[FFmpeg-cvslog] avfilter/vf_sr: fix read out of bounds

Zhao Zhili git at videolan.org
Wed Sep 19 19:21:51 EEST 2018 

ffmpeg | branch: master | Zhao Zhili <quinkblack at foxmail.com> | Wed Sep 19 10:55:11 2018 +0800| [0d7a75e848c3119a69962bae5b90492b02053f93] | committer: Pedro Arthur

avfilter/vf_sr: fix read out of bounds

Signed-off-by: Pedro Arthur <bygrandao at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0d7a75e848c3119a69962bae5b90492b02053f93
---

 libavfilter/vf_sr.c | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/libavfilter/vf_sr.c b/libavfilter/vf_sr.c
index 8a77a1de13..c1ae6c5ff2 100644
--- a/libavfilter/vf_sr.c
+++ b/libavfilter/vf_sr.c
@@ -227,7 +227,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
                   0, sr_context->sws_slice_h, out->data, out->linesize);
 
         sws_scale(sr_context->sws_contexts[1], (const uint8_t **)out->data, out->linesize,
-                  0, out->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize);
+                  0, out->height, (uint8_t * const*)(&sr_context->input.data),
+                  (const int [4]){sr_context->sws_input_linesize, 0, 0, 0});
     }
     else{
         if (sr_context->sws_contexts[0]){
@@ -238,7 +239,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
         }
 
         sws_scale(sr_context->sws_contexts[1], (const uint8_t **)in->data, in->linesize,
-                  0, in->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize);
+                  0, in->height, (uint8_t * const*)(&sr_context->input.data),
+                  (const int [4]){sr_context->sws_input_linesize, 0, 0, 0});
     }
     av_frame_free(&in);
 
@@ -248,7 +250,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
         return AVERROR(EIO);
     }
 
-    sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), &sr_context->sws_output_linesize,
+    sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data),
+              (const int[4]){sr_context->sws_output_linesize, 0, 0, 0},
               0, out->height, (uint8_t * const*)out->data, out->linesize);
 
     return ff_filter_frame(outlink, out);

More information about the ffmpeg-cvslog mailing list