diff options
| author | Michael Niedermayer <michael@niedermayer.cc> | 2016-01-15 00:35:57 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michael@niedermayer.cc> | 2016-01-15 12:30:41 +0100 |
| commit | 0c5a71fececbfd98e4cf3d3ae4a64660eba8c2b9 (patch) | |
| tree | c742184738f0f6451ce96a80d0b6ecc23ba80af3 | |
| parent | 07da25548f79356b75713c1ded3290eebec75d1c (diff) | |
| download | ffmpeg-0c5a71fececbfd98e4cf3d3ae4a64660eba8c2b9.tar.gz | |
avcodec/pngenc: Replace memcpy by av_image_copy()
Fixes out of array access
Fixes: 0cf176e6d3ab9fe924f39738e513f547/asan_generic_4a54aa_3431_aaa28be1cb32e307a9890cad06f84fba.avi
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit 7ec9c5ce8a753175244da971fed9f1e25aef7971)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
| -rw-r--r-- | libavcodec/pngenc.c | 9 |
1 files changed, 3 insertions, 6 deletions
diff --git a/libavcodec/pngenc.c b/libavcodec/pngenc.c index f6ad830cd9..ef78d76cc8 100644 --- a/libavcodec/pngenc.c +++ b/libavcodec/pngenc.c @@ -747,8 +747,7 @@ static int apng_encode_frame(AVCodecContext *avctx, const AVFrame *pict, // Do disposal if (last_fctl_chunk.dispose_op != APNG_DISPOSE_OP_PREVIOUS) { - memcpy(diffFrame->data[0], s->last_frame->data[0], - s->last_frame->linesize[0] * s->last_frame->height); + av_frame_copy(diffFrame, s->last_frame); if (last_fctl_chunk.dispose_op == APNG_DISPOSE_OP_BACKGROUND) { for (y = last_fctl_chunk.y_offset; y < last_fctl_chunk.y_offset + last_fctl_chunk.height; ++y) { @@ -760,8 +759,7 @@ static int apng_encode_frame(AVCodecContext *avctx, const AVFrame *pict, if (!s->prev_frame) continue; - memcpy(diffFrame->data[0], s->prev_frame->data[0], - s->prev_frame->linesize[0] * s->prev_frame->height); + av_frame_copy(diffFrame, s->prev_frame); } // Do inverse blending @@ -923,8 +921,7 @@ static int encode_apng(AVCodecContext *avctx, AVPacket *pkt, } // Do disposal, but not blending - memcpy(s->prev_frame->data[0], s->last_frame->data[0], - s->last_frame->linesize[0] * s->last_frame->height); + av_frame_copy(s->prev_frame, s->last_frame); if (s->last_frame_fctl.dispose_op == APNG_DISPOSE_OP_BACKGROUND) { uint32_t y; uint8_t bpp = (s->bits_per_pixel + 7) >> 3; |