][x] = (sum + 128) >> 8; } + for (int x = freq_h+1; x < 64; x++) + tmp[y][x] = 0; } for (int y = 0; y < 64; y++) {
From: Niklas Haas <git@haasn.dev> This bug flew under the radar because, in practice, these values are 0-initialized for the first invocation. But for subsequent invocations (with different h/v values), reading from the uninitialized parts of `out` is undefined behavior. Avoid this by simply adjusting the iteration range of the next loop. Has the added benefit of being a minor speedup. --- libavcodec/h274.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)