[FFmpeg-trac] #6763(swscale:new): swscale: Out-of-bounds memory accesses
FFmpeg
trac at avcodec.org
Sat Oct 21 02:59:22 EEST 2017
#6763: swscale: Out-of-bounds memory accesses
------------------------------------+-----------------------------------
Reporter: Gramner | Owner:
Type: defect | Status: new
Priority: important | Component: swscale
Version: git-master | Resolution:
Keywords: crash | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
------------------------------------+-----------------------------------
Changes (by Gramner):
* version: unspecified => git-master
Comment:
Not sure which disassembly you're interested in, but the source shows the
entire row loop done using 128-bit loads with no special handling for the
tail:
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=libswscale/x86/input.asm;h=af9afcaa53a74f51eaa1257bafd1052524046074;hb=HEAD#l243
With width=512 as an example, on the last loop iteration "movu m4,
[srcq+12]" reads 16 bytes from offset 1524 which results in an overflow of
4 bytes.
The input buffer is the exact size of the input data with zero padding as
no such requirement is documented.
--
Ticket URL: <https://trac.ffmpeg.org/ticket/6763#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list