[FFmpeg-devel] [PATCH]Fix invalid memory accesses using the fade filter
Clément Bœsch
u at pkh.me
Mon Feb 23 14:02:42 CET 2015
On Mon, Feb 23, 2015 at 01:59:45PM +0100, Michael Niedermayer wrote:
> On Mon, Feb 23, 2015 at 03:27:54AM +0100, Carl Eugen Hoyos wrote:
> > Hi!
> >
> > Attached patch fixes a crash with the following command line:
> > $ ffmpeg -loop 1 -i fate-suite/lena.pnm -vf format=yuva420p,fade -f null -
> >
> > Please comment, Carl Eugen
>
> > vf_fade.c | 5 ++++-
> > 1 file changed, 4 insertions(+), 1 deletion(-)
> > 31297e0aecbb7ec4637c180ae16254499c628334 patchfade.diff
> > diff --git a/libavfilter/vf_fade.c b/libavfilter/vf_fade.c
> > index 80ce75d..5d012af 100644
> > --- a/libavfilter/vf_fade.c
> > +++ b/libavfilter/vf_fade.c
> > @@ -203,7 +203,10 @@ static int filter_slice_luma(AVFilterContext *ctx, void *arg, int jobnr,
> >
> > for (i = slice_start; i < slice_end; i++) {
> > uint8_t *p = frame->data[0] + i * frame->linesize[0];
> > + int width = av_pix_fmt_desc_get(frame->format)->flags & AV_PIX_FMT_FLAG_PLANAR ?
> > + frame->width :
> > + frame->width * s->bpp;
> > - for (j = 0; j < frame->width * s->bpp; j++) {
> > + for (j = 0; j < width; j++) {
>
> should be ok, alternatively bpp could be renamed and set to 1 for
> planar
>
And moved out of the loop
[...]
--
Clément B.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20150223/15a4cb5f/attachment.asc>
More information about the ffmpeg-devel
mailing list