[FFmpeg-cvslog] videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations.
Ronald S. Bultje
git at videolan.org
Wed Oct 5 04:29:26 EEST 2016
ffmpeg | branch: release/2.8 | Ronald S. Bultje <rsbultje at gmail.com> | Sat Jan 16 14:44:28 2016 -0500| [62b2b2195b7eac8570ef31b8306916a1a53a537b] | committer: Michael Niedermayer
videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations.
This can overread (either before start or beyond end) of the buffer in
Nx1 (i.e. height=1) images.
Fixes mozilla bug 1240080.
(cherry picked from commit 0f88b3f82fafd536979993aeaafcb11a22266dbd)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62b2b2195b7eac8570ef31b8306916a1a53a537b
---
libavcodec/x86/videodsp.asm | 21 ++++++---------------
1 file changed, 6 insertions(+), 15 deletions(-)
diff --git a/libavcodec/x86/videodsp.asm b/libavcodec/x86/videodsp.asm
index 48f5ac0..a807d3b 100644
--- a/libavcodec/x86/videodsp.asm
+++ b/libavcodec/x86/videodsp.asm
@@ -193,14 +193,10 @@ hvar_fn
mov valb, [srcq+%2-1]
%elif (%2-%%off) == 2
mov valw, [srcq+%2-2]
-%elifidn %1, body
+%else
mov valb, [srcq+%2-1]
- sal vald, 16
+ ror vald, 16
mov valw, [srcq+%2-3]
-%elifidn %1, bottom
- movd mm %+ %%mmx_idx, [srcq+%2-4]
-%else ; top
- movd mm %+ %%mmx_idx, [srcq+%2-3]
%endif
%endif ; (%2-%%off) >= 1
%endmacro ; READ_NUM_BYTES
@@ -253,18 +249,13 @@ hvar_fn
mov [dstq+%2-1], valb
%elif (%2-%%off) == 2
mov [dstq+%2-2], valw
-%elifidn %1, body
- mov [dstq+%2-3], valw
- sar vald, 16
- mov [dstq+%2-1], valb
%else
- movd vald, mm %+ %%mmx_idx
-%ifidn %1, bottom
- sar vald, 8
-%endif
mov [dstq+%2-3], valw
- sar vald, 16
+ ror vald, 16
mov [dstq+%2-1], valb
+%ifnidn %1, body
+ ror vald, 16
+%endif
%endif
%endif ; (%2-%%off) >= 1
%endmacro ; WRITE_NUM_BYTES
More information about the ffmpeg-cvslog
mailing list