ffplay: fix sws_scale possible out of bounds array access

As I used simple RGBA formats for subtitles and for the video texture if
avfilter is disabled I kind of assumed that sws_scale won't access data
pointers and strides above index 0, but apparently that is not the case.

Fixes Coverity CID 1396737, 1396738, 1396739, 1396740.

Reviewed-by: Michael Niedermayer <michael@niedermayer.cc>
Signed-off-by: Marton Balint <cus@passwd.hu>
This commit is contained in:
Marton Balint 2016-12-10 12:46:54 +01:00
parent 314c425b16
commit 47e47cfb07

View File

@ -874,11 +874,11 @@ static int upload_texture(SDL_Texture *tex, AVFrame *frame, struct SwsContext **
frame->width, frame->height, frame->format, frame->width, frame->height, frame->width, frame->height, frame->format, frame->width, frame->height,
AV_PIX_FMT_BGRA, sws_flags, NULL, NULL, NULL); AV_PIX_FMT_BGRA, sws_flags, NULL, NULL, NULL);
if (*img_convert_ctx != NULL) { if (*img_convert_ctx != NULL) {
uint8_t *pixels; uint8_t *pixels[4];
int pitch; int pitch[4];
if (!SDL_LockTexture(tex, NULL, (void **)&pixels, &pitch)) { if (!SDL_LockTexture(tex, NULL, (void **)pixels, pitch)) {
sws_scale(*img_convert_ctx, (const uint8_t * const *)frame->data, frame->linesize, sws_scale(*img_convert_ctx, (const uint8_t * const *)frame->data, frame->linesize,
0, frame->height, &pixels, &pitch); 0, frame->height, pixels, pitch);
SDL_UnlockTexture(tex); SDL_UnlockTexture(tex);
} }
} else { } else {
@ -904,8 +904,8 @@ static void video_image_display(VideoState *is)
if (vp->pts >= sp->pts + ((float) sp->sub.start_display_time / 1000)) { if (vp->pts >= sp->pts + ((float) sp->sub.start_display_time / 1000)) {
if (!sp->uploaded) { if (!sp->uploaded) {
uint8_t *pixels; uint8_t* pixels[4];
int pitch; int pitch[4];
int i; int i;
if (!sp->width || !sp->height) { if (!sp->width || !sp->height) {
sp->width = vp->width; sp->width = vp->width;
@ -930,9 +930,9 @@ static void video_image_display(VideoState *is)
av_log(NULL, AV_LOG_FATAL, "Cannot initialize the conversion context\n"); av_log(NULL, AV_LOG_FATAL, "Cannot initialize the conversion context\n");
return; return;
} }
if (!SDL_LockTexture(is->sub_texture, (SDL_Rect *)sub_rect, (void **)&pixels, &pitch)) { if (!SDL_LockTexture(is->sub_texture, (SDL_Rect *)sub_rect, (void **)pixels, pitch)) {
sws_scale(is->sub_convert_ctx, (const uint8_t * const *)sub_rect->data, sub_rect->linesize, sws_scale(is->sub_convert_ctx, (const uint8_t * const *)sub_rect->data, sub_rect->linesize,
0, sub_rect->h, &pixels, &pitch); 0, sub_rect->h, pixels, pitch);
SDL_UnlockTexture(is->sub_texture); SDL_UnlockTexture(is->sub_texture);
} }
} }