[MPlayer-dev-eng] [patch] invalid reads in vf_spp & vf_fspp

Wed Nov 1 14:22:23 CET 2006

Hi

On Wed, Nov 01, 2006 at 01:52:19PM +0100, Jindrich Makovicka wrote:
> Hi,
> 
> fspp & fspp currently allocate and copy 16 times larger buffer for
> quantizers, which can cause invalid read accesses.
> 
> Trivial fix (divide image height with the height of a macroblock) attached.
> -- 
> Jindrich Makovicka

> Index: libmpcodecs/vf_fspp.c
> ===================================================================
> --- libmpcodecs/vf_fspp.c	(revision 20577)
> +++ libmpcodecs/vf_fspp.c	(working copy)
> @@ -531,8 +531,8 @@
>      vf->priv->mpeg2= mpi->qscale_type;
>      if(mpi->pict_type != 3 && mpi->qscale && !vf->priv->qp){
>  	if(!vf->priv->non_b_qp)
> -	    vf->priv->non_b_qp= malloc(mpi->qstride * mpi->h);
> -	memcpy(vf->priv->non_b_qp, mpi->qscale, mpi->qstride * mpi->h);
> +	    vf->priv->non_b_qp= malloc(mpi->qstride * (mpi->h >> 4));
> +	memcpy(vf->priv->non_b_qp, mpi->qscale, mpi->qstride * (mpi->h >> 4));

height doesnt need to be a mutiple of 16

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is