[FFmpeg-devel] [PATCH 2/2] avfilter/vf_weave: Fix odd height handling
Michael Niedermayer
michael at niedermayer.cc
Fri Dec 22 13:51:52 EET 2023
Fixes: out of array access
Fixes: tickets/10743/poc10ffmpeg
Found-by: Zeng Yunxiang and Li Zeyuan
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
---
libavfilter/vf_weave.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_weave.c b/libavfilter/vf_weave.c
index 84f3c5f337d..7ad29bdedbe 100644
--- a/libavfilter/vf_weave.c
+++ b/libavfilter/vf_weave.c
@@ -32,6 +32,7 @@ typedef struct WeaveContext {
int double_weave;
int nb_planes;
int planeheight[4];
+ int outheight[4];
int linesize[4];
AVFrame *prev;
@@ -81,6 +82,9 @@ static int config_props_output(AVFilterLink *outlink)
s->planeheight[1] = s->planeheight[2] = AV_CEIL_RSHIFT(inlink->h, desc->log2_chroma_h);
s->planeheight[0] = s->planeheight[3] = inlink->h;
+ s->outheight[1] = s->outheight[2] = AV_CEIL_RSHIFT(2*inlink->h, desc->log2_chroma_h);
+ s->outheight[0] = s->outheight[3] = 2*inlink->h;
+
s->nb_planes = av_pix_fmt_count_planes(inlink->format);
return 0;
@@ -106,19 +110,20 @@ static int weave_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)
const int height = s->planeheight[i];
const int start = (height * jobnr) / nb_jobs;
const int end = (height * (jobnr+1)) / nb_jobs;
+ const int compensation = 2*end > s->outheight[i];
av_image_copy_plane(out->data[i] + out->linesize[i] * field1 +
out->linesize[i] * start * 2,
out->linesize[i] * 2,
in->data[i] + start * in->linesize[i],
in->linesize[i],
- s->linesize[i], end - start);
+ s->linesize[i], end - start - compensation * field1);
av_image_copy_plane(out->data[i] + out->linesize[i] * field2 +
out->linesize[i] * start * 2,
out->linesize[i] * 2,
s->prev->data[i] + start * s->prev->linesize[i],
s->prev->linesize[i],
- s->linesize[i], end - start);
+ s->linesize[i], end - start - compensation * field2);
}
return 0;
--
2.17.1
More information about the ffmpeg-devel
mailing list