From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id B37D247645 for ; Fri, 15 Sep 2023 14:46:30 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 2BEF668C7C2; Fri, 15 Sep 2023 17:46:28 +0300 (EEST) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2098.outbound.protection.outlook.com [40.92.91.98]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 112A968C464 for ; Fri, 15 Sep 2023 17:46:21 +0300 (EEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=a6GcFsN9YuON9jfI5wYcKpjpTqYPvKn97GSW33reyr6UiMTz1xmfHrUaS55XVzJJLxOVTSDZAyhHazEkFnWa1F8bkcpgJCIOJ6wENPddFqBDHzMr0S346asfFf8+eTVRuM0odtAWXU+qHEKv6TEO/eimQPwoN8itbqETAO50jUCn4aI6vnqph8lhkk69rjf9aXsDh/HEWKlR2s12mJoYWJXK7m4y/98eurFj4vHHuJsxJR469sm2zIYxF/mWYDTohLGzbsLAxY7SA9oGMfwmBu4dW1wN5f9nVC/cFnduWaX9RbHXdxjYJLcTFHpM+XNaWtotKRtzFzeD8C1+6I5Nbw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qHEBU7knSwNuCJ1iYrQqKU+Ba5Wz3J/VodQpBjbR3XA=; b=c/ayq0JzvLXhVpn9OqX6yKUmUVAZQUC6t9xUU2vuk4CLBf2fMFtcKphyY6Pi91EJL2D+0i6aDWNg9oU7UyVN0zh/uHha3pEb2spZ92pMChtJBJGO8e09YYK1LsHmYlUi62Zw8+B1b/h0rWBIbX4QYMUKmTIHddiLVGLkmtQ0RyJrna7DdcTu8Z0LRG/48NaL8K0LZxzwq7u2cnc/0ru+sXgexezVpntURU8TFCyGNVNBBo/OownAyHBj5SztODCkm6Mz+GdUge1Rw1Kuar8mJ6K6qXq5u2shDcaMiTuOlSDKZEOi+YMnou7w+b+LuKNmNYDWDXkpSmI0Y3zZrVlOUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qHEBU7knSwNuCJ1iYrQqKU+Ba5Wz3J/VodQpBjbR3XA=; b=pKgOIlAF1ZkZe5YMtIWIaRug6bbXlMMiiRSjNMfpT2uGE0j6ZlqJTvBF5KPv8v6CqBLauLys4maDiR0KIToOJqOUDU1/5cchqS49//bHHa+R6aD96bzpJWOU2wrQHFOcalcXT/ZCCOCuoYviuGIpuqppBssDnKYj3QI1/IthVWCZbFn1JvG5smc9viDFZLJSeNMHimrje+Q1VPtHxwrB+9QApBAT6HjuwUCghG9LRiflsvJix4rEGXszhO6taC4tMYVE+GFM3ajgmTa+VwS06FDoAwu4vqdvpk31hHub7P+2BUNyVk6TYbNknBQ8tEfPPdj636/nQPxJ6EFPF4drCQ== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AS8P250MB0202.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:379::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6792.21; Fri, 15 Sep 2023 14:46:19 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::5e01:aea5:d3a8:cafa]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::5e01:aea5:d3a8:cafa%3]) with mapi id 15.20.6768.029; Fri, 15 Sep 2023 14:46:19 +0000 From: Andreas Rheinhardt To: ffmpeg-devel@ffmpeg.org Date: Fri, 15 Sep 2023 16:47:26 +0200 Message-ID: X-Mailer: git-send-email 2.34.1 In-Reply-To: References: X-TMN: [7ZQqqEF355bUtWG4lVpGnKr4k8N6QD2n] X-ClientProxiedBy: ZR0P278CA0081.