[FFmpeg-devel] [PATCH] avcodec/pngenc: fix invalid read in sub filter.

Clément Bœsch u at pkh.me
Fri Feb 21 14:20:25 CET 2014


First pixel was computed based on invalid address read, and then
corrected by the following memcpy. After the commit, it's not computed
anymore, and memcpy fills the appropriate area.

Fixes Ticket #3387
---
 libavcodec/pngenc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/pngenc.c b/libavcodec/pngenc.c
index bf61be1..7fb511a 100644
--- a/libavcodec/pngenc.c
+++ b/libavcodec/pngenc.c
@@ -123,7 +123,7 @@ static void png_filter_row(DSPContext *dsp, uint8_t *dst, int filter_type,
         memcpy(dst, src, size);
         break;
     case PNG_FILTER_VALUE_SUB:
-        dsp->diff_bytes(dst, src, src-bpp, size);
+        dsp->diff_bytes(dst + bpp, src + bpp, src, size - bpp);
         memcpy(dst, src, bpp);
         break;
     case PNG_FILTER_VALUE_UP:
-- 
1.9.0



More information about the ffmpeg-devel mailing list