Kieran Kunhya <[email protected]> writes:
> From: Michael Niedermayer <[email protected]>
>
> yadif needs at least 3x3 or it will likely crash with out of array reads
>
> Signed-off-by: Michael Niedermayer <[email protected]>
>
> Conflicts:
>
> libavfilter/vf_yadif.c
> ---
> libavfilter/vf_yadif.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/libavfilter/vf_yadif.c b/libavfilter/vf_yadif.c
> index 372cfab..7a703df 100644
> --- a/libavfilter/vf_yadif.c
> +++ b/libavfilter/vf_yadif.c
> @@ -22,6 +22,7 @@
> #include "libavutil/cpu.h"
> #include "libavutil/common.h"
> #include "libavutil/pixdesc.h"
> +#include "libavutil/avassert.h"
> #include "avfilter.h"
> #include "formats.h"
> #include "internal.h"
> @@ -139,7 +140,6 @@ static void filter(AVFilterContext *ctx,
> AVFilterBufferRef *dstpic,
> int mrefs = y ?-refs : refs;
>
> if(y<=1 || y+2>=h) {
> - int j;
> uint8_t *tmp = yadif->temp_line + 64 + 2*absrefs;
> if(mode<2)
> memcpy(tmp+2*mrefs, cur+2*mrefs, w*df);
Unrelated
> @@ -220,6 +220,13 @@ static int start_frame(AVFilterLink *link,
> AVFilterBufferRef *picref)
> AVFilterContext *ctx = link->dst;
> YADIFContext *yadif = ctx->priv;
>
> + av_assert0(picref);
> +
> + if (picref->video->h < 3 || picref->video->w < 3) {
> + av_log(ctx, AV_LOG_ERROR, "Video of less than 3 columns or lines is
> not supported\n");
> + return AVERROR(EINVAL);
> + }
Does this actually do any harm, or does it just read the padding bytes?
Video buffers should always be at least 16x16.
--
Måns Rullgård
[email protected]
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
