[FFmpeg-devel] [PATCH] lavfi/smptebars: fix invalid writes

Michael Niedermayer michaelni at gmx.at
Thu Apr 4 21:50:51 CEST 2013 

On Thu, Apr 04, 2013 at 09:02:46PM +0200, Stefano Sabatini wrote:
> On date Thursday 2013-04-04 14:36:52 +0000, Paul B Mahol encoded:
> > Signed-off-by: Paul B Mahol <onemda at gmail.com>
> > ---
> >  libavfilter/vsrc_testsrc.c | 22 +++++++++++-----------
> >  1 file changed, 11 insertions(+), 11 deletions(-)
> > 
> > diff --git a/libavfilter/vsrc_testsrc.c b/libavfilter/vsrc_testsrc.c
> > index 9317f82..5b1cefc 100644
> > --- a/libavfilter/vsrc_testsrc.c
> > +++ b/libavfilter/vsrc_testsrc.c
> > @@ -721,25 +721,25 @@ static void smptebars_fill_picture(AVFilterContext *ctx, AVFrame *picref)
> >      for (i = 0; i < 7; i++) {
> >          DRAW_COLOR(rainbow[i], x, 0,   FFMIN(r_w, test->w - x), r_h);
> >          DRAW_COLOR(wobnair[i], x, r_h, FFMIN(r_w, test->w - x), w_h);
> > -        x += r_w;
> > +        x = FFMIN(test->w, x + r_w);
> >      }
> >      x = 0;
> >      DRAW_COLOR(i_pixel, x, r_h + w_h, p_w, p_h);
> > -    x += p_w;
> > +    x = FFMIN(test->w, x + p_w);
> >      DRAW_COLOR(white, x, r_h + w_h, p_w, p_h);
> > -    x += p_w;
> > +    x = FFMIN(test->w, x + p_w);
> >      DRAW_COLOR(q_pixel, x, r_h + w_h, p_w, p_h);
> > -    x += p_w;
> > +    x = FFMIN(test->w, x + p_w);
> >      tmp = FFALIGN(5 * r_w - x,  1 << pixdesc->log2_chroma_w);
> >      DRAW_COLOR(black, x, r_h + w_h, tmp, p_h);
> > -    x += tmp;
> > +    x = FFMIN(test->w, x + tmp);
> >      tmp = FFALIGN(r_w / 3,  1 << pixdesc->log2_chroma_w);
> > -    DRAW_COLOR(neg4ire, x, r_h + w_h, tmp, p_h);
> > -    x += tmp;
> > -    DRAW_COLOR(black, x, r_h + w_h, tmp, p_h);
> > -    x += tmp;
> > -    DRAW_COLOR(pos4ire, x, r_h + w_h, tmp, p_h);
> > -    x += tmp;
> > +    DRAW_COLOR(neg4ire, x, r_h + w_h, FFMIN(tmp, test->w - x), p_h);
> > +    x = FFMIN(test->w, x + tmp);
> > +    DRAW_COLOR(black, x, r_h + w_h, FFMIN(tmp, test->w - x), p_h);
> > +    x = FFMIN(test->w, x + tmp);
> > +    DRAW_COLOR(pos4ire, x, r_h + w_h, FFMIN(tmp, test->w - x), p_h);
> > +    x = FFMIN(test->w, x + tmp);
> >      DRAW_COLOR(black, x, r_h + w_h, test->w - x, p_h);
> 
> How does this happen?

the width stuff gets rounded up and is then too large i guess

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

It is dangerous to be right in matters on which the established authorities
are wrong. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20130404/02b65293/attachment.asc>

More information about the ffmpeg-devel mailing list