[FFmpeg-cvslog] avcodec/h274: don't read from uninitialized array members
Niklas Haas
git at videolan.org
Sun Sep 12 17:18:42 EEST 2021
ffmpeg | branch: master | Niklas Haas <git at haasn.dev> | Sun Sep 12 15:14:31 2021 +0200| [52c35d648c29bc5f11372740d89e418e297ecd82] | committer: James Almer
avcodec/h274: don't read from uninitialized array members
This bug flew under the radar because, in practice, these values are
0-initialized for the first invocation. But for subsequent invocations
(with different h/v values), reading from the uninitialized parts of
`out` is undefined behavior.
Avoid this by simply adjusting the iteration range of the following
loops. Has the added benefit of being a minor speedup.
Signed-off-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=52c35d648c29bc5f11372740d89e418e297ecd82
---
libavcodec/h274.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/h274.c b/libavcodec/h274.c
index 5e2cf150ea..781878d7ad 100644
--- a/libavcodec/h274.c
+++ b/libavcodec/h274.c
@@ -74,9 +74,9 @@ static void init_slice_c(int8_t out[64][64], uint8_t h, uint8_t v,
// 64x64 inverse integer transform
for (int y = 0; y < 64; y++) {
- for (int x = 0; x < 64; x++) {
+ for (int x = 0; x <= freq_h; x++) {
int32_t sum = 0;
- for (int p = 0; p < 64; p++)
+ for (int p = 0; p <= freq_v; p++)
sum += R64T[y][p] * out[x][p];
tmp[y][x] = (sum + 128) >> 8;
}
@@ -85,7 +85,7 @@ static void init_slice_c(int8_t out[64][64], uint8_t h, uint8_t v,
for (int y = 0; y < 64; y++) {
for (int x = 0; x < 64; x++) {
int32_t sum = 0;
- for (int p = 0; p < 64; p++)
+ for (int p = 0; p <= freq_h; p++)
sum += tmp[y][p] * R64T[x][p]; // R64T^T = R64
// Renormalize and clip to [-127, 127]
out[y][x] = av_clip((sum + 128) >> 8, -127, 127);
More information about the ffmpeg-cvslog
mailing list