From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id 497514EE5C for ; Tue, 17 Feb 2026 22:22:48 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'3wur+AbYYRBI0EnnSRGqOtvHFWhIBSKOm29seI0Dpxc=', expected b'GaJ47E5HRYkIuAhpcDhBY5Cq/NuQaDYvUJhUNW1p/1E=')) header.d=gmail.com header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1771366958; h=mime-version : references : in-reply-to : date : message-id : to : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=FdpL/pbfjr5a6Hqwl6OyxH41MRbjRVXPUQjsb1dKGtk=; b=fWYisg1+OolMXYw0GEeqvwCwmJGlOr1a5ajFxyYstdwcO68Y+ZaFtB8iZp21qB25N89Nf UwtctsiECjSX1vb/kJbJMf2NseY6e2Zps/EXC95ulI4iS+wTX4ox4BIKBDCz2sWY1Mmp+Ub q5xJlyLFyII1oOfO+qKyJxWQulR+k8HM0IJP05QnwiQ4JZCh/R3QQSmmdGefqG9BoEVY7Fy yfE1lS9vTPrBk99o+HKQW/gg8bEEcEMnSJeD9m4/gGHo9etOc64ZsccyJ7dOJcwpiFNh4at 2HTd4cXP7vdf8bCI6W/7ZBCS4osOum5Rqc9RxTeZtJull/ZAZLknPbPd6Y7w== Received: from [172.18.0.3] (unknown [172.18.0.3]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 252C9691204; Wed, 18 Feb 2026 00:22:38 +0200 (EET) ARC-Seal: i=2; cv=pass; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1771366945; b=adJBpBHx0Uwn6H5FyqlHxTKGARU+sQD0V3ItQ520KiO2OIeMCmO7UbjjrVMWMGDZqBuEj U6e3rLDhO0JRMe2eDsWXuploYA4yDZaMnHw2R79vywdG/2HPrxx7opqrVFu5B7KCwXiXw2O k+2TpLZMeJ/N8nR9aPcvqB+6H8Xv8xA2ujFZwjK1OVokYWtb6kqavgEOXFodT+BuM5MnO95 p6qe0Q6qApMz5Lu9NB8ikYjwt6dzvccnoQmnIuwfAnNoqnxMWBAJKHGdn1uYV8zy/hV+ZEz FO4R6t6A9Ix8sE/W+X7LK/18cCvTsOb0VOobokP+I9vUoJjIGQ52lDFMxH3w== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1771366945; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=3wur+AbYYRBI0EnnSRGqOtvHFWhIBSKOm29seI0Dpxc=; b=FPFD4SVpFCAFwhStkbKbUjv8SDwbF/bnEo9bbBvqQ95OlPUc7JlRDJrC3lg/dcgvNDtqV qeIGDxN1DVuX0rShM1gFy/ElVrCc/vEgnYWhocjuGrV8DhKh7EguVPTKs6Nb1FCk08lmH+g m5ZRxogh/zKcJaKyMd82Oc38YaWA5BbaWegThF6FzmGoDLi0JIlx+DgtAutceJDcoNHHfMT 94UyAqiwy5r5LkBCfmzhJM5FechcVmbnc3BIBHl6Kd2ig698bOTNJSOV/ijQaoaf4IF34EC LxytaFKQ4unQjBAh3y0GYN1cMD9TJtElL58eyk5TsavCGSOwpj/iX83v0p5A== ARC-Authentication-Results: i=2; ffmpeg.org; dkim=pass header.d=gmail.com; arc=pass; dmarc=pass header.from=gmail.com policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=gmail.com; arc=pass; dmarc=pass (Used From Domain Record) header.from=gmail.com policy.dmarc=quarantine Received: from mail-lf1-f48.google.com (mail-lf1-f48.google.com [209.85.167.48]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 0F205691147 for ; Wed, 18 Feb 2026 00:22:12 +0200 (EET) Received: by mail-lf1-f48.google.com with SMTP id 2adb3069b0e04-59de0b7c28aso4894779e87.1 for ; Tue, 17 Feb 2026 14:22:12 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1771366930; cv=none; d=google.com; s=arc-20240605; b=B0Xs07Gp2+eW3yL7CU2K36uJB+VBbPLA/zSDYqbNGfseUGgSmwvyOoCJiobmSWaOfr r8XlYo2Ylaj9qmeLzu/Ile7YZ1YvIF76Yt3L8MoX3J/2aEr4eaC4dGDy+twVQPYm7wAo qHzqu9RFKULpuWbDzOcEkol6be3Hp7Cp5DNna7vrHdDMYjPSYSzE0GWc3ftHjbvlHZo3 wndz742KAPrOl5640GXeGeodpZ7FCzoYHMBkuJs9l/QUYFHS04zsVKK6G2pMmS8MTVN+ DbjuHMhVYru5ykJ3mok1+ZWTwdjRrnB8J7XenWbcPNM/yQOCF+dczgCoBy5r2mF3+tuF z1WQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=GaJ47E5HRYkIuAhpcDhBY5Cq/NuQaDYvUJhUNW1p/1E=; fh=90LRYKtJMxB+SYy/aB1OOW1FRQNV6cng6L/cv0ENh3E=; b=Qky7PYMDYovmh8pt5G6G37tsaG8FeyRpPzZlvFDxfRhCPSd2o58zGMHK8sUSAz3aZz FiMhp2il55Gt30s7amn04hq0/rdMB4lzkrPhRYb8r7rhcwCPvZ/nc3ODfh4ZzSzwbP4z fGa4k5lASQUohZa28jpBGfSL1z1SlkQPNXKvR9bDpP9mC+OlPIMq8h6PI6FQir9CuNYF XNMHGqFG6RBnLhee/IUS7BuO941iVY27TooC1GEI43Qm/4DAWtng7Nhw3y8hdMe9fnZN Z3cZWLKYoDThT6m4vUl55TLDSOt4z1ANKa6mmo6efhYcU9ipAbY79A3FS9p3VbONXGyy xtWA==; darn=ffmpeg.