[FFmpeg-devel] [PATCH 1/3] avfilter/vf_sr: fix read out of bounds
Zhao Zhili
quinkblack at foxmail.com
Thu Sep 13 11:01:57 EEST 2018
Please drop this one. I have sent a version use const int array.
On 2018年09月13日 15:49, Zhao Zhili wrote:
> ---
> libavfilter/vf_sr.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/libavfilter/vf_sr.c b/libavfilter/vf_sr.c
> index 5ad1baa..26cacde 100644
> --- a/libavfilter/vf_sr.c
> +++ b/libavfilter/vf_sr.c
> @@ -239,7 +239,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
> 0, sr_context->sws_slice_h, out->data, out->linesize);
>
> sws_scale(sr_context->sws_contexts[1], (const uint8_t **)out->data, out->linesize,
> - 0, out->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize);
> + 0, out->height, (uint8_t * const*)(&sr_context->input.data),
> + (int [4]){sr_context->sws_input_linesize, 0, 0, 0});
> break;
> case ESPCN:
> if (sr_context->sws_contexts[0]){
> @@ -250,7 +251,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
> }
>
> sws_scale(sr_context->sws_contexts[1], (const uint8_t **)in->data, in->linesize,
> - 0, in->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize);
> + 0, in->height, (uint8_t * const*)(&sr_context->input.data),
> + (int [4]){sr_context->sws_input_linesize, 0, 0, 0});
> }
> av_frame_free(&in);
>
> @@ -260,7 +262,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
> return AVERROR(EIO);
> }
>
> - sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), &sr_context->sws_output_linesize,
> + sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data),
> + (int [4]){sr_context->sws_output_linesize, 0, 0, 0},
> 0, out->height, (uint8_t * const*)out->data, out->linesize);
>
> return ff_filter_frame(outlink, out);
More information about the ffmpeg-devel
mailing list