[FFmpeg-devel] [PATCH] avcodec/vc1: fix out of bounds access of overlap filter
Jerome Borsboom
jerome.borsboom at carpalis.nl
Thu Apr 26 17:49:04 EEST 2018
Overlap filtering of the first row and first column must be guarded
for out of bounds access of v->over_flags_plane.
Signed-off-by: Jerome Borsboom <jerome.borsboom at carpalis.nl>
---
libavcodec/vc1_loopfilter.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libavcodec/vc1_loopfilter.c b/libavcodec/vc1_loopfilter.c
index bab28a649f..4c0de7c025 100644
--- a/libavcodec/vc1_loopfilter.c
+++ b/libavcodec/vc1_loopfilter.c
@@ -110,19 +110,19 @@ void ff_vc1_i_overlap_filter(VC1Context *v)
* we run the put_pixels loop, i.e. delayed by one row and one column. */
for (i = 0; i < block_count; i++)
if (v->pq >= 9 || v->condover == CONDOVER_ALL ||
- (v->over_flags_plane[mb_pos] && ((i & 5) == 1 || v->over_flags_plane[mb_pos - 1])))
+ (v->over_flags_plane[mb_pos] && ((i & 5) == 1 || (s->mb_x && v->over_flags_plane[mb_pos - 1]))))
vc1_h_overlap_filter(v, s->mb_x ? left_blk : cur_blk, cur_blk, i);
if (v->fcm != ILACE_FRAME)
for (i = 0; i < block_count; i++) {
if (s->mb_x && (v->pq >= 9 || v->condover == CONDOVER_ALL ||
(v->over_flags_plane[mb_pos - 1] &&
- ((i & 2) || v->over_flags_plane[mb_pos - 1 - s->mb_stride]))))
+ ((i & 2) || (!s->first_slice_line && v->over_flags_plane[mb_pos - 1 - s->mb_stride])))))
vc1_v_overlap_filter(v, s->first_slice_line ? left_blk : topleft_blk, left_blk, i);
if (s->mb_x == s->mb_width - 1)
if (v->pq >= 9 || v->condover == CONDOVER_ALL ||
(v->over_flags_plane[mb_pos] &&
- ((i & 2) || v->over_flags_plane[mb_pos - s->mb_stride])))
+ ((i & 2) || (!s->first_slice_line && v->over_flags_plane[mb_pos - s->mb_stride]))))
vc1_v_overlap_filter(v, s->first_slice_line ? cur_blk : top_blk, cur_blk, i);
}
}
--
2.13.6
More information about the ffmpeg-devel
mailing list