[MPlayer-dev-eng] [patch] invalid reads in vf_spp & vf_fspp
Michael Niedermayer
michaelni at gmx.at
Wed Nov 1 14:22:23 CET 2006
Hi
On Wed, Nov 01, 2006 at 01:52:19PM +0100, Jindrich Makovicka wrote:
> Hi,
>
> fspp & fspp currently allocate and copy 16 times larger buffer for
> quantizers, which can cause invalid read accesses.
>
> Trivial fix (divide image height with the height of a macroblock) attached.
> --
> Jindrich Makovicka
> Index: libmpcodecs/vf_fspp.c
> ===================================================================
> --- libmpcodecs/vf_fspp.c (revision 20577)
> +++ libmpcodecs/vf_fspp.c (working copy)
> @@ -531,8 +531,8 @@
> vf->priv->mpeg2= mpi->qscale_type;
> if(mpi->pict_type != 3 && mpi->qscale && !vf->priv->qp){
> if(!vf->priv->non_b_qp)
> - vf->priv->non_b_qp= malloc(mpi->qstride * mpi->h);
> - memcpy(vf->priv->non_b_qp, mpi->qscale, mpi->qstride * mpi->h);
> + vf->priv->non_b_qp= malloc(mpi->qstride * (mpi->h >> 4));
> + memcpy(vf->priv->non_b_qp, mpi->qscale, mpi->qstride * (mpi->h >> 4));
height doesnt need to be a mutiple of 16
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
In the past you could go to a library and read, borrow or copy any book
Today you'd get arrested for mere telling someone where the library is
More information about the MPlayer-dev-eng
mailing list