On Thu, Oct 10, 2019 at 01:38:32PM +0200, Tomas Härdin wrote: > tor 2019-10-10 klockan 11:47 +0200 skrev Andreas Rheinhardt: > > zmbvenc allocates a buffer for a picture with padding on all four sides: > > The stride is choosen so large that it already contains padding on the > > right; the height also includes padding rows. The padding on the right > > of each row is also reused as padding for the left of the next row. So > > one still needs to add padding on the left for the first row. This is done > > by offsetting the actual pointer used to access the picture from the > > pointer returned by av_mallocz and the formula for this offset was > > wrong, because it ignored that a pixel can take more than one byte when > > calculating the offset resulting from the left padding of the first row. > > > > This fixes accesses outside of the allocated buffer that were reported > > in tickets #7980 and #7994. No writes were ever attempted outside of > > the buffer. > > > > Signed-off-by: Andreas Rheinhardt <andreas.rheinha...@gmail.com> > > --- > > libavcodec/zmbvenc.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/libavcodec/zmbvenc.c b/libavcodec/zmbvenc.c > > index 0e22ce687f..319381dd48 100644 > > --- a/libavcodec/zmbvenc.c > > +++ b/libavcodec/zmbvenc.c > > @@ -409,7 +409,7 @@ static av_cold int encode_init(AVCodecContext *avctx) > > */ > > c->pstride = FFALIGN((avctx->width + c->lrange) * c->bypp, 16); > > prev_size = FFALIGN(c->lrange * c->bypp, 16) + c->pstride * (c->lrange > > + avctx->height + c->urange); > > - prev_offset = FFALIGN(c->lrange, 16) + c->pstride * c->lrange; > > + prev_offset = FFALIGN(c->lrange * c->bypp, 16) + c->pstride * > > c->lrange; > > if (!(c->prev_buf = av_mallocz(prev_size))) { > > av_log(avctx, AV_LOG_ERROR, "Can't allocate picture.\n"); > > return AVERROR(ENOMEM); > > Looks OK.
will apply thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The real ebay dictionary, page 1 "Used only once" - "Some unspecified defect prevented a second use" "In good condition" - "Can be repaird by experienced expert" "As is" - "You wouldnt want it even if you were payed for it, if you knew ..."
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".