[FFmpeg-devel] [PATCH 10/10] Add av_image_alloc() and use it in avfilter_default_get_video_buffer().

Michael Niedermayer michaelni
Sun Nov 14 01:02:00 CET 2010 

On Tue, Nov 09, 2010 at 11:55:44PM +0100, Stefano Sabatini wrote:
> On date Saturday 2010-11-06 01:50:35 +0100, Stefano Sabatini encoded:
> > On date Friday 2010-11-05 15:17:41 +0100, Stefano Sabatini encoded:
> > > ---
> > >  libavcore/imgutils.c   |   25 +++++++++++++++++++++++++
> > >  libavcore/imgutils.h   |   11 +++++++++++
> > >  libavfilter/defaults.c |   16 ++--------------
> > >  3 files changed, 38 insertions(+), 14 deletions(-)
> > 
> > Update with some fixes.
> 
> New update + bonus patch.
> 
> BTW I wonder, should we deprecate the avpicture API?
> -- 
> FFmpeg = Frenzy Faithless Merciful Pitiless Extensive Guru

>  libavcore/imgutils.c   |   27 +++++++++++++++++++++++++++
>  libavcore/imgutils.h   |   11 +++++++++++
>  libavfilter/defaults.c |   17 +++--------------
>  3 files changed, 41 insertions(+), 14 deletions(-)
> 9eba9b12a7f2f0d74e973fc4ca94731405c83007  0004-Implement-av_image_alloc-and-use-it-in.patch
> From 7b9fc086117b9f4d7b308f070bd322dfd695b240 Mon Sep 17 00:00:00 2001
> From: Stefano Sabatini <stefano.sabatini-lala at poste.it>
> Date: Sun, 7 Nov 2010 16:51:50 +0100
> Subject: [PATCH 4/9] Implement av_image_alloc() and use it in
>  avfilter_default_get_video_buffer().
> 
> ---
>  libavcore/imgutils.c   |   27 +++++++++++++++++++++++++++
>  libavcore/imgutils.h   |   11 +++++++++++
>  libavfilter/defaults.c |   17 +++--------------
>  3 files changed, 41 insertions(+), 14 deletions(-)
> 
> diff --git a/libavcore/imgutils.c b/libavcore/imgutils.c
> index 554639f..a2c3c7d 100644
> --- a/libavcore/imgutils.c
> +++ b/libavcore/imgutils.c
> @@ -161,6 +161,33 @@ int ff_set_systematic_pal2(uint32_t pal[256], enum PixelFormat pix_fmt)
>      return 0;
>  }
>  
> +int av_image_alloc(uint8_t *pointers[4], int linesizes[4],
> +                   int w, int h, enum PixelFormat pix_fmt, int align)
> +{
> +    int i, ret;
> +    uint8_t *buf;
> +
> +    if ((ret = av_image_fill_linesizes(linesizes, pix_fmt, w)) < 0)
> +        return ret;
> +
> +    for (i = 0; i < 4; i++)
> +        linesizes[i] = FFALIGN(linesizes[i], align);
> +
> +    if ((ret = av_image_fill_pointers(pointers, pix_fmt, h, NULL, linesizes)) < 0)
> +        return ret;

av_image_fill_pointers() does not seem to check w/h being valid and thus may
be exploitable

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

I have never wished to cater to the crowd; for what I know they do not
approve, and what they approve I do not know. -- Epicurus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-devel/attachments/20101114/93d5f4ac/attachment.pgp>

More information about the ffmpeg-devel mailing list