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:22::14) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <20230915144728.661037-1-andreas.rheinhardt@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AS8P250MB0202:EE_ X-MS-Office365-Filtering-Correlation-Id: c70698c8-dfa3-4d63-724b-08dbb5fa85cb X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: BBMSCmrkGRBGDKxDv8Qc9cRRJnvLSRIsP+3+ovJBv/4+sNrawTN0+YEmivtZMASZELipjSRYB+zKvPxjds+6ntLKspq+Q9TiWyDKsCzwbhj0jW/ODzrnaKUTyz8u9sUnoWQ2q03dxrSeEB1y+i+Fy9UigRbU/djgdhx6tTPPba/m+XkGJzU4M4lgzdvrhHKQnNOG54KqcU0cLxeeJHQcn0r6F33K77Z79HjIRvkeGLWLtgY5rg45Z3yPYfvqz14NYHASsGtKM5rIEsIkgez+8CDd0ldLKLzxJ+E05fk3kDCQjs7rJhslaJAw+Udnftj0oDRhYA23ndZfQ1hG635jnEaGBlIAYggAUt+t+//KWpQAyCwU4e1tuYsPX6sW7qooe83cewXKRSgKihrJquRuZmgK2kuHoRPRxPr7XsY86xt77nzQsrwBtHgvsVV4kOs/PJgfG6r+AniWs/SOLX5+8C2ATE94IMwF7ur5oJkrgctTSZfNjVxpy9B8des1ZfGQtIz9Jwp7LY/zYzHjBEAjU1u7TQja440q40VlFRd37hWc2Jz60fQZ6YyGxx4/2gzLO3G0aLASog1rf6UOIWuFB1MpGxM6u3Q+s+kD639mvEDfu4ONOp0CSVEI5FPQUQSx X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?kXtA5vQbPapinnDu8xM8opOgqjz3WUmMvYEhwoS8FQadq0AUPD6d4HgaHi7x?= =?us-ascii?Q?ZNYs8PupH4O/S3W4LZbd5IkWWOJDSnnP4S35UBz5sKFbSx6CuSU64JznnLd9?= =?us-ascii?Q?YwiqWvah1gTiXz+vRai6/sfXJNSrS+2VbobXo9a99NnQMgE1totwfaPxaf6W?= =?us-ascii?Q?l+H6U5CX4r2TIZOCbLnyXz1YjG09c8+lbG3NElRePkF0bOLwcmiPdb0uz4SI?= =?us-ascii?Q?zcXjfFpxuBFLKJfaSc+mNd7xbDZuAMjxIFE3+G38fd1C14O5Z+Hnl7+W7cW7?= =?us-ascii?Q?8QM7bCgPSSSQiNdGHMQsHYHof4KJLiFl/ZwmuKKOi7wHg+Sv8iuH+0WPQ6NH?= =?us-ascii?Q?uGEdpM0apyK/yRb0dDiZ+JFPTMdiXRtADmZISuEQDEJr0Ue1ktMCm5miTmDg?= =?us-ascii?Q?3iAcWZikCSo5l2J+EPqH1407JzX8c+MYZYPOGzqeOOsFJPSDEesnIzQqsW9h?= =?us-ascii?Q?FuXbXp0++mgjoqogtRYoWM9w61LUMkXKkPNgRT78dVfJhqWFT6JOuCDmVSvs?= =?us-ascii?Q?ZGDPD93tVEw9601sqi5HXeOMaM3hLG+p4hvcR5K4IXTWsE8is+kIu20Oau0i?= =?us-ascii?Q?mA8+ozg5Slr+m9CU03pmYFX2tzvm3BQ22YoJjrImcSzzATLBjeI3mQrzjVBm?= =?us-ascii?Q?8H6tOgUFBIMmj4YTWuMrUQhZ24pKsZkTsCzGiHvQ0m6bIYjIit6bbPUlar80?= =?us-ascii?Q?/4zEVbKKAFcXUYUJTbvBAxB96U0RUz9VekJ+OXJHqiusgprmKUf/E2EjhRgY?= =?us-ascii?Q?NeAU0bdQRxY11IY3zXYgJ2ODdP9S/shubq27DqcwQwvcqq2iCSFzxK2lW7Co?= =?us-ascii?Q?AyUP0eUW8XA+FdpyNU9rCNto8i1zPPwnmtgSVg1mPiCoYS25nP2Ys0x0Kghl?= =?us-ascii?Q?aPlezjfrcSONdDCogUMcXyrO0QDTQDkixxgqurxWBkTcytytyOp73nia8iVT?= =?us-ascii?Q?RXZYeETgizbFqlm2IGiVg5tFAojC2pmPmQXLk+UVz8JdTzjx4hDbBnOyWHv7?= =?us-ascii?Q?EepWiG46T5r/WA9e7OLy6gJ0TjDWPMHxnGj8IOLrHnmbSiqoujRCO/5O8jz6?= =?us-ascii?Q?hznliAFIWAB4Ns6JX/xBMrnZ8atpvcbwfRW1qCQvWVFEdIZ1F7SA/q1EzYoz?= =?us-ascii?Q?5OuMXYv+2uMK9aNLjILILXj5W5M3/Q7BWSRFJD3C6THUfGdJDfSjOItVbhJL?= =?us-ascii?Q?Tk1G4AwaH3fZhEoFL4qAYQjwOZy9k7U1wi8isOkNhhz2Dop1nS81MqkWFHTw?