[FFmpeg-devel] [PATCH] libswscale: avoid UB nullptr-with-offset.

Mon Dec 21 15:52:08 EET 2020

---
 libswscale/slice.c            | 12 +++++-------
 libswscale/swscale_unscaled.c |  5 +++--
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/libswscale/slice.c b/libswscale/slice.c
index 7849b70f4d..b1cfc0e506 100644
--- a/libswscale/slice.c
+++ b/libswscale/slice.c
@@ -158,14 +158,12 @@ int ff_init_slice_from_src(SwsSlice * s, uint8_t *src[4], int stride[4], int src
                         chrY + chrH,
                         lumY + lumH};
 
-    uint8_t *const src_[4] = {src[0] + (relative ? 0 : start[0]) * stride[0],
-                              src[1] + (relative ? 0 : start[1]) * stride[1],
-                              src[2] + (relative ? 0 : start[2]) * stride[2],
-                              src[3] + (relative ? 0 : start[3]) * stride[3]};
-
     s->width = srcW;
 
     for (i = 0; i < 4; ++i) {
+        if (!src[i])
+          continue;
+        uint8_t *const src_ = src[i] + (relative ? 0 : start[i]) * stride[i];
         int j;
         int first = s->plane[i].sliceY;
         int n = s->plane[i].available_lines;
@@ -175,13 +173,13 @@ int ff_init_slice_from_src(SwsSlice * s, uint8_t *src[4], int stride[4], int src
         if (start[i] >= first && n >= tot_lines) {
             s->plane[i].sliceH = FFMAX(tot_lines, s->plane[i].sliceH);
             for (j = 0; j < lines; j+= 1)
-                s->plane[i].line[start[i] - first + j] = src_[i] +  j * stride[i];
+                s->plane[i].line[start[i] - first + j] = src_ +  j * stride[i];
         } else {
             s->plane[i].sliceY = start[i];
             lines = lines > n ? n : lines;
             s->plane[i].sliceH = lines;
             for (j = 0; j < lines; j+= 1)
-                s->plane[i].line[j] = src_[i] +  j * stride[i];
+                s->plane[i].line[j] = src_ +  j * stride[i];
         }
 
     }
diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c
index 563de39696..39fb7cc87f 100644
--- a/libswscale/swscale_unscaled.c
+++ b/libswscale/swscale_unscaled.c
@@ -1806,6 +1806,9 @@ static int planarCopyWrapper(SwsContext *c, const uint8_t *src[],
     const AVPixFmtDescriptor *desc_dst = av_pix_fmt_desc_get(c->dstFormat);
     int plane, i, j;
     for (plane = 0; plane < 4; plane++) {
+        if (!dst[plane])
+            continue;
+
         int length = (plane == 0 || plane == 3) ? c->srcW  : AV_CEIL_RSHIFT(c->srcW,   c->chrDstHSubSample);
         int y =      (plane == 0 || plane == 3) ? srcSliceY: AV_CEIL_RSHIFT(srcSliceY, c->chrDstVSubSample);
         int height = (plane == 0 || plane == 3) ? srcSliceH: AV_CEIL_RSHIFT(srcSliceH, c->chrDstVSubSample);
@@ -1813,8 +1816,6 @@ static int planarCopyWrapper(SwsContext *c, const uint8_t *src[],
         uint8_t *dstPtr = dst[plane] + dstStride[plane] * y;
         int shiftonly = plane == 1 || plane == 2 || (!c->srcRange && plane == 0);
 
-        if (!dst[plane])
-            continue;
         // ignore palette for GRAY8
         if (plane == 1 && !dst[2]) continue;
         if (!src[plane] || (plane == 1 && !src[2])) {
-- 
2.29.2.684.gfbc64c5ab5-goog

