[MPlayer-dev-eng] [patch] invalid reads in vf_spp & vf_fspp
Jindrich Makovicka
makovick at gmail.com
Wed Nov 1 13:52:19 CET 2006
Hi,
fspp & fspp currently allocate and copy 16 times larger buffer for
quantizers, which can cause invalid read accesses.
Trivial fix (divide image height with the height of a macroblock) attached.
--
Jindrich Makovicka
-------------- next part --------------
Index: libmpcodecs/vf_fspp.c
===================================================================
--- libmpcodecs/vf_fspp.c (revision 20577)
+++ libmpcodecs/vf_fspp.c (working copy)
@@ -531,8 +531,8 @@
vf->priv->mpeg2= mpi->qscale_type;
if(mpi->pict_type != 3 && mpi->qscale && !vf->priv->qp){
if(!vf->priv->non_b_qp)
- vf->priv->non_b_qp= malloc(mpi->qstride * mpi->h);
- memcpy(vf->priv->non_b_qp, mpi->qscale, mpi->qstride * mpi->h);
+ vf->priv->non_b_qp= malloc(mpi->qstride * (mpi->h >> 4));
+ memcpy(vf->priv->non_b_qp, mpi->qscale, mpi->qstride * (mpi->h >> 4));
}
if(vf->priv->log2_count || !(mpi->flags&MP_IMGFLAG_DIRECT)){
char *qp_tab= vf->priv->non_b_qp;
Index: libmpcodecs/vf_spp.c
===================================================================
--- libmpcodecs/vf_spp.c (revision 20577)
+++ libmpcodecs/vf_spp.c (working copy)
@@ -477,8 +477,8 @@
vf->priv->mpeg2= mpi->qscale_type;
if(mpi->pict_type != 3 && mpi->qscale && !vf->priv->qp){
if(!vf->priv->non_b_qp)
- vf->priv->non_b_qp= malloc(mpi->qstride * mpi->h);
- memcpy(vf->priv->non_b_qp, mpi->qscale, mpi->qstride * mpi->h);
+ vf->priv->non_b_qp= malloc(mpi->qstride * (mpi->h >> 4));
+ memcpy(vf->priv->non_b_qp, mpi->qscale, mpi->qstride * (mpi->h >> 4));
}
if(vf->priv->log2_count || !(mpi->flags&MP_IMGFLAG_DIRECT)){
char *qp_tab= vf->priv->non_b_qp;
More information about the MPlayer-dev-eng
mailing list