[FFmpeg-devel] [PATCH] libswscale: avoid UB nullptr-with-offset.
Michael Niedermayer
michael at niedermayer.cc
Tue Dec 22 01:06:36 EET 2020
On Mon, Dec 21, 2020 at 01:52:08PM +0000, jleconte wrote:
> ---
> libswscale/slice.c | 12 +++++-------
> libswscale/swscale_unscaled.c | 5 +++--
> 2 files changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/libswscale/slice.c b/libswscale/slice.c
> index 7849b70f4d..b1cfc0e506 100644
> --- a/libswscale/slice.c
> +++ b/libswscale/slice.c
> @@ -158,14 +158,12 @@ int ff_init_slice_from_src(SwsSlice * s, uint8_t *src[4], int stride[4], int src
> chrY + chrH,
> lumY + lumH};
>
> - uint8_t *const src_[4] = {src[0] + (relative ? 0 : start[0]) * stride[0],
> - src[1] + (relative ? 0 : start[1]) * stride[1],
> - src[2] + (relative ? 0 : start[2]) * stride[2],
> - src[3] + (relative ? 0 : start[3]) * stride[3]};
> -
> s->width = srcW;
>
> for (i = 0; i < 4; ++i) {
> + if (!src[i])
> + continue;
indention
> + uint8_t *const src_ = src[i] + (relative ? 0 : start[i]) * stride[i];
please call this src_i, its more clear then what it is
> int j;
> int first = s->plane[i].sliceY;
> int n = s->plane[i].available_lines;
> @@ -175,13 +173,13 @@ int ff_init_slice_from_src(SwsSlice * s, uint8_t *src[4], int stride[4], int src
> if (start[i] >= first && n >= tot_lines) {
> s->plane[i].sliceH = FFMAX(tot_lines, s->plane[i].sliceH);
> for (j = 0; j < lines; j+= 1)
> - s->plane[i].line[start[i] - first + j] = src_[i] + j * stride[i];
> + s->plane[i].line[start[i] - first + j] = src_ + j * stride[i];
> } else {
> s->plane[i].sliceY = start[i];
> lines = lines > n ? n : lines;
> s->plane[i].sliceH = lines;
> for (j = 0; j < lines; j+= 1)
> - s->plane[i].line[j] = src_[i] + j * stride[i];
> + s->plane[i].line[j] = src_ + j * stride[i];
> }
>
> }
> diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c
> index 563de39696..39fb7cc87f 100644
> --- a/libswscale/swscale_unscaled.c
> +++ b/libswscale/swscale_unscaled.c
> @@ -1806,6 +1806,9 @@ static int planarCopyWrapper(SwsContext *c, const uint8_t *src[],
> const AVPixFmtDescriptor *desc_dst = av_pix_fmt_desc_get(c->dstFormat);
> int plane, i, j;
> for (plane = 0; plane < 4; plane++) {
> + if (!dst[plane])
> + continue;
> +
> int length = (plane == 0 || plane == 3) ? c->srcW : AV_CEIL_RSHIFT(c->srcW, c->chrDstHSubSample);
> int y = (plane == 0 || plane == 3) ? srcSliceY: AV_CEIL_RSHIFT(srcSliceY, c->chrDstVSubSample);
> int height = (plane == 0 || plane == 3) ? srcSliceH: AV_CEIL_RSHIFT(srcSliceH, c->chrDstVSubSample);
This produces new warnings:
libswscale/swscale_unscaled.c: In function ‘planarCopyWrapper’:
libswscale/swscale_unscaled.c:1812:9: warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]
int length = (plane == 0 || plane == 3) ? c->srcW : AV_CEIL_RSHIFT(c->srcW, c->chrDstHSubSample);
^~~
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I am the wisest man alive, for I know one thing, and that is that I know
nothing. -- Socrates
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20201222/747a79a4/attachment.sig>
More information about the ffmpeg-devel
mailing list