[FFmpeg-devel] [PATCH] avcodec/pngenc: fix invalid read in sub filter.
Clément Bœsch
u at pkh.me
Sun Feb 23 20:44:53 CET 2014
On Sun, Feb 23, 2014 at 08:32:14PM +0100, Michael Niedermayer wrote:
> On Sun, Feb 23, 2014 at 08:17:08PM +0100, Clément Bœsch wrote:
> > On Sat, Feb 22, 2014 at 10:36:40AM +0100, Michael Niedermayer wrote:
> > > On Fri, Feb 21, 2014 at 02:20:25PM +0100, Clément Bœsch wrote:
> > > > First pixel was computed based on invalid address read, and then
> > > > corrected by the following memcpy. After the commit, it's not computed
> > > > anymore, and memcpy fills the appropriate area.
> > > >
> > > > Fixes Ticket #3387
> > > > ---
> > > > libavcodec/pngenc.c | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > diff --git a/libavcodec/pngenc.c b/libavcodec/pngenc.c
> > > > index bf61be1..7fb511a 100644
> > > > --- a/libavcodec/pngenc.c
> > > > +++ b/libavcodec/pngenc.c
> > > > @@ -123,7 +123,7 @@ static void png_filter_row(DSPContext *dsp, uint8_t *dst, int filter_type,
> > > > memcpy(dst, src, size);
> > > > break;
> > > > case PNG_FILTER_VALUE_SUB:
> > > > - dsp->diff_bytes(dst, src, src-bpp, size);
> > > > + dsp->diff_bytes(dst + bpp, src + bpp, src, size - bpp);
> > >
> > > dsputil.h specifies that dst&src1 need 16byte align
> > > void (*diff_bytes)(uint8_t *dst/*align 16*/, const uint8_t *src1/*align 16*/, const uint8_t *src2/*align 1*/,int w);
> > >
> > > also see sub_left_prediction() in huffyuvenc
> > >
> >
> > Mmh. Would the attached patch be more reasonable then?
>
> LGTM
>
Fix a problem with unaligned_w computation and applied.
Thanks.
--
Clément B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20140223/02846af3/attachment.asc>
More information about the ffmpeg-devel
mailing list