libavfilter/scale2ref: Fix out-of-bounds array access

ff_scale_eval_dimensions blindly assumes that two inputs are always available as of 3385989b. This is notably not the case when the function is called for the scale filter. With the scale filter inputs[1] does not exist. ff_scale_eval_dimensions now has an updated scale2ref check that makes certain two inputs are actually available before attempting to access the second one. Thanks to James Almer for reporting this bug. This should fix the 820 Valgrind tests I single-handedly managed to break. Signed-off-by: N Kevin Mark <kmark937@gmail.com> Signed-off-by: N Michael Niedermayer <michael@niedermayer.cc>

libavfilter/scale2ref: Fix out-of-bounds array access
ff_scale_eval_dimensions blindly assumes that two inputs are always available as of 3385989b. This is notably not the case when the function is called for the scale filter. With the scale filter inputs[1] does not exist. ff_scale_eval_dimensions now has an updated scale2ref check that makes certain two inputs are actually available before attempting to access the second one. Thanks to James Almer for reporting this bug. This should fix the 820 Valgrind tests I single-handedly managed to break. Signed-off-by: N Kevin Mark <kmark937@gmail.com> Signed-off-by: N Michael Niedermayer <michael@niedermayer.cc>
08213e0b · Kevin Mark · Michael Niedermayer · be3809a5 · 08213e0b
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

libavfilter/scale.c libavfilter/scale.c +1 -1

未找到文件。
--- a/libavfilter/scale.c
+++ b/libavfilter/scale.c
@@ -115,7 +115,7 @@ int ff_scale_eval_dimensions(void *log_ctx,
    int factor_w, factor_h;
    int eval_w, eval_h;
    int ret;
-    const char scale2ref = outlink->src->inputs[1] == inlink;
+    const char scale2ref = outlink->src->nb_inputs == 2 && outlink->src->inputs[1] == inlink;
    double var_values[VARS_NB + VARS_S2R_NB], res;
    const AVPixFmtDescriptor *main_desc;
    const AVFilterLink *main_link;