[FFmpeg-cvslog] avcodec/vp9: Fix stack-buffer overflow with VP9 VDPAU available

Andreas Rheinhardt git at videolan.org
Sun Oct 11 03:15:02 EEST 2020

ffmpeg | branch: master | Andreas Rheinhardt <andreas.rheinhardt at gmail.com> | Sun Oct 11 01:29:57 2020 +0200| [ddee53e2680a03a8b8beaa0de02e235046c599c3] | committer: Andreas Rheinhardt

avcodec/vp9: Fix stack-buffer overflow with VP9 VDPAU available

ccca62ef991f0a47dfa30c3e822d91294b8afe4c added new VP9 VDPAU profiles
and as a consequence AV_PIX_FMT_VDPAU can now be twice in the list of
pixel formats used for format negotiation by ff_thread_get_format(); yet
there is only one entry in said list reserved for VDPAU, leading to a
stack-buffer overflow. This commit fixes this by making sure that
AV_PIX_FMT_VDPAU will not occur twice in said list.

Fixes Coverity ticket 1468046.

Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ddee53e2680a03a8b8beaa0de02e235046c599c3

 libavcodec/vp9.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/libavcodec/vp9.c b/libavcodec/vp9.c
index 8b89fd68e2..294059f863 100644
--- a/libavcodec/vp9.c
+++ b/libavcodec/vp9.c
@@ -207,9 +207,6 @@ static int update_size(AVCodecContext *avctx, int w, int h)
         switch (s->pix_fmt) {
         case AV_PIX_FMT_YUV420P:
-            *fmtp++ = AV_PIX_FMT_VDPAU;
         case AV_PIX_FMT_YUV420P10:
             *fmtp++ = AV_PIX_FMT_DXVA2_VLD;

More information about the ffmpeg-cvslog mailing list