[FFmpeg-devel] [PATCH] libavfilter:vf_thumbnail.c: Fix bug in buffer handling for RGB width

Clément Bœsch u at pkh.me
Wed Feb 18 23:34:54 CET 2015


On Wed, Feb 18, 2015 at 02:22:53PM -0800, Chris Kennedy wrote:
> This is a pretty obvious bug we caught in the thumbnail filter that is very
> subtle and hardly ever shows issues except for certain videos.  Yet it can
> be seen how it is blatantly going out of bounds by basing the width
> increment off of i*3 that resulted in odd crashes in rare cases.
> 
> 
> Thanks,
> Chris
> -- 
> ---
> Chris Kennedy
> Video Engineer
> CrunchyRoll - http://www.crunchyroll.com

> diff --git a/libavfilter/vf_thumbnail.c b/libavfilter/vf_thumbnail.c
> index 1883154..a1272a0 100644
> --- a/libavfilter/vf_thumbnail.c
> +++ b/libavfilter/vf_thumbnail.c
> @@ -142,7 +142,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *frame)
> 
>      // update current frame RGB histogram
>      for (j = 0; j < inlink->h; j++) {
> -        for (i = 0; i < inlink->w; i++) {
> +        // last third of image, walk every 3 bytes/pixels reading RGB
> +        for (i = 0; i < inlink->w/3; i++) {

width is expressed in pixels, not bytes.

How to reproduce the issue or crash?

>              hist[0*256 + p[i*3    ]]++;
>              hist[1*256 + p[i*3 + 1]]++;
>              hist[2*256 + p[i*3 + 2]]++;
> 

-- 
Clément B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150218/25e67f07/attachment.asc>


More information about the ffmpeg-devel mailing list