[FFmpeg-cvslog] avfilter/vf_bm3d: fix heap-buffer overflows

Paul B Mahol git at videolan.org
Tue Sep 14 00:16:58 EEST 2021 

ffmpeg | branch: release/4.1 | Paul B Mahol <onemda at gmail.com> | Sun Oct 13 18:10:38 2019 +0200| [8c9ff740a35d6f46935f70e4a9533dddaaf33788] | committer: James Almer

avfilter/vf_bm3d: fix heap-buffer overflows

Fixes #8262

(cherry picked from commit 0749082eb93ea02fa4b770da86597450cec84054)
Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8c9ff740a35d6f46935f70e4a9533dddaaf33788
---

 libavfilter/vf_bm3d.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/libavfilter/vf_bm3d.c b/libavfilter/vf_bm3d.c
index 75c356728e..04cc19ccee 100644
--- a/libavfilter/vf_bm3d.c
+++ b/libavfilter/vf_bm3d.c
@@ -706,8 +706,8 @@ static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)
     const int plane = td->plane;
     const int width = s->planewidth[plane];
     const int height = s->planeheight[plane];
-    const int block_pos_bottom = height - s->block_size;
-    const int block_pos_right  = width - s->block_size;
+    const int block_pos_bottom = FFMAX(0, height - s->block_size);
+    const int block_pos_right  = FFMAX(0, width - s->block_size);
     const int slice_start = (((height + block_step - 1) / block_step) * jobnr / nb_jobs) * block_step;
     const int slice_end = (jobnr == nb_jobs - 1) ? block_pos_bottom + block_step :
                           (((height + block_step - 1) / block_step) * (jobnr + 1) / nb_jobs) * block_step;
@@ -796,8 +796,8 @@ static int config_input(AVFilterLink *inlink)
     for (i = 0; i < s->nb_threads; i++) {
         SliceContext *sc = &s->slices[i];
 
-        sc->num = av_calloc(s->planewidth[0] * s->planeheight[0], sizeof(FFTSample));
-        sc->den = av_calloc(s->planewidth[0] * s->planeheight[0], sizeof(FFTSample));
+        sc->num = av_calloc(FFALIGN(s->planewidth[0], s->block_size) * FFALIGN(s->planeheight[0], s->block_size), sizeof(FFTSample));
+        sc->den = av_calloc(FFALIGN(s->planewidth[0], s->block_size) * FFALIGN(s->planeheight[0], s->block_size), sizeof(FFTSample));
         if (!sc->num || !sc->den)
             return AVERROR(ENOMEM);

More information about the ffmpeg-cvslog mailing list