From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 68C394B7DE for ; Fri, 14 Jun 2024 08:40:39 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1360F68D5E8; Fri, 14 Jun 2024 11:40:37 +0300 (EEST) Received: from relay9-d.mail.gandi.net (relay9-d.mail.gandi.net [217.70.183.199]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 9A97C68D5CC for ; Fri, 14 Jun 2024 11:40:30 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id B2838FF806 for ; Fri, 14 Jun 2024 08:40:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1718354429; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=1zMtJmNcx6iGB6mnBecXFw32N8it00dqEWO4Qz+O3EY=; b=IxZiA25/u+iZ8c29kkbOguw9XNTh81uk3Fm7ME552MSpdEr1ZUwuewU0cklx79/FXbb9g6 JdTKsk+W2QAlbFJEq570CqsQgodaDfql7/9yjTo30aesPV9OfWhVqTP7W8NUrEElxYu3yj kySF0vygYP7pYPWYE2OHCjboO8IcKEwHGCei7RXENbOWOsIO4GzC8iLbtmN3gukkwuHy9+ soFeJkUqxOh442USCpYvoROufHWZ+rbhIsL4PL5SdyOsn35EUBQOxHm8ZxPOGvpUTn03n6 PyRVxMh9i0woZAcAY+S0R6PcN8hOhs+6a37SOXhJP9sRHO6fTP0K2UCxMZq9HQ== From: Michael Niedermayer To: FFmpeg development discussions and patches Date: Fri, 14 Jun 2024 10:40:27 +0200 Message-ID: <20240614084028.442499-1-michael@niedermayer.cc> X-Mailer: git-send-email 2.45.2 MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [PATCH 1/2] avfilter/vf_deshake_opencl: Use AV_VIDEO_MAX_PLANES X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Fixes: CID1452758 Out-of-bounds read (actual out of bounds access depends on a frame with more than 3 planes) Sponsored-by: Sovereign Tech Fund Signed-off-by: Michael Niedermayer --- libavfilter/vf_deshake_opencl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libavfilter/vf_deshake_opencl.c b/libavfilter/vf_deshake_opencl.c index e49c808a8e2..96e21a069f2 100644 --- a/libavfilter/vf_deshake_opencl.c +++ b/libavfilter/vf_deshake_opencl.c @@ -1387,8 +1387,8 @@ static int filter_frame(AVFilterLink *link, AVFrame *input_frame) size_t global_work[2]; int64_t duration; cl_mem src, transformed, dst; - cl_mem transforms[3]; - CropInfo crops[3]; + cl_mem transforms[AV_VIDEO_MAX_PLANES]; + CropInfo crops[AV_VIDEO_MAX_PLANES]; cl_event transform_event, crop_upscale_event; DebugMatches debug_matches; cl_int num_model_matches; @@ -1518,7 +1518,7 @@ static int filter_frame(AVFilterLink *link, AVFrame *input_frame) transforms[0] = deshake_ctx->transform_y; transforms[1] = transforms[2] = deshake_ctx->transform_uv; - for (int p = 0; p < FF_ARRAY_ELEMS(transformed_frame->data); p++) { + for (int p = 0; p < AV_VIDEO_MAX_PLANES; p++) { // Transform all of the planes appropriately src = (cl_mem)input_frame->data[p]; transformed = (cl_mem)transformed_frame->data[p]; @@ -1619,7 +1619,7 @@ static int filter_frame(AVFilterLink *link, AVFrame *input_frame) crops[0] = deshake_ctx->crop_y; crops[1] = crops[2] = deshake_ctx->crop_uv; - for (int p = 0; p < FF_ARRAY_ELEMS(cropped_frame->data); p++) { + for (int p = 0; p < AV_VIDEO_MAX_PLANES; p++) { // Crop all of the planes appropriately dst = (cl_mem)cropped_frame->data[p]; transformed = (cl_mem)transformed_frame->data[p]; -- 2.45.2 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".