From patchwork Sun Sep 12 13:14:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Niklas Haas X-Patchwork-Id: 30195 Delivered-To: ffmpegpatchwork2@gmail.com Received: by 2002:a05:6602:2a4a:0:0:0:0 with SMTP id k10csp3168283iov; Sun, 12 Sep 2021 06:14:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxjxBLc3zCCvcjnW23LkkcAGZiS55wxRTMWERkWWwhS4Qa6g5wCPuIA8IMap6FFW7mT3cgq X-Received: by 2002:a17:906:1299:: with SMTP id k25mr7347907ejb.139.1631452486170; Sun, 12 Sep 2021 06:14:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631452486; cv=none; d=google.com; s=arc-20160816; b=Q1Tv8byfm2HdwHuV7uI+EhCjUx59xl00AingUSpwyxyeT5UWU9XyKCq4SZf3mfgPVp 1Hi8tFqgWUmPk4PUDcEbW007LDGWS5LYE1kQ9VTltlA+f5FThDW4p17Vlg3x+3+L+50k MPPpzn9NFtQNMVGKO/AHPtdfiYNjH06BIRgg3puARSlqUh4VsxierEJ4IXRAzMpJgJ2N yl612cEHjmM81L1Q6YwfzSz+06C4nLqIDq+KrTf94Aop7abpUUtcJTHjKkdPlCshXtRQ PMpnUU1z+QqP4I8kimamAZCmuBYwPuQzO0n2b/cV79I5Q9ipy2mWMcMQGIZQYatyQOoB fCMA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:cc:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:mime-version:message-id:date:to:from :dkim-signature:delivered-to; bh=x92km7IbhJyg5hjoLhS/4NAtnOnxtcHigL298IelK5A=; b=0+xpYsaNd2pTYmqR69knp8nGW9714C4xXB7n/arCZb9WOe8pOSTsKq0RPYXoP0DATb IjmFEYKWXZKTT+5YOEWFUWvw5QBOfzFjrFDe2IojtRTz5s9gFMjQ10rC9UEHyJHkvscp m7mD2ta2fKrW4P6iJfrJOegXEZZHznaeOxV0/D4dED/YPl7ZZbJY7kh9ZTJj8bPlt21E RenR+BrmdTdSmCKw3o0kr7QmdH/gPaOMMSwQaJUOdZ44eiJrfjMZeBvaPG7OEd/5WegX XyvaQK+Rx6+taFiXAuztdyDcBKvSEXyykR8Hb3t2S7gX6GJgIiZHuQZ6557RToVqchfa TfbA== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@haasn.xyz header.s=mail header.b=ZiA92JAM; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id n1si4825099ejz.195.2021.09.12.06.14.45; Sun, 12 Sep 2021 06:14:46 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@haasn.xyz header.s=mail header.b=ZiA92JAM; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 4CAE968A8B1; Sun, 12 Sep 2021 16:14:41 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from haasn.dev (haasn.dev [78.46.187.166]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 7B5D768A4D5 for ; Sun, 12 Sep 2021 16:14:34 +0300 (EEST) Received: from haasn.dev (unknown [10.30.0.2]) by haasn.dev (Postfix) with ESMTP id CAB95427EF; Sun, 12 Sep 2021 15:14:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=haasn.xyz; s=mail; t=1631452473; bh=9Q1RPm1sLORASVzhPjGr2biboYOvC8icAeTy8BYd6dE=; h=From:To:Cc:Subject:Date:From; b=ZiA92JAM/PdifQgWIxREtOtLuAyXdIREKQmGAp2vr2nFnSiSmSZpO2xHCCYTR/ggJ EP7lbF2DsOOVjI8O32qD9cBM53BEH3/moJZLO0dPXfld3XoLgwB7tFNhnvJNmH2fLN q4IpyKUmmMiihaDZTNt07y/2z5xz1bd7WfcSYECA= From: Niklas Haas To: ffmpeg-devel@ffmpeg.org Date: Sun, 12 Sep 2021 15:14:31 +0200 Message-Id: <20210912131431.105319-1-ffmpeg@haasn.xyz> X-Mailer: git-send-email 2.33.0 MIME-Version: 1.0 Subject: [FFmpeg-devel] [PATCH v2] avcodec/h274: don't read from uninitialized array members X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Niklas Haas Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" X-TUID: 7HVYKgLM96sc From: Niklas Haas This bug flew under the radar because, in practice, these values are 0-initialized for the first invocation. But for subsequent invocations (with different h/v values), reading from the uninitialized parts of `out` is undefined behavior. Avoid this by simply adjusting the iteration range of the following loops. Has the added benefit of being a minor speedup. --- libavcodec/h274.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/h274.c b/libavcodec/h274.c index 5e2cf150ea..781878d7ad 100644 --- a/libavcodec/h274.c +++ b/libavcodec/h274.c @@ -74,9 +74,9 @@ static void init_slice_c(int8_t out[64][64], uint8_t h, uint8_t v, // 64x64 inverse integer transform for (int y = 0; y < 64; y++) { - for (int x = 0; x < 64; x++) { + for (int x = 0; x <= freq_h; x++) { int32_t sum = 0; - for (int p = 0; p < 64; p++) + for (int p = 0; p <= freq_v; p++) sum += R64T[y][p] * out[x][p]; tmp[y][x] = (sum + 128) >> 8; } @@ -85,7 +85,7 @@ static void init_slice_c(int8_t out[64][64], uint8_t h, uint8_t v, for (int y = 0; y < 64; y++) { for (int x = 0; x < 64; x++) { int32_t sum = 0; - for (int p = 0; p < 64; p++) + for (int p = 0; p <= freq_h; p++) sum += tmp[y][p] * R64T[x][p]; // R64T^T = R64 // Renormalize and clip to [-127, 127] out[y][x] = av_clip((sum + 128) >> 8, -127, 127);