Calling av_image_fill_arrays() with NULL as src argument may result in UB.
Signed-off-by: James Almer <[email protected]>
---
It will still happen even after this patch because of the current
av_image_get_buffer_size() implementation, but will stop being the case after
the patchset by Brian Kim is applied.
libavcodec/libdav1d.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/libavcodec/libdav1d.c b/libavcodec/libdav1d.c
index bbb3ec1e6c..132d344296 100644
--- a/libavcodec/libdav1d.c
+++ b/libavcodec/libdav1d.c
@@ -66,12 +66,11 @@ static int libdav1d_picture_allocator(Dav1dPicture *p, void
*cookie)
{
Libdav1dContext *dav1d = cookie;
enum AVPixelFormat format = pix_fmt[p->p.layout][p->seq_hdr->hbd];
- int ret, linesize[4], h = FFALIGN(p->p.h, 128);
+ int ret, linesize[4], h = FFALIGN(p->p.h, 128), w = FFALIGN(p->p.w, 128);
uint8_t *aligned_ptr, *data[4];
AVBufferRef *buf;
- ret = av_image_fill_arrays(data, linesize, NULL, format, FFALIGN(p->p.w,
128),
- h, DAV1D_PICTURE_ALIGNMENT);
+ ret = av_image_get_buffer_size(format, w, h, DAV1D_PICTURE_ALIGNMENT);
if (ret < 0)
return ret;
@@ -94,7 +93,8 @@ static int libdav1d_picture_allocator(Dav1dPicture *p, void
*cookie)
// Use the extra DAV1D_PICTURE_ALIGNMENT padding bytes in the buffer to
align it
// if required.
aligned_ptr = (uint8_t *)FFALIGN((uintptr_t)buf->data,
DAV1D_PICTURE_ALIGNMENT);
- ret = av_image_fill_pointers(data, format, h, aligned_ptr, linesize);
+ ret = av_image_fill_arrays(data, linesize, aligned_ptr, format, w, h,
+ DAV1D_PICTURE_ALIGNMENT);
if (ret < 0) {
av_buffer_unref(&buf);
return ret;
--
2.27.0
_______________________________________________
ffmpeg-devel mailing list
[email protected]
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
[email protected] with subject "unsubscribe".
