ffplay: fix sws_scale possible out of bounds array access

As I used simple RGBA formats for subtitles and for the video texture if avfilter is disabled I kind of assumed that sws_scale won't access data pointers and strides above index 0, but apparently that is not the case. Fixes Coverity CID 1396737, 1396738, 1396739, 1396740. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Marton Balint <cus@passwd.hu>
author: Marton Balint <cus@passwd.hu> 2016-12-10 12:46:54 +0100
committer: Marton Balint <cus@passwd.hu> 2016-12-10 23:24:05 +0100
commit: 47e47cfb0797a2af051b86e8c02fc7479c6845f0 (patch)
tree: fede8541f9ed5e9655f0aef55c609e6b573e675c
parent: 314c425b16aec71b2e8d58ea090a0e0060911833 (diff)
download: ffmpeg-47e47cfb0797a2af051b86e8c02fc7479c6845f0.tar.gz
1 files changed, 8 insertions, 8 deletions
diff --git a/ffplay.c b/ffplay.c
index 79dc76889e..6e30ccf3b9 100644
--- a/ffplay.c
+++ b/ffplay.c
@@ -874,11 +874,11 @@ static int upload_texture(SDL_Texture *tex, AVFrame *frame, struct SwsContext **
                 frame->width, frame->height, frame->format, frame->width, frame->height,
                 AV_PIX_FMT_BGRA, sws_flags, NULL, NULL, NULL);
             if (*img_convert_ctx != NULL) {
-                uint8_t *pixels;
-                int pitch;
-                if (!SDL_LockTexture(tex, NULL, (void **)&pixels, &pitch)) {
+                uint8_t *pixels[4];
+                int pitch[4];
+                if (!SDL_LockTexture(tex, NULL, (void **)pixels, pitch)) {
                     sws_scale(*img_convert_ctx, (const uint8_t * const *)frame->data, frame->linesize,
-                              0, frame->height, &pixels, &pitch);
+                              0, frame->height, pixels, pitch);
                     SDL_UnlockTexture(tex);
                 }
             } else {
@@ -904,8 +904,8 @@ static void video_image_display(VideoState *is)
 
                 if (vp->pts >= sp->pts + ((float) sp->sub.start_display_time / 1000)) {
                     if (!sp->uploaded) {
-                        uint8_t *pixels;
-                        int pitch;
+                        uint8_t* pixels[4];
+                        int pitch[4];
                         int i;
                         if (!sp->width || !sp->height) {
                             sp->width = vp->width;
@@ -930,9 +930,9 @@ static void video_image_display(VideoState *is)
                                 av_log(NULL, AV_LOG_FATAL, "Cannot initialize the conversion context\n");
                                 return;
                             }
-                            if (!SDL_LockTexture(is->sub_texture, (SDL_Rect *)sub_rect, (void **)&pixels, &pitch)) {
+                            if (!SDL_LockTexture(is->sub_texture, (SDL_Rect *)sub_rect, (void **)pixels, pitch)) {
                                 sws_scale(is->sub_convert_ctx, (const uint8_t * const *)sub_rect->data, sub_rect->linesize,
-                                          0, sub_rect->h, &pixels, &pitch);
+                                          0, sub_rect->h, pixels, pitch);
                                 SDL_UnlockTexture(is->sub_texture);
                             }
                         }
author	Marton Balint <cus@passwd.hu>	2016-12-10 12:46:54 +0100
committer	Marton Balint <cus@passwd.hu>	2016-12-10 23:24:05 +0100
commit	47e47cfb0797a2af051b86e8c02fc7479c6845f0 (patch)
tree	fede8541f9ed5e9655f0aef55c609e6b573e675c
parent	314c425b16aec71b2e8d58ea090a0e0060911833 (diff)
download	ffmpeg-47e47cfb0797a2af051b86e8c02fc7479c6845f0.tar.gz