[FFmpeg-devel] [PATCH]Fix invalid memory accesses using the fade filter

Carl Eugen Hoyos cehoyos at ag.or.at
Tue Feb 24 11:41:02 CET 2015


On Monday 23 February 2015 02:02:42 pm Clément Bœsch wrote:
> On Mon, Feb 23, 2015 at 01:59:45PM +0100, Michael Niedermayer wrote:
> > On Mon, Feb 23, 2015 at 03:27:54AM +0100, Carl Eugen Hoyos wrote:

> > > +        int width = av_pix_fmt_desc_get(frame->format)->flags &
> > > AV_PIX_FMT_FLAG_PLANAR ? +                    frame->width :
> > > +                    frame->width * s->bpp;
> > > -        for (j = 0; j < frame->width * s->bpp; j++) {
> > > +        for (j = 0; j < width; j++) {
> >
> > should be ok, alternatively bpp could be renamed and set to 1 for
> > planar
>
> And moved out of the loop

New patch attached.

Thank you, Carl Eugen
-------------- next part --------------
diff --git a/libavfilter/vf_fade.c b/libavfilter/vf_fade.c
index 80ce75d..a7597cd 100644
--- a/libavfilter/vf_fade.c
+++ b/libavfilter/vf_fade.c
@@ -138,7 +138,9 @@ static int config_props(AVFilterLink *inlink)
     s->hsub = pixdesc->log2_chroma_w;
     s->vsub = pixdesc->log2_chroma_h;
 
-    s->bpp = av_get_bits_per_pixel(pixdesc) >> 3;
+    s->bpp = pixdesc->flags & AV_PIX_FMT_FLAG_PLANAR ?
+             1 :
+             av_get_bits_per_pixel(pixdesc) >> 3;
     s->alpha &= !!(pixdesc->flags & AV_PIX_FMT_FLAG_ALPHA);
     s->is_packed_rgb = ff_fill_rgba_map(s->rgba_map, inlink->format) >= 0;
 


More information about the ffmpeg-devel mailing list