Closed rrrapha closed 1 year ago
This patch fixes the MLT/Kdenlive crash on Bézier Curves.
I think the problem is with the size of the position *curve
array, because after that we have a loop using steps of 1/c, which can easily go beyond the array length.
diff --git a/src/filter/curves/curves.c b/src/filter/curves/curves.c
index 7dac2be..f1b9e75 100644
--- a/src/filter/curves/curves.c
+++ b/src/filter/curves/curves.c
@@ -666,7 +666,7 @@ void updateBsplineMap(f0r_instance_t instance)
c = 1;
}
step = 1 / (double)c;
- position *curve = (position *) malloc(c * sizeof(position));
+ position *curve = (position *) malloc((c + 1) * sizeof(position));
while (t <= 1) {
curve[pn++] = pointOnBezier(t, p);
t += step;
@j-b-m Yes, I think you are right. I have force-pushed this change.
@jaromil Any feedback on this ? It would be great to fix #156 since it prevents us to use the latest Frei0r version in Kdenlive. Thanks
@j-b-m sure, planning to re-run in address-sanitizer within this week
The solution is to improve update with a detection of correct initialization, which happens only when a parameter is changes. Will commit my fix to this PR.
Not sure if this resolves #156. At least it prevents a segfault in kdenlive for me.