[FFmpeg-cvslog] snow: Fix off by 1 error in reference picture management
Michael Niedermayer
git at videolan.org
Sat May 4 01:21:46 CEST 2013
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat May 4 01:11:08 2013 +0200| [64819bfc7a1f622eab88c8962e02c9e2941bb42d] | committer: Michael Niedermayer
snow: Fix off by 1 error in reference picture management
Fixes out of array accesses
No release is affected by this bug
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=64819bfc7a1f622eab88c8962e02c9e2941bb42d
---
libavcodec/snow.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/snow.c b/libavcodec/snow.c
index 9f6399c..5362ae4 100644
--- a/libavcodec/snow.c
+++ b/libavcodec/snow.c
@@ -618,7 +618,7 @@ int ff_snow_frame_start(SnowContext *s){
av_frame_move_ref(&tmp, &s->last_picture[s->max_ref_frames-1]);
for(i=s->max_ref_frames-1; i>0; i--)
- av_frame_move_ref(&s->last_picture[i+1], &s->last_picture[i]);
+ av_frame_move_ref(&s->last_picture[i], &s->last_picture[i-1]);
memmove(s->halfpel_plane+1, s->halfpel_plane, (s->max_ref_frames-1)*sizeof(void*)*4*4);
if(USE_HALFPEL_PLANE && s->current_picture.data[0])
halfpel_interpol(s, s->halfpel_plane[0], &s->current_picture);
More information about the ffmpeg-cvslog
mailing list