42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From 09e6840cf7a3ee07a73c3ae88a020bf27ca1a667 Mon Sep 17 00:00:00 2001
|
|
From: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
|
Date: Wed, 13 Mar 2024 02:10:26 +0100
|
|
Subject: [PATCH] avcodec/ppc/vp8dsp_altivec: Fix out-of-bounds access
|
|
|
|
h_subpel_filters_inner[i] and h_subpel_filters_outer[i / 2]
|
|
belong together and the former allows the range 0..6,
|
|
so the latter needs to support 0..3. But it has only three
|
|
elements. Add another one.
|
|
The value for the last element has been guesstimated
|
|
from subpel_filters in libavcodec/vp8dsp.c.
|
|
|
|
This is also intended to fix FATE-failures with UBSan here:
|
|
https://fate.ffmpeg.org/report.cgi?time=20240312011016&slot=ppc-linux-gcc-13.2-ubsan-altivec-qemu
|
|
|
|
Tested-by: Sean McGovern <gseanmcg@gmail.com>
|
|
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@outlook.com>
|
|
---
|
|
libavcodec/ppc/vp8dsp_altivec.c | 3 ++-
|
|
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/libavcodec/ppc/vp8dsp_altivec.c b/libavcodec/ppc/vp8dsp_altivec.c
|
|
index 12dac8b0a8..061914fc38 100644
|
|
--- a/libavcodec/ppc/vp8dsp_altivec.c
|
|
+++ b/libavcodec/ppc/vp8dsp_altivec.c
|
|
@@ -50,11 +50,12 @@ static const vec_s8 h_subpel_filters_inner[7] =
|
|
// for 6tap filters, these are the outer two taps
|
|
// The zeros mask off pixels 4-7 when filtering 0-3
|
|
// and vice-versa
|
|
-static const vec_s8 h_subpel_filters_outer[3] =
|
|
+static const vec_s8 h_subpel_filters_outer[4] =
|
|
{
|
|
REPT4(0, 0, 2, 1),
|
|
REPT4(0, 0, 3, 3),
|
|
REPT4(0, 0, 1, 2),
|
|
+ REPT4(0, 0, 0, 0),
|
|
};
|
|
|
|
#define LOAD_H_SUBPEL_FILTER(i) \
|
|
--
|
|
2.33.0
|