[FFmpeg-devel] [PATCH] lavfi/mptestsrc: fix invalid access in case of negative linesize
Stefano Sabatini
stefasab at gmail.com
Thu Apr 18 23:52:17 CEST 2013
On date Thursday 2013-04-18 20:44:58 +0000, Paul B Mahol encoded:
> On 4/18/13, Stefano Sabatini <stefasab at gmail.com> wrote:
> > On date Wednesday 2013-04-17 22:12:06 +0200, Stefano Sabatini encoded:
> >> In particular, fix crash with:
> >> ffplay -f lavfi mptestsrc,vflip
> >> ---
> >> libavfilter/vsrc_mptestsrc.c | 12 ++++++++----
> >> 1 file changed, 8 insertions(+), 4 deletions(-)
> >>
> >> diff --git a/libavfilter/vsrc_mptestsrc.c b/libavfilter/vsrc_mptestsrc.c
> >> index 867cd50..e931c76 100644
> >> --- a/libavfilter/vsrc_mptestsrc.c
> >> +++ b/libavfilter/vsrc_mptestsrc.c
> >> @@ -301,9 +301,10 @@ static int request_frame(AVFilterLink *outlink)
> >> {
> >> MPTestContext *test = outlink->src->priv;
> >> AVFrame *picref;
> >> - int w = WIDTH, h = HEIGHT, ch = h>>test->vsub;
> >> + int w = WIDTH, h = HEIGHT, cw = w>>test->hsub, ch = h>>test->vsub;
> >> unsigned int frame = test->frame_nb;
> >> enum test_type tt = test->test;
> >> + int i;
> >>
> >> if (test->max_pts >= 0 && test->pts > test->max_pts)
> >> return AVERROR_EOF;
> >> @@ -313,9 +314,12 @@ static int request_frame(AVFilterLink *outlink)
> >> picref->pts = test->pts++;
> >>
> >> // clean image
> >> - memset(picref->data[0], 0, picref->linesize[0] * h);
> >> - memset(picref->data[1], 128, picref->linesize[1] * ch);
> >> - memset(picref->data[2], 128, picref->linesize[2] * ch);
> >> + for (i = 0; i < h; i++)
> >> + memset(picref->data[0] + i*picref->linesize[0], 0, w);
> >> + for (i = 0; i < ch; i++) {
> >> + memset(picref->data[1] + i*picref->linesize[1], 128, cw);
> >> + memset(picref->data[2] + i*picref->linesize[2], 128, cw);
> >> + }
> >
> > Ping, will push tomorrow if I see no comments.
>
>
> It should be fine, but adding helpers (like av_copy_plane) would not hurt.
For that you would need a frame to copy, which we don't have right
now (some filling function also may be good, but seems overkill for
this case).
Pushed, thanks.
--
FFmpeg = Fundamental and Fierce Muttering Pitiful Exploitable Geek
More information about the ffmpeg-devel
mailing list