This is an automated email from the git hooks/post-receive script.
Git pushed a commit to branch master
in repository ffmpeg.
The following commit(s) were added to refs/heads/master by this push:
new 0dac41d2e5 avfilter/boxblur: reject pixel formats deeper than 16 bits
0dac41d2e5 is described below
commit 0dac41d2e5e0f4251ed89eedb03a847d5d59ef67
Author: Pavel Kohout <[email protected]>
AuthorDate: Tue Jun 30 21:52:47 2026 +0200
Commit: michaelni <[email protected]>
CommitDate: Thu Jul 2 03:16:42 2026 +0000
avfilter/boxblur: reject pixel formats deeper than 16 bits
Fixes: heap buffer overflow
Fixes: CRufFb6TVikL
Fixes: dee7440531 (vf_boxblur: Templatize blur{8,16})
Found-by: Pavel Kohout (Aisle Research)
Signed-off-by: Michael Niedermayer <[email protected]>
---
libavfilter/vf_boxblur.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libavfilter/vf_boxblur.c b/libavfilter/vf_boxblur.c
index 3cb42471a7..8d9649172a 100644
--- a/libavfilter/vf_boxblur.c
+++ b/libavfilter/vf_boxblur.c
@@ -25,6 +25,7 @@
* Ported from MPlayer libmpcodecs/vf_boxblur.c.
*/
+#include "libavutil/avassert.h"
#include "libavutil/common.h"
#include "libavutil/mem.h"
#include "libavutil/opt.h"
@@ -65,6 +66,7 @@ static int query_formats(const AVFilterContext *ctx,
for (fmt = 0; av_pix_fmt_desc_get(fmt); fmt++) {
const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(fmt);
if (!(desc->flags & (AV_PIX_FMT_FLAG_HWACCEL |
AV_PIX_FMT_FLAG_BITSTREAM | AV_PIX_FMT_FLAG_PAL)) &&
+ desc->comp[0].depth <= 16 &&
(desc->flags & AV_PIX_FMT_FLAG_PLANAR || desc->nb_components == 1)
&&
(!(desc->flags & AV_PIX_FMT_FLAG_BE) == !HAVE_BIGENDIAN ||
desc->comp[0].depth == 8) &&
(ret = ff_add_format(&formats, fmt)) < 0)
@@ -163,7 +165,10 @@ static inline void blur(uint8_t *dst, int dst_step, const
uint8_t *src, int src_
int len, int radius, int pixsize)
{
if (pixsize == 1) blur8 (dst, dst_step , src, src_step , len, radius);
- else blur16((uint16_t*)dst, dst_step>>1, (const
uint16_t*)src, src_step>>1, len, radius);
+ else if (pixsize == 2)
+ blur16((uint16_t*)dst, dst_step>>1, (const
uint16_t*)src, src_step>>1, len, radius);
+ else
+ av_assert0(0);
}
static inline void blur_power(uint8_t *dst, int dst_step, const uint8_t *src,
int src_step,
_______________________________________________
ffmpeg-cvslog mailing list -- [email protected]
To unsubscribe send an email to [email protected]