[FFmpeg-devel] [PATCH]Fix invalid memory accesses using the fade filter
Michael Niedermayer
michaelni at gmx.at
Mon Feb 23 13:59:45 CET 2015
On Mon, Feb 23, 2015 at 03:27:54AM +0100, Carl Eugen Hoyos wrote:
> Hi!
>
> Attached patch fixes a crash with the following command line:
> $ ffmpeg -loop 1 -i fate-suite/lena.pnm -vf format=yuva420p,fade -f null -
>
> Please comment, Carl Eugen
> vf_fade.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
> 31297e0aecbb7ec4637c180ae16254499c628334 patchfade.diff
> diff --git a/libavfilter/vf_fade.c b/libavfilter/vf_fade.c
> index 80ce75d..5d012af 100644
> --- a/libavfilter/vf_fade.c
> +++ b/libavfilter/vf_fade.c
> @@ -203,7 +203,10 @@ static int filter_slice_luma(AVFilterContext *ctx, void *arg, int jobnr,
>
> for (i = slice_start; i < slice_end; i++) {
> uint8_t *p = frame->data[0] + i * frame->linesize[0];
> + int width = av_pix_fmt_desc_get(frame->format)->flags & AV_PIX_FMT_FLAG_PLANAR ?
> + frame->width :
> + frame->width * s->bpp;
> - for (j = 0; j < frame->width * s->bpp; j++) {
> + for (j = 0; j < width; j++) {
should be ok, alternatively bpp could be renamed and set to 1 for
planar
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150223/380808cf/attachment.asc>
More information about the ffmpeg-devel
mailing list