[FFmpeg-devel] [PATCH] libswscale: avoid UB nullptr-with-offset.

Jeremy Leconte jleconte at google.com
Thu Dec 24 06:27:19 EET 2020


Great news that the patch is accepted.
Just updated the author is this version.
Thanks!
---
 libswscale/slice.c            | 12 ++++--------
 libswscale/swscale_unscaled.c |  4 +---
 2 files changed, 5 insertions(+), 11 deletions(-)

diff --git a/libswscale/slice.c b/libswscale/slice.c
index 7849b70f4d..d96db13364 100644
--- a/libswscale/slice.c
+++ b/libswscale/slice.c
@@ -158,14 +158,10 @@ int ff_init_slice_from_src(SwsSlice * s, uint8_t *src[4], int stride[4], int src
                         chrY + chrH,
                         lumY + lumH};
 
-    uint8_t *const src_[4] = {src[0] + (relative ? 0 : start[0]) * stride[0],
-                              src[1] + (relative ? 0 : start[1]) * stride[1],
-                              src[2] + (relative ? 0 : start[2]) * stride[2],
-                              src[3] + (relative ? 0 : start[3]) * stride[3]};
-
     s->width = srcW;
 
-    for (i = 0; i < 4; ++i) {
+    for (i = 0; i < 4 && src[i] != NULL; ++i) {
+        uint8_t *const src_i = src[i] + (relative ? 0 : start[i]) * stride[i];
         int j;
         int first = s->plane[i].sliceY;
         int n = s->plane[i].available_lines;
@@ -175,13 +171,13 @@ int ff_init_slice_from_src(SwsSlice * s, uint8_t *src[4], int stride[4], int src
         if (start[i] >= first && n >= tot_lines) {
             s->plane[i].sliceH = FFMAX(tot_lines, s->plane[i].sliceH);
             for (j = 0; j < lines; j+= 1)
-                s->plane[i].line[start[i] - first + j] = src_[i] +  j * stride[i];
+                s->plane[i].line[start[i] - first + j] = src_i +  j * stride[i];
         } else {
             s->plane[i].sliceY = start[i];
             lines = lines > n ? n : lines;
             s->plane[i].sliceH = lines;
             for (j = 0; j < lines; j+= 1)
-                s->plane[i].line[j] = src_[i] +  j * stride[i];
+                s->plane[i].line[j] = src_i +  j * stride[i];
         }
 
     }
diff --git a/libswscale/swscale_unscaled.c b/libswscale/swscale_unscaled.c
index 563de39696..7e92f3fafc 100644
--- a/libswscale/swscale_unscaled.c
+++ b/libswscale/swscale_unscaled.c
@@ -1805,7 +1805,7 @@ static int planarCopyWrapper(SwsContext *c, const uint8_t *src[],
     const AVPixFmtDescriptor *desc_src = av_pix_fmt_desc_get(c->srcFormat);
     const AVPixFmtDescriptor *desc_dst = av_pix_fmt_desc_get(c->dstFormat);
     int plane, i, j;
-    for (plane = 0; plane < 4; plane++) {
+    for (plane = 0; plane < 4 && dst[plane] != NULL; plane++) {
         int length = (plane == 0 || plane == 3) ? c->srcW  : AV_CEIL_RSHIFT(c->srcW,   c->chrDstHSubSample);
         int y =      (plane == 0 || plane == 3) ? srcSliceY: AV_CEIL_RSHIFT(srcSliceY, c->chrDstVSubSample);
         int height = (plane == 0 || plane == 3) ? srcSliceH: AV_CEIL_RSHIFT(srcSliceH, c->chrDstVSubSample);
@@ -1813,8 +1813,6 @@ static int planarCopyWrapper(SwsContext *c, const uint8_t *src[],
         uint8_t *dstPtr = dst[plane] + dstStride[plane] * y;
         int shiftonly = plane == 1 || plane == 2 || (!c->srcRange && plane == 0);
 
-        if (!dst[plane])
-            continue;
         // ignore palette for GRAY8
         if (plane == 1 && !dst[2]) continue;
         if (!src[plane] || (plane == 1 && !src[2])) {
-- 
2.29.2.729.g45daf8777d-goog



More information about the ffmpeg-devel mailing list