[FFmpeg-devel] [PATCH] lavfi/mptestsrc: fix invalid access in case of negative linesize
Stefano Sabatini
stefasab at gmail.com
Thu Apr 18 22:00:08 CEST 2013
On date Wednesday 2013-04-17 22:12:06 +0200, Stefano Sabatini encoded:
> In particular, fix crash with:
> ffplay -f lavfi mptestsrc,vflip
> ---
> libavfilter/vsrc_mptestsrc.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/libavfilter/vsrc_mptestsrc.c b/libavfilter/vsrc_mptestsrc.c
> index 867cd50..e931c76 100644
> --- a/libavfilter/vsrc_mptestsrc.c
> +++ b/libavfilter/vsrc_mptestsrc.c
> @@ -301,9 +301,10 @@ static int request_frame(AVFilterLink *outlink)
> {
> MPTestContext *test = outlink->src->priv;
> AVFrame *picref;
> - int w = WIDTH, h = HEIGHT, ch = h>>test->vsub;
> + int w = WIDTH, h = HEIGHT, cw = w>>test->hsub, ch = h>>test->vsub;
> unsigned int frame = test->frame_nb;
> enum test_type tt = test->test;
> + int i;
>
> if (test->max_pts >= 0 && test->pts > test->max_pts)
> return AVERROR_EOF;
> @@ -313,9 +314,12 @@ static int request_frame(AVFilterLink *outlink)
> picref->pts = test->pts++;
>
> // clean image
> - memset(picref->data[0], 0, picref->linesize[0] * h);
> - memset(picref->data[1], 128, picref->linesize[1] * ch);
> - memset(picref->data[2], 128, picref->linesize[2] * ch);
> + for (i = 0; i < h; i++)
> + memset(picref->data[0] + i*picref->linesize[0], 0, w);
> + for (i = 0; i < ch; i++) {
> + memset(picref->data[1] + i*picref->linesize[1], 128, cw);
> + memset(picref->data[2] + i*picref->linesize[2], 128, cw);
> + }
Ping, will push tomorrow if I see no comments.
--
FFmpeg = Friendly & Fierce Mystic Portentous Ermetic Gangster
More information about the ffmpeg-devel
mailing list