[FFmpeg-devel] [PATCH] libopenjpegenc: fix out-of-bounds reads when filling the edges
Hendrik Leppkes
h.leppkes at gmail.com
Fri Oct 14 01:00:48 EEST 2016
On Thu, Oct 13, 2016 at 10:25 PM, Andreas Cadhalpun
<andreas.cadhalpun at googlemail.com> wrote:
> If x is 0, 'x - 1' is in the previous line, or worse outside the buffer
> for the first line.
>
> If y is 0, 'x - image->comps[compno].w' is outside the buffer.
>
I'm slightly puzzled, as you say, these are for edge handling, edges
in this case are from the image width to buffer width, and image
height to buffer height, respectively
So for x or y to be zero, we would need an image thats zero width, or
zero height, so the edge starts at zero?
How does that happen, and wouldn't it be much simpler to catch that
case earlier in the chain and simply error out? A image with either
zero width or zero height surely is not something you can encode
either way.
- Hendrik
More information about the ffmpeg-devel
mailing list