[FFmpeg-devel] [PATCH] avcodec/vc1: fix out of bounds access of overlap filter

James Almer jamrial at gmail.com
Thu Apr 26 18:20:25 EEST 2018


On 4/26/2018 11:49 AM, Jerome Borsboom wrote:
> Overlap filtering of the first row and first column must be guarded
> for out of bounds access of v->over_flags_plane.
> 
> Signed-off-by: Jerome Borsboom <jerome.borsboom at carpalis.nl>
> ---
>  libavcodec/vc1_loopfilter.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/libavcodec/vc1_loopfilter.c b/libavcodec/vc1_loopfilter.c
> index bab28a649f..4c0de7c025 100644
> --- a/libavcodec/vc1_loopfilter.c
> +++ b/libavcodec/vc1_loopfilter.c
> @@ -110,19 +110,19 @@ void ff_vc1_i_overlap_filter(VC1Context *v)
>       * we run the put_pixels loop, i.e. delayed by one row and one column. */
>      for (i = 0; i < block_count; i++)
>          if (v->pq >= 9 || v->condover == CONDOVER_ALL ||
> -            (v->over_flags_plane[mb_pos] && ((i & 5) == 1 || v->over_flags_plane[mb_pos - 1])))
> +            (v->over_flags_plane[mb_pos] && ((i & 5) == 1 || (s->mb_x && v->over_flags_plane[mb_pos - 1]))))
>              vc1_h_overlap_filter(v, s->mb_x ? left_blk : cur_blk, cur_blk, i);
>  
>      if (v->fcm != ILACE_FRAME)
>          for (i = 0; i < block_count; i++) {
>              if (s->mb_x && (v->pq >= 9 || v->condover == CONDOVER_ALL ||
>                  (v->over_flags_plane[mb_pos - 1] &&
> -                 ((i & 2) || v->over_flags_plane[mb_pos - 1 - s->mb_stride]))))
> +                 ((i & 2) || (!s->first_slice_line && v->over_flags_plane[mb_pos - 1 - s->mb_stride])))))
>                  vc1_v_overlap_filter(v, s->first_slice_line ? left_blk : topleft_blk, left_blk, i);
>              if (s->mb_x == s->mb_width - 1)
>                  if (v->pq >= 9 || v->condover == CONDOVER_ALL ||
>                      (v->over_flags_plane[mb_pos] &&
> -                     ((i & 2) || v->over_flags_plane[mb_pos - s->mb_stride])))
> +                     ((i & 2) || (!s->first_slice_line && v->over_flags_plane[mb_pos - s->mb_stride]))))
>                      vc1_v_overlap_filter(v, s->first_slice_line ? cur_blk : top_blk, cur_blk, i);
>          }
>  }

Can confirm this fixes the Valgrind failures.

Thanks.


More information about the ffmpeg-devel mailing list