File ffmpeg-CVE-2020-22023.patch of Package ffmpeg.32491
From 0b567238741854b41f84f7457686b044eadfe29c Mon Sep 17 00:00:00 2001
From: Paul B Mahol <onemda@gmail.com>
Date: Fri, 11 Oct 2019 12:42:13 +0200
Subject: [PATCH] avfilter/vf_bitplanenoise: fix overreads
Fixes #8244
---
libavfilter/vf_bitplanenoise.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavfilter/vf_bitplanenoise.c b/libavfilter/vf_bitplanenoise.c
index 4ec3a22572..94aa24abec 100644
--- a/libavfilter/vf_bitplanenoise.c
+++ b/libavfilter/vf_bitplanenoise.c
@@ -122,7 +122,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
if (s->depth <= 8) {
for (plane = 0; plane < s->nb_planes; plane++) {
- const int linesize = in->linesize[plane];
+ const int linesize = s->planeheight[plane] > 1 ? in->linesize[plane] : 0;
const int dlinesize = out->linesize[plane];
uint8_t *val = in->data[plane];
uint8_t *dst = s->filter ? out->data[plane]: NULL;
@@ -151,7 +151,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
}
} else {
for (plane = 0; plane < s->nb_planes; plane++) {
- const int linesize = in->linesize[plane] / 2;
+ const int linesize = s->planeheight[plane] > 1 ? in->linesize[plane] / 2 : 0;
const int dlinesize = out->linesize[plane] / 2;
uint16_t *val = (uint16_t *)in->data[plane];
uint16_t *dst = s->filter ? (uint16_t *)out->data[plane] : NULL;
--
2.31.1