avfilter/vf_nnedi: Fix segfault when prescreening is disabled

Since c737f6edce prescreening is
nevertheless run because of a wrong check: "if (s->prescreen > 0)".
s->prescreen is an array of two function pointers that is contained in
the context and comparing it with 0 (i.e. NULL) is actually undefined
behaviour, because NULL and s->prescreen do not point to the same
object (NULL after all never points to any object). Nevertheless both
Clang as well as GCC compile this to code that treat s->prescreen > 0 as
true, leading to segfaults, because the code then tries to access the
-1th member of an array.

This commit fixes the check as well as another such check a few lines
below.

(Found via compiler warnings enabled by -pedantic:
"ordered comparison between pointer and zero is an extension".)

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>
This commit is contained in:
Andreas Rheinhardt 2021-01-24 21:56:36 +01:00
parent 2687070d9b
commit 2bcec40cce
1 changed files with 2 additions and 2 deletions

View File

@ -637,7 +637,7 @@ static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)
width, 1, in_scale); width, 1, in_scale);
for (int y = 0; y < slice_end - slice_start; y += 2) { for (int y = 0; y < slice_end - slice_start; y += 2) {
if (s->prescreen > 0) if (s->pscrn > 0)
s->prescreen[s->pscrn > 1](ctx, srcbuf + (y / 2) * srcbuf_stride + 32, s->prescreen[s->pscrn > 1](ctx, srcbuf + (y / 2) * srcbuf_stride + 32,
srcbuf_stride, prescreen_buf, width, srcbuf_stride, prescreen_buf, width,
&s->prescreener[s->pscrn - 1]); &s->prescreener[s->pscrn - 1]);
@ -649,7 +649,7 @@ static int filter_slice(AVFilterContext *ctx, void *arg, int jobnr, int nb_jobs)
prescreen_buf, width, prescreen_buf, width,
&s->coeffs[s->etype][s->nnsparam][s->nsize], s->qual == 2); &s->coeffs[s->etype][s->nnsparam][s->nsize], s->qual == 2);
if (s->prescreen > 0) if (s->pscrn > 0)
interpolation(srcbuf + (y / 2) * srcbuf_stride + 32, interpolation(srcbuf + (y / 2) * srcbuf_stride + 32,
srcbuf_stride, srcbuf_stride,
dstbuf + (y / 2) * dstbuf_stride, dstbuf + (y / 2) * dstbuf_stride,