[FFmpeg-cvslog] avcodec/mjpegdec: use the correct linesize in the flipping code

Michael Niedermayer git at videolan.org
Fri Jan 31 22:50:31 CET 2014


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Fri Jan 31 20:59:57 2014 +0100| [19b41f86457d945e98c236f67faf59d560861a4c] | committer: Michael Niedermayer

avcodec/mjpegdec: use the correct linesize in the flipping code

Fixes out of array access
No releases should be affected
Depends on 7c3700cd1d8683966b21fffbf02e326d0bd14e06, do not backport without this one

Fixes: asan_heap-oob_14a37fe_9111_cov_1692584941_test4.amv
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=19b41f86457d945e98c236f67faf59d560861a4c
---

 libavcodec/mjpegdec.c |    6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libavcodec/mjpegdec.c b/libavcodec/mjpegdec.c
index 464b1d8..0ed9c0a 100644
--- a/libavcodec/mjpegdec.c
+++ b/libavcodec/mjpegdec.c
@@ -2052,12 +2052,12 @@ the_end:
                 h = FF_CEIL_RSHIFT(h, vshift);
             }
             if(dst){
-                uint8_t *dst2 = dst + s->linesize[index]*(h-1);
+                uint8_t *dst2 = dst + s->picture_ptr->linesize[index]*(h-1);
                 for (i=0; i<h/2; i++) {
                     for (j=0; j<w; j++)
                         FFSWAP(int, dst[j], dst2[j]);
-                    dst  += s->linesize[index];
-                    dst2 -= s->linesize[index];
+                    dst  += s->picture_ptr->linesize[index];
+                    dst2 -= s->picture_ptr->linesize[index];
                 }
             }
         }



More information about the ffmpeg-cvslog mailing list