[FFmpeg-cvslog] avcodec/rpzaenc: don't use buffer data beyond the end of a row
James Almer
git at videolan.org
Tue Aug 13 20:50:51 EEST 2024
ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Tue Aug 13 11:04:51 2024 -0300| [ed618b288f4b689691a8989e50942e48c619fb4d] | committer: James Almer
avcodec/rpzaenc: don't use buffer data beyond the end of a row
Fixes use of uninitized data (masked by the default zeroing of image buffers).
Signed-off-by: James Almer <jamrial at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed618b288f4b689691a8989e50942e48c619fb4d
---
libavcodec/rpzaenc.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
index d84555d6c6..3a1924d385 100644
--- a/libavcodec/rpzaenc.c
+++ b/libavcodec/rpzaenc.c
@@ -749,20 +749,24 @@ post_skip :
if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
const uint16_t *row_ptr;
- int y_size, rgb555;
+ int y_size, x_size, rgb555;
block_offset = get_block_info(&bi, block_counter, 0);
pblock_offset = get_block_info(&bi, block_counter, 1);
row_ptr = &src_pixels[block_offset];
y_size = FFMIN(4, bi.image_height - bi.row * 4);
+ x_size = FFMIN(4, bi.image_width - bi.col * 4);
for (int y = 0; y < y_size; y++) {
- for (int x = 0; x < 4; x++) {
+ for (int x = 0; x < x_size; x++) {
rgb555 = row_ptr[x] & ~0x8000;
put_bits(&s->pb, 16, rgb555);
}
+ for (int x = x_size; x < 4; x++)
+ put_bits(&s->pb, 16, 0);
+
row_ptr += bi.rowstride;
}
More information about the ffmpeg-cvslog
mailing list