[FFmpeg-cvslog] avcodec/rpzaenc: don't use buffer data beyond the end of a row

James Almer git at videolan.org
Tue Aug 13 20:50:51 EEST 2024


ffmpeg | branch: master | James Almer <jamrial at gmail.com> | Tue Aug 13 11:04:51 2024 -0300| [ed618b288f4b689691a8989e50942e48c619fb4d] | committer: James Almer

avcodec/rpzaenc: don't use buffer data beyond the end of a row

Fixes use of uninitized data (masked by the default zeroing of image buffers).

Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=ed618b288f4b689691a8989e50942e48c619fb4d
---

 libavcodec/rpzaenc.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
index d84555d6c6..3a1924d385 100644
--- a/libavcodec/rpzaenc.c
+++ b/libavcodec/rpzaenc.c
@@ -749,20 +749,24 @@ post_skip :
 
             if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
                 const uint16_t *row_ptr;
-                int y_size, rgb555;
+                int y_size, x_size, rgb555;
 
                 block_offset  = get_block_info(&bi, block_counter, 0);
                 pblock_offset = get_block_info(&bi, block_counter, 1);
 
                 row_ptr = &src_pixels[block_offset];
                 y_size = FFMIN(4, bi.image_height - bi.row * 4);
+                x_size = FFMIN(4, bi.image_width  - bi.col * 4);
 
                 for (int y = 0; y < y_size; y++) {
-                    for (int x = 0; x < 4; x++) {
+                    for (int x = 0; x < x_size; x++) {
                         rgb555 = row_ptr[x] & ~0x8000;
 
                         put_bits(&s->pb, 16, rgb555);
                     }
+                    for (int x = x_size; x < 4; x++)
+                        put_bits(&s->pb, 16, 0);
+
                     row_ptr += bi.rowstride;
                 }
 



More information about the ffmpeg-cvslog mailing list