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1771366930; x=1771971730; darn=ffmpeg.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=GaJ47E5HRYkIuAhpcDhBY5Cq/NuQaDYvUJhUNW1p/1E=; b=PDNQ2gabiOjyv5NEzXQBWHmyFn5qJltK3p2YDgKM02iYC0xVIhyNZYSR6nsS9StPEE cT84PzrC+Caod8KJCxUshtlwWx70a9h5YunOiqvbAcAeA/BTl+0Y/3CBfNjqScr1acWf 6RSbxde0iJisw+MnfzV+FNlRnSmE3G0vi9oYXf2KpcCSo+0/AQJM1whGXyJx+cOKgEvi P2zEQA5zt3vP365LsqFmq/SU1IQQUee9s2eszprY39jTpCMCKcYxnNzM7lTLXJ0Jivr4 XxDF5C2caPG06LmaJYudw/Qr1Ufe9WWpLAFex3XFkxx3aJT/QnH92onuMZuPsRw2jlXG pDlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1771366930; x=1771971730; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=GaJ47E5HRYkIuAhpcDhBY5Cq/NuQaDYvUJhUNW1p/1E=; b=idWx5JL06p99gSKuDiEatKnNTcEWfauDplyg63tKtwg2tzENr9RYIMBhwUkH6atp1w r/lbRTTQtmtcYRRLpbRc/tcAjsjaaNRHuCTNl57z63AVIMWxk7XwM5aY7WuC61new1KZ EfKiXYxExis/jJgA0nXRlhYaIdXkX1L7NGftK608G8dKoXZRBgXRxbVnoisD4qZYEWd3 VnONYX5fQBgqddfmTxNwxgziSLQFJLSY8qlfcXObKgGulXjt8dBeAwQ60fBoE7y/JtIE hztY9S+HHTIAuHwIM6KuNRNp0itJpdV/erDEmkxPOJ8dU1GDneubpHB6C8DQZGezqwiS MYiw== X-Gm-Message-State: AOJu0YxC5aANvrZzmBvY8po0NfSBobIFxvfuYUvasNgyScGkR41Fbifg 7UeA+xgclp1CObqRd7NwmdLKwJQGlQgg/Xk0LMEZdGuRVkYyGZ+E/cEcmyDxneCc7M5gZy44wrQ 4GAxvYofOnmeQMgutDfrnPoxtk8ugbXwfHQ== X-Gm-Gg: AZuq6aIazc8nJUPvvQuo6gAjhzEtd/ClC8sMKsoFdKUi1+BWX/rfrAMHvRTlAglYqAK e8puBPK3i9dALXkWnYvnclAfGKbaJvKReQTVv16y+aVHhrR5RD5wYyapj3xs3wxrUq6zKeE4rc4 49WT7NLn8mYCnw2PNyrLVWFeFoq1N0O8bYksX6818bccEahmH4MoyVpReTbbhFqEj+WLbcLGK/X 3rZEtv2YQcO9IOW2rt01D6HyOVuNc77A3VK2Fo/63kRSnovXDM38e4knH8c8bh5ZRBrbRFRloBf GVoqsUnQfXrlYR50M6AS4f4/RAH0hqrNHKjrrNI9 X-Received: by 2002:a05:6512:a92:b0:59e:5056:9897 with SMTP id 2adb3069b0e04-59f69c31934mr5596166e87.17.1771366930008; Tue, 17 Feb 2026 14:22:10 -0800 (PST) MIME-Version: 1.0 References: <176930996009.25.1425027762134729195@4457048688e7> In-Reply-To: <176930996009.25.1425027762134729195@4457048688e7> Date: Tue, 17 Feb 2026 23:21:58 +0100 X-Gm-Features: AaiRm51lZjGnIJY0MgBLe4psPsLnCCGzRDjuezTs2DzHdDRatSW5qvkuK5G5hHM Message-ID: To: FFmpeg development discussions and patches Message-ID-Hash: Y463H2BA5GTZRXYYRQSOW5IUJ2NDNZEB X-Message-ID-Hash: Y463H2BA5GTZRXYYRQSOW5IUJ2NDNZEB X-MailFrom: SRS0=hvjW=AV=gmail.com=tmundt75@ffmpeg.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Content-Filtered-By: Mailman/MimeDel 3.3.10 X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] Re: [PR] lavf/bwdif: fix heap-buffer-overflow with small height videos (PR #21574) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Thomas Mundt via ffmpeg-devel Cc: Jun Zhao , Thomas Mundt Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: Jun Zhao via ffmpeg-devel schrieb am So., 25. Jan. 2026, 03:59: > PR #21574 opened by Jun Zhao (mypopydev) > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21574 > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21574.patch > > Reproduce: > ffmpeg -i /tmp/bwdif_test_input_160x4_gray16.jpg -vf "bwdif" -f null - > > filter_intra accesses rows 3 lines away via cur[mrefs3] and cur[prefs3]. > For small height videos (h <= 4), this causes heap-buffer-overflow. > Consolidate boundary checks before filter_intra. Fall back to filter_edge > for edge cases (y < 4 or y + 5 > td->h), avoiding duplicate filter_edge > calls for both YADIF_FIELD_END and normal paths. > > Test file: 160x4 gray16 JPEG > https://code.ffmpeg.org/attachments/db2ace24-bc00-4af6-a53a-5df6b0d51b15 > > fix #21570 > > Signed-off-by: Jun Zhao > > > >From 2fb2658515f7fb0d47ca4710f2ebd672934497c0 Mon Sep 17 00:00:00 2001 > From: Jun Zhao > Date: Sun, 25 Jan 2026 10:31:48 +0800 > Subject: [PATCH] lavf/bwdif: fix heap-buffer-overflow with small height > videos > > Reproduce: > ffmpeg -i /tmp/bwdif_test_input_160x4_gray16.jpg -vf "bwdif" -f null - > > filter_intra accesses rows 3 lines away via cur[mrefs3] and cur[prefs3]. > For small height videos (h <= 4), this causes heap-buffer-overflow. > Consolidate boundary checks before filter_intra. Fall back to filter_edge > for edge cases (y < 4 or y + 5 > td->h), avoiding duplicate filter_edge > calls for both YADIF_FIELD_END and normal paths. > > Test file: 160x4 gray16 JPEG > https://code.ffmpeg.org/attachments/db2ace24-bc00-4af6-a53a-5df6b0d51b15 > > fix #21570 > > Signed-off-by: Jun Zhao > --- > libavfilter/vf_bwdif.c | 16 +++++++++------- > 1 file changed, 9 insertions(+), 7 deletions(-) > > diff --git a/libavfilter/vf_bwdif.c b/libavfilter/vf_bwdif.c > index d49f3f66d6..4780b98508 100644 > --- a/libavfilter/vf_bwdif.c > +++ b/libavfilter/vf_bwdif.c > @@ -76,19 +76,21 @@ static int filter_slice(AVFilterContext *ctx, void > *arg, int jobnr, int nb_jobs) > uint8_t *cur = &yadif->cur ->data[td->plane][y * linesize]; > uint8_t *next = &yadif->next->data[td->plane][y * linesize]; > uint8_t *dst = &td->frame->data[td->plane][y * > td->frame->linesize[td->plane]]; > - if (yadif->current_field == YADIF_FIELD_END) { > - s->dsp.filter_intra(dst, cur, td->w, (y + df) < td->h ? > refs : -refs, > - y > (df - 1) ? -refs : refs, > - (y + 3*df) < td->h ? 3 * refs : -refs, > - y > (3*df - 1) ? -3 * refs : refs, > - td->parity ^ td->tff, clip_max); > - } else if ((y < 4) || ((y + 5) > td->h)) { > + int is_edge = (y < 4) || ((y + 5) > td->h); > + > + if (is_edge) { > s->dsp.filter_edge(dst, prev, cur, next, td->w, > (y + df) < td->h ? refs : -refs, > y > (df - 1) ? -refs : refs, > refs << 1, -(refs << 1), > td->parity ^ td->tff, clip_max, > (y < 2) || ((y + 3) > td->h) ? 0 : 1); > + } else if (yadif->current_field == YADIF_FIELD_END) { > + s->dsp.filter_intra(dst, cur, td->w, (y + df) < td->h ? > refs : -refs, > + y > (df - 1) ? -refs : refs, > + (y + 3*df) < td->h ? 3 * refs : -refs, > + y > (3*df - 1) ? -3 * refs : refs, > + td->parity ^ td->tff, clip_max); > } else if (s->dsp.filter_line3 && y + 2 < slice_end && y + 6 > < td->h) { > s->dsp.filter_line3(dst, td->frame->linesize[td->plane], > prev, cur, next, linesize, td->w, > -- > 2.52.0 > > > LGTM. Thanks, Thomas _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org