[FFmpeg-devel] [PATCH] avcodec/rpzaenc: don't use buffer data beyond the end of a row

Tue Aug 13 17:05:29 EEST 2024

Fixes use of uninitized data (masked by the default zeroing of image buffers).

Signed-off-by: James Almer <jamrial at gmail.com>
---
 libavcodec/rpzaenc.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/libavcodec/rpzaenc.c b/libavcodec/rpzaenc.c
index d84555d6c6..3a1924d385 100644
--- a/libavcodec/rpzaenc.c
+++ b/libavcodec/rpzaenc.c
@@ -749,20 +749,24 @@ post_skip :
 
             if (err > s->sixteen_color_thresh) { // DO SIXTEEN COLOR BLOCK
                 const uint16_t *row_ptr;
-                int y_size, rgb555;
+                int y_size, x_size, rgb555;
 
                 block_offset  = get_block_info(&bi, block_counter, 0);
                 pblock_offset = get_block_info(&bi, block_counter, 1);
 
                 row_ptr = &src_pixels[block_offset];
                 y_size = FFMIN(4, bi.image_height - bi.row * 4);
+                x_size = FFMIN(4, bi.image_width  - bi.col * 4);
 
                 for (int y = 0; y < y_size; y++) {
-                    for (int x = 0; x < 4; x++) {
+                    for (int x = 0; x < x_size; x++) {
                         rgb555 = row_ptr[x] & ~0x8000;
 
                         put_bits(&s->pb, 16, rgb555);
                     }
+                    for (int x = x_size; x < 4; x++)
+                        put_bits(&s->pb, 16, 0);
+
                     row_ptr += bi.rowstride;
                 }
 
-- 
2.46.0

