[FFmpeg-cvslog] swscale/utils: Limit filter shifting so as not to read from prior the array

Michael Niedermayer git at videolan.org
Wed Feb 11 13:24:22 CET 2015


ffmpeg | branch: release/1.2 | Michael Niedermayer <michaelni at gmx.at> | Thu Feb  5 00:12:08 2015 +0100| [42d9a7010f2d24e93c12c001430186d544eea591] | committer: Michael Niedermayer

swscale/utils: Limit filter shifting so as not to read from prior the array

Fixes out of array read
Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 692b22626ec9a9585f667c124a186b1a9796e432)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=42d9a7010f2d24e93c12c001430186d544eea591
---

 libswscale/utils.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libswscale/utils.c b/libswscale/utils.c
index 69ae7d8..de40bf5 100644
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@@ -571,14 +571,15 @@ static int initFilter(int16_t **outFilter, int32_t **filterPos,
         }
 
         if ((*filterPos)[i] + filterSize > srcW) {
-            int shift = (*filterPos)[i] + filterSize - srcW;
+            int shift = (*filterPos)[i] + FFMIN(filterSize - srcW, 0);
+
             // move filter coefficients right to compensate for filterPos
             for (j = filterSize - 2; j >= 0; j--) {
                 int right = FFMIN(j + shift, filterSize - 1);
                 filter[i * filterSize + right] += filter[i * filterSize + j];
                 filter[i * filterSize + j]      = 0;
             }
-            (*filterPos)[i]= srcW - filterSize;
+            (*filterPos)[i]-= shift;
         }
     }
 



More information about the ffmpeg-cvslog mailing list