[FFmpeg-devel] [PATCH 3/3] vp9: recon: Use emulated edge to prevent buffer overflows

Janne Grunau janne-ffmpeg at jannau.net
Sat Dec 21 13:40:29 EET 2024


On Fri, Dec 20, 2024 at 07:51:08PM +0100, Michael Niedermayer wrote:
> Hi Janne
> 
> On Thu, Dec 19, 2024 at 10:12:23PM +0100, Janne Grunau wrote:
> > The arm/aarch64 horizontal filter reads one additional pixel beyond what
> > the filter uses. This can become an issue if the application does not
> > allocate larger buffers than what's required for the pixel data. If the
> > motion vector points to the bottom right edge of the picture this
> > becomes a read buffer overflow. This triggers segfaults in Firefox for
> > video resolutions which result in a page aligned picture size like
> > 1280x640.
> > Prevent this by using emulated edge in this case.
> > 
> > Fixes: https://bugzilla.mozilla.org/show_bug.cgi?id=1881185
> > Signed-off-by: Janne Grunau <janne-ffmpeg at jannau.net>
> > ---
> >  libavcodec/vp9recon.c | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> 
> patch LGTM
> maybe could have ARCH_... && added to avoid evaluating the extra condition
> when not needed

I didn't do that since I assumed that other asm might do that as well.
I checked the x86 asm which doesn't appear to the same issue.

I'll send an updated patch.

Janne

resend due to wrong From: address, if a ML admin reads please kill the
duplicate mail in the moderation queue (I've get no  notification that
the mail is held though).


More information about the ffmpeg-devel mailing list