= =?us-ascii?Q?ZXVrtniK0020qDCgK05k?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c70698c8-dfa3-4d63-724b-08dbb5fa85cb X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Sep 2023 14:46:19.6802 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8P250MB0202 Subject: [FFmpeg-devel] [PATCH 4/6] avcodec/vp3: Fix undefined pointer arithmetic X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Cc: Andreas Rheinhardt Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: When decoding a keyframe, last_frame and golden_frame are not used at all and (at least when starting decoding) are not set at all. But due to code sharing pointer arithmetic on the NULL data-pointers of these frames has nevertheless been performed. This is undefined behaviour and causes e.g. "runtime error: applying non-zero offset 173440 to null pointer" from UBSan in the vp31, vp4, theora-coeff-level64 and theora-offset FATE-tests. Fix this by reusing the current frame for unavailable frames. Signed-off-by: Andreas Rheinhardt --- libavcodec/vp3.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/libavcodec/vp3.c b/libavcodec/vp3.c index 33c120a58e..5ce1ecfce7 100644 --- a/libavcodec/vp3.c +++ b/libavcodec/vp3.c @@ -2056,6 +2056,14 @@ static void render_slice(Vp3DecodeContext *s, int slice) { int16_t *block = s->block; int motion_x = 0xdeadbeef, motion_y = 0xdeadbeef; + /* When decoding keyframes, the earlier frames may not be available, + * so to avoid using undefined pointer arithmetic on them we just + * use the current frame instead. Nothing is ever read from these + * frames in case of a keyframe. */ + const AVFrame *last_frame = s->last_frame.f->data[0] ? + s->last_frame.f : s->current_frame.f; + const AVFrame *golden_frame = s->golden_frame.f->data[0] ? + s->golden_frame.f : s->current_frame.f; int motion_halfpel_index; int first_pixel; @@ -2065,9 +2073,9 @@ static void render_slice(Vp3DecodeContext *s, int slice) for (int plane = 0; plane < 3; plane++) { uint8_t *output_plane = s->current_frame.f->data[plane] + s->data_offset[plane]; - const uint8_t *last_plane = s->last_frame.f->data[plane] + + const uint8_t *last_plane = last_frame->data[plane] + s->data_offset[plane]; - const uint8_t *golden_plane = s->golden_frame.f->data[plane] + + const uint8_t *golden_plane = golden_frame->data[plane] + s->data_offset[plane]; ptrdiff_t stride = s->current_frame.f->linesize[plane]; int plane_width = s->width >> (plane && s->chroma_x_shift); -- 2.34.1 _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".