[FFmpeg-devel] [PATCH] avcodec/pngenc: fix invalid read in sub filter.
Michael Niedermayer
michaelni at gmx.at
Sat Feb 22 10:36:40 CET 2014
On Fri, Feb 21, 2014 at 02:20:25PM +0100, Clément Bœsch wrote:
> First pixel was computed based on invalid address read, and then
> corrected by the following memcpy. After the commit, it's not computed
> anymore, and memcpy fills the appropriate area.
>
> Fixes Ticket #3387
> ---
> libavcodec/pngenc.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/pngenc.c b/libavcodec/pngenc.c
> index bf61be1..7fb511a 100644
> --- a/libavcodec/pngenc.c
> +++ b/libavcodec/pngenc.c
> @@ -123,7 +123,7 @@ static void png_filter_row(DSPContext *dsp, uint8_t *dst, int filter_type,
> memcpy(dst, src, size);
> break;
> case PNG_FILTER_VALUE_SUB:
> - dsp->diff_bytes(dst, src, src-bpp, size);
> + dsp->diff_bytes(dst + bpp, src + bpp, src, size - bpp);
dsputil.h specifies that dst&src1 need 16byte align
void (*diff_bytes)(uint8_t *dst/*align 16*/, const uint8_t *src1/*align 16*/, const uint8_t *src2/*align 1*/,int w);
also see sub_left_prediction() in huffyuvenc
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Freedom in capitalist society always remains about the same as it was in
ancient Greek republics: Freedom for slave owners. -- Vladimir Lenin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140222/4b7cb29b/attachment.asc>
More information about the ffmpeg-devel
mailing list