[FFmpeg-trac] #6763(swscale:new): swscale: Out-of-bounds memory accesses

FFmpeg trac at avcodec.org
Sat Oct 21 02:59:22 EEST 2017

#6763: swscale: Out-of-bounds memory accesses
             Reporter:  Gramner     |                    Owner:
                 Type:  defect      |                   Status:  new
             Priority:  important   |                Component:  swscale
              Version:  git-master  |               Resolution:
             Keywords:  crash       |               Blocked By:
             Blocking:              |  Reproduced by developer:  0
Analyzed by developer:  0           |
Changes (by Gramner):

 * version:  unspecified => git-master


 Not sure which disassembly you're interested in, but the source shows the
 entire row loop done using 128-bit loads with no special handling for the

 With width=512 as an example, on the last loop iteration "movu m4,
 [srcq+12]" reads 16 bytes from offset 1524 which results in an overflow of
 4 bytes.

 The input buffer is the exact size of the input data with zero padding as
 no such requirement is documented.

Ticket URL: <https://trac.ffmpeg.org/ticket/6763#comment:2>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker

More information about the FFmpeg-trac mailing list