Message ID | 20240813140529.2204-1-jamrial@gmail.com |
---|---|
State | New |
Headers | show |
Series | [FFmpeg-devel] avcodec/rpzaenc: don't use buffer data beyond the end of a row | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
On 8/13/2024 11:05 AM, James Almer wrote: > Fixes use of uninitized data (masked by the default zeroing of image buffers). > > Signed-off-by: James Almer <jamrial@gmail.com> > --- > libavcodec/rpzaenc.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c > index d84555d6c6..3a1924d385 100644 > --- a/libavcodec/rpzaenc.c > +++ b/libavcodec/rpzaenc.c > @@ -749,20 +749,24 @@ post_skip : > > if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK > const uint16_t *row_ptr; > - int y_size, rgb555; > + int y_size, x_size, rgb555; > > block_offset = get_block_info(&bi, block_counter, 0); > pblock_offset = get_block_info(&bi, block_counter, 1); > > row_ptr = &src_pixels[block_offset]; > y_size = FFMIN(4, bi.image_height - bi.row * 4); > + x_size = FFMIN(4, bi.image_width - bi.col * 4); > > for (int y = 0; y < y_size; y++) { > - for (int x = 0; x < 4; x++) { > + for (int x = 0; x < x_size; x++) { > rgb555 = row_ptr[x] & ~0x8000; > > put_bits(&s->pb, 16, rgb555); > } > + for (int x = x_size; x < 4; x++) > + put_bits(&s->pb, 16, 0); > + > row_ptr += bi.rowstride; > } Will apply soon to remove all the yellow from fate.
diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c index d84555d6c6..3a1924d385 100644 --- a/libavcodec/rpzaenc.c +++ b/libavcodec/rpzaenc.c @@ -749,20 +749,24 @@ post_skip : if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK const uint16_t *row_ptr; - int y_size, rgb555; + int y_size, x_size, rgb555; block_offset = get_block_info(&bi, block_counter, 0); pblock_offset = get_block_info(&bi, block_counter, 1); row_ptr = &src_pixels[block_offset]; y_size = FFMIN(4, bi.image_height - bi.row * 4); + x_size = FFMIN(4, bi.image_width - bi.col * 4); for (int y = 0; y < y_size; y++) { - for (int x = 0; x < 4; x++) { + for (int x = 0; x < x_size; x++) { rgb555 = row_ptr[x] & ~0x8000; put_bits(&s->pb, 16, rgb555); } + for (int x = x_size; x < 4; x++) + put_bits(&s->pb, 16, 0); + row_ptr += bi.rowstride; }
Fixes use of uninitized data (masked by the default zeroing of image buffers). Signed-off-by: James Almer <jamrial@gmail.com> --- libavcodec/rpzaenc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)