[FFmpeg-cvslog] avcodec/pngenc: Replace memcpy by av_image_copy()

[Michael Niedermayer]

ffmpeg | branch: release/2.8 | Michael Niedermayer <michael at niedermayer.cc> | Fri Jan 15 00:35:57 2016 +0100| [0c5a71fececbfd98e4cf3d3ae4a64660eba8c2b9] | committer: Michael Niedermayer

avcodec/pngenc: Replace memcpy by av_image_copy()

Fixes out of array access
Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 7ec9c5ce8a753175244da971fed9f1e25aef7971)

Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0c5a71fececbfd98e4cf3d3ae4a64660eba8c2b9
---

 libavcodec/pngenc.c |    9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/libavcodec/pngenc.c b/libavcodec/pngenc.c
index f6ad830..ef78d76 100644
--- a/libavcodec/pngenc.c
+++ b/libavcodec/pngenc.c
@@ -747,8 +747,7 @@ static int apng_encode_frame(AVCodecContext *avctx, const AVFrame *pict,
 
             // Do disposal
             if (last_fctl_chunk.dispose_op != APNG_DISPOSE_OP_PREVIOUS) {
-                memcpy(diffFrame->data[0], s->last_frame->data[0],
-                       s->last_frame->linesize[0] * s->last_frame->height);
+                av_frame_copy(diffFrame, s->last_frame);
 
                 if (last_fctl_chunk.dispose_op == APNG_DISPOSE_OP_BACKGROUND) {
                     for (y = last_fctl_chunk.y_offset; y < last_fctl_chunk.y_offset + last_fctl_chunk.height; ++y) {
@@ -760,8 +759,7 @@ static int apng_encode_frame(AVCodecContext *avctx, const AVFrame *pict,
                 if (!s->prev_frame)
                     continue;
 
-                memcpy(diffFrame->data[0], s->prev_frame->data[0],
-                       s->prev_frame->linesize[0] * s->prev_frame->height);
+                av_frame_copy(diffFrame, s->prev_frame);
             }
 
             // Do inverse blending
@@ -923,8 +921,7 @@ static int encode_apng(AVCodecContext *avctx, AVPacket *pkt,
             }
 
             // Do disposal, but not blending
-            memcpy(s->prev_frame->data[0], s->last_frame->data[0],
-                   s->last_frame->linesize[0] * s->last_frame->height);
+            av_frame_copy(s->prev_frame, s->last_frame);
             if (s->last_frame_fctl.dispose_op == APNG_DISPOSE_OP_BACKGROUND) {
                 uint32_t y;
                 uint8_t bpp = (s->bits_per_pixel + 7) >> 3;