[FFmpeg-cvslog] avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()

[Michael Niedermayer]

ffmpeg | branch: release/4.4 | Michael Niedermayer <michael at niedermayer.cc> | Fri Feb 19 21:43:45 2021 +0100| [f8fc6416b22abf06a0a624a845c17300aa140c43] | committer: Michael Niedermayer

avfilter/vf_scale: Fix adding 0 to NULL (which is UB) in scale_slice()

Found-by: Jeremy Leconte <jleconte at google.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
(cherry picked from commit 1cf96ce269364e3c2b4ec2097f121ad42b336839)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f8fc6416b22abf06a0a624a845c17300aa140c43
---

 libavfilter/vf_scale.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavfilter/vf_scale.c b/libavfilter/vf_scale.c
index 58eee96744..5ad9334d02 100644
--- a/libavfilter/vf_scale.c
+++ b/libavfilter/vf_scale.c
@@ -635,8 +635,8 @@ static int scale_slice(AVFilterLink *link, AVFrame *out_buf, AVFrame *cur_pic, s
         int vsub= ((i+1)&2) ? scale->vsub : 0;
          in_stride[i] = cur_pic->linesize[i] * mul;
         out_stride[i] = out_buf->linesize[i] * mul;
-         in[i] = cur_pic->data[i] + ((y>>vsub)+field) * cur_pic->linesize[i];
-        out[i] = out_buf->data[i] +            field  * out_buf->linesize[i];
+         in[i] = FF_PTR_ADD(cur_pic->data[i], ((y>>vsub)+field) * cur_pic->linesize[i]);
+        out[i] = FF_PTR_ADD(out_buf->data[i],            field  * out_buf->linesize[i]);
     }
     if (scale->input_is_pal)
          in[1] = cur_pic->data[1];