swscale/utils: Limit filter shifting so as not to read from prior the array

Fixes out of array read Fixes: asan_heap-oob_1fb2f9b_3780_cov_3984375136_usf.mkv Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <michaelni@gmx.at> (cherry picked from commit 692b22626ec9a9585f667c124a186b1a9796e432) Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer <michaelni@gmx.at> 2015-02-05 00:12:08 +0100
committer: Michael Niedermayer <michaelni@gmx.at> 2015-02-05 00:42:51 +0100
commit: 42d9a7010f2d24e93c12c001430186d544eea591 (patch)
tree: 921e445a140d8c3d49b78b0125803855799f1c17
parent: fd6a9fcd427b86c0a249a8cdb33f746f33706725 (diff)
download: ffmpeg-42d9a7010f2d24e93c12c001430186d544eea591.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/libswscale/utils.c b/libswscale/utils.c
index 69ae7d8659..de40bf5c34 100644
--- a/libswscale/utils.c
+++ b/libswscale/utils.c
@@ -571,14 +571,15 @@ static int initFilter(int16_t **outFilter, int32_t **filterPos,
         }
 
         if ((*filterPos)[i] + filterSize > srcW) {
-            int shift = (*filterPos)[i] + filterSize - srcW;
+            int shift = (*filterPos)[i] + FFMIN(filterSize - srcW, 0);
+
             // move filter coefficients right to compensate for filterPos
             for (j = filterSize - 2; j >= 0; j--) {
                 int right = FFMIN(j + shift, filterSize - 1);
                 filter[i * filterSize + right] += filter[i * filterSize + j];
                 filter[i * filterSize + j]      = 0;
             }
-            (*filterPos)[i]= srcW - filterSize;
+            (*filterPos)[i]-= shift;
         }
     }
author	Michael Niedermayer <michaelni@gmx.at>	2015-02-05 00:12:08 +0100
committer	Michael Niedermayer <michaelni@gmx.at>	2015-02-05 00:42:51 +0100
commit	42d9a7010f2d24e93c12c001430186d544eea591 (patch)
tree	921e445a140d8c3d49b78b0125803855799f1c17
parent	fd6a9fcd427b86c0a249a8cdb33f746f33706725 (diff)
download	ffmpeg-42d9a7010f2d24e93c12c001430186d544eea591.tar.gz