[FFmpeg-devel] [PATCH]Fix invalid memory accesses using the fade filter

Carl Eugen Hoyos cehoyos at ag.or.at
Mon Feb 23 03:27:54 CET 2015


Hi!

Attached patch fixes a crash with the following command line:
$ ffmpeg -loop 1 -i fate-suite/lena.pnm -vf format=yuva420p,fade -f null -

Please comment, Carl Eugen
-------------- next part --------------
diff --git a/libavfilter/vf_fade.c b/libavfilter/vf_fade.c
index 80ce75d..5d012af 100644
--- a/libavfilter/vf_fade.c
+++ b/libavfilter/vf_fade.c
@@ -203,7 +203,10 @@ static int filter_slice_luma(AVFilterContext *ctx, void *arg, int jobnr,
 
     for (i = slice_start; i < slice_end; i++) {
         uint8_t *p = frame->data[0] + i * frame->linesize[0];
+        int width = av_pix_fmt_desc_get(frame->format)->flags & AV_PIX_FMT_FLAG_PLANAR ?
+                    frame->width :
+                    frame->width * s->bpp;
-        for (j = 0; j < frame->width * s->bpp; j++) {
+        for (j = 0; j < width; j++) {
             /* s->factor is using 16 lower-order bits for decimal
              * places. 32768 = 1 << 15, it is an integer representation
              * of 0.5 and is for rounding. */


More information about the ffmpeg-devel mailing list