mirror of
https://git.ffmpeg.org/ffmpeg.git
synced 2025-01-12 02:19:35 +00:00
swscale/utils: Limit filter shifting so as not to read from prior the array
Fixes out of array read Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
fd52d2d3d1
commit
692b22626e
@ -611,14 +611,15 @@ static av_cold int initFilter(int16_t **outFilter, int32_t **filterPos,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ((*filterPos)[i] + filterSize > srcW) {
|
if ((*filterPos)[i] + filterSize > srcW) {
|
||||||
int shift = (*filterPos)[i] + filterSize - srcW;
|
int shift = (*filterPos)[i] + FFMIN(filterSize - srcW, 0);
|
||||||
|
|
||||||
// move filter coefficients right to compensate for filterPos
|
// move filter coefficients right to compensate for filterPos
|
||||||
for (j = filterSize - 2; j >= 0; j--) {
|
for (j = filterSize - 2; j >= 0; j--) {
|
||||||
int right = FFMIN(j + shift, filterSize - 1);
|
int right = FFMIN(j + shift, filterSize - 1);
|
||||||
filter[i * filterSize + right] += filter[i * filterSize + j];
|
filter[i * filterSize + right] += filter[i * filterSize + j];
|
||||||
filter[i * filterSize + j] = 0;
|
filter[i * filterSize + j] = 0;
|
||||||
}
|
}
|
||||||
(*filterPos)[i]= srcW - filterSize;
|
(*filterPos)[i]-= shift;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user