github-mirrors/FFmpeg
1
0
Fork 0
mirror of https://mirror.skon.top/https://github.com/FFmpeg/FFmpeg synced 2026-05-01 06:13:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

lsws: prevent overflow in sws_init_context()

Browse Source 
In the loop:
    for (i=0; i<dstH; i++) {
        int chrI= i*c->chrDstH / dstH;

when i*c->chrDstH > INT_MAX this leads to an integer overflow, which
results in a negative value for chrI and in out-of-buffer reads. The
overflow is avoided by forcing int64_t arithmetic by casting i to
int64_t.

Fix crash, and trac issue #72.

Signed-off-by: Stefano Sabatini <stefano.sabatini-lala@poste.it>
This commit is contained in:
Stefano Sabatini
2011-04-25 01:17:08 +02:00
parent 1d6c82d405
commit bd2a3700c0
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libswscale/utils.c
View File

@@ -1000,7 +1000,7 @@ int sws_init_context(SwsContext *c, SwsFilter *srcFilter, SwsFilter *dstFilter)
c->vLumBufSize= c->vLumFilterSize;
c->vChrBufSize= c->vChrFilterSize;
for (i=0; i<dstH; i++) {
int chrI= i*c->chrDstH / dstH;
int chrI= (int64_t)i*c->chrDstH / dstH;
int nextSlice= FFMAX(c->vLumFilterPos[i ] + c->vLumFilterSize - 1,
((c->vChrFilterPos[chrI] + c->vChrFilterSize - 1)<<c->chrSrcVSubSample));