Closed Marsman1996 closed 2 years ago
The overflow is caused by the accessing to the memory buffer without checking the boundary. https://github.com/rockcarry/ffjpeg/blob/0fa4cf8a86d7f23a3e8336343c1895aa634fdc76/src/jfif.c#L550-L552
ffjpeg access yuv_datbuf[1] with offset uy * yuv_stride[1] + ux without checking whether it is over the buffer size https://github.com/rockcarry/ffjpeg/blob/0fa4cf8a86d7f23a3e8336343c1895aa634fdc76/src/jfif.c#L443-L444
yuv_datbuf[1]
uy * yuv_stride[1] + ux
The overflow is caused by the accessing to the memory buffer without checking the boundary. https://github.com/rockcarry/ffjpeg/blob/0fa4cf8a86d7f23a3e8336343c1895aa634fdc76/src/jfif.c#L550-L552
ffjpeg access
yuv_datbuf[1]with offsetuy * yuv_stride[1] + uxwithout checking whether it is over the buffer size https://github.com/rockcarry/ffjpeg/blob/0fa4cf8a86d7f23a3e8336343c1895aa634fdc76/src/jfif.c#L443-L444