search

WangYongHai / libyuv

Automatically exported from code.google.com/p/libyuv
BSD 3-Clause "New" or "Revised" License
0 stars 0 forks source link

ARGBScale will cause overread. #328

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 

use a bitmap (1154x1536) scale to (601,800) 

//code 
        int w = 601;
    int h = 800;

    BYTE* pTagData = new BYTE[w*h*4];
    ARGBScale(pData,width*4,width,height,pTagData,w*4,w,h,kFilterBox);

it will crash in

InterpolateRow_C(uint8* dst_ptr, const uint8* src_ptr,
    ptrdiff_t src_stride,
    int width, int source_y_fraction)

because it use clip_src_width as width ,and clip_src_width > src_stride.

ScaleARGBBilinearDown
InterpolateRow(row, src, src_stride, clip_src_width, yf);

i use InterpolateRow(row, src, src_stride, src_stride, yf); and it work well.
but i do not sure it's right to edit the code.

thanks for everyone response.

Original issue reported on code.google.com by istring0...@gmail.com on 28 Apr 2014 at 8:30

GoogleCodeExporter commented 9 years ago 
I've seen that before, but thought I fixed it.  Are you on the most recent 
version?

My solution was to limit the clip_src_width to width.

Original comment by fbarch...@google.com on 30 Apr 2014 at 12:28

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
yes, i have seen the reversion 983 
https://webrtc-codereview.appspot.com/10159004/patch/1/4

thanks a lot

Original comment by istring0...@gmail.com on 7 May 2014 at 1:35

GoogleCodeExporter commented 9 years ago 
So in r983 and greater the overread is fixed?  Okay to close this bug?

Original comment by fbarch...@chromium.org on 13 May 2014 at 12:23

GoogleCodeExporter commented 9 years ago

Original comment by fbarch...@chromium.org on 21 May 2014 at 1:59