RepoMirrors
/
ffmpeg
mirror of https://git.ffmpeg.org/ffmpeg.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

avcodec/h264: use subsample factors of the used pixel format 

Fixes out of array read
Fixes: 1cb91c36c4e55463f14aacb9bdf55b38-asan_heap-oob_106cbce_5617_cov_11212800_h264_mmx_chroma_intra_lf.mp4
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2014-02-21 23:51:33 +01:00
parent 9aa59a9ce6
commit 8c55ff3933
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/h264.c
View File

@ -5133,6 +5133,7 @@ static int get_consumed_bytes(int pos, int buf_size)
static int output_frame(H264Context *h, AVFrame *dst, Picture *srcp)
{
AVFrame *src = &srcp->f;
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(src->format);
int i;
int ret = av_frame_ref(dst, src);
if (ret < 0)
@ -5143,9 +5144,9 @@ static int output_frame(H264Context *h, AVFrame *dst, Picture *srcp)
if (!srcp->crop)
return 0;
for (i = 0; i < 3; i++) {
int hshift = (i > 0) ? h->chroma_x_shift : 0;
int vshift = (i > 0) ? h->chroma_y_shift : 0;
for (i = 0; i < desc->nb_components; i++) {
int hshift = (i > 0) ? desc->log2_chroma_w : 0;
int vshift = (i > 0) ? desc->log2_chroma_h : 0;
int off = ((srcp->crop_left >> hshift) << h->pixel_shift) +
(srcp->crop_top >> vshift) * dst->linesize[i];
dst->data[i] += off;