From 0d7a75e848c3119a69962bae5b90492b02053f93 Mon Sep 17 00:00:00 2001 From: Zhao Zhili Date: Wed, 19 Sep 2018 10:55:11 +0800 Subject: avfilter/vf_sr: fix read out of bounds Signed-off-by: Pedro Arthur --- libavfilter/vf_sr.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'libavfilter/vf_sr.c') diff --git a/libavfilter/vf_sr.c b/libavfilter/vf_sr.c index 8a77a1de13..c1ae6c5ff2 100644 --- a/libavfilter/vf_sr.c +++ b/libavfilter/vf_sr.c @@ -227,7 +227,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) 0, sr_context->sws_slice_h, out->data, out->linesize); sws_scale(sr_context->sws_contexts[1], (const uint8_t **)out->data, out->linesize, - 0, out->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize); + 0, out->height, (uint8_t * const*)(&sr_context->input.data), + (const int [4]){sr_context->sws_input_linesize, 0, 0, 0}); } else{ if (sr_context->sws_contexts[0]){ @@ -238,7 +239,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) } sws_scale(sr_context->sws_contexts[1], (const uint8_t **)in->data, in->linesize, - 0, in->height, (uint8_t * const*)(&sr_context->input.data), &sr_context->sws_input_linesize); + 0, in->height, (uint8_t * const*)(&sr_context->input.data), + (const int [4]){sr_context->sws_input_linesize, 0, 0, 0}); } av_frame_free(&in); @@ -248,7 +250,8 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) return AVERROR(EIO); } - sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), &sr_context->sws_output_linesize, + sws_scale(sr_context->sws_contexts[2], (const uint8_t **)(&sr_context->output.data), + (const int[4]){sr_context->sws_output_linesize, 0, 0, 0}, 0, out->height, (uint8_t * const*)out->data, out->linesize); return ff_filter_frame(outlink, out); -- cgit v1.2.3