From: Michael Niedermayer <mich...@niedermayer.cc>
In case of bitstream errors the deblock filter and slices can access
uninitialized
top_borders from previous slices which did not fill them as they stoped halfway
due
to error or where entirely missing
Found-by: Tyson Smith
Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc>
---
libavcodec/h264_slice.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/h264_slice.c b/libavcodec/h264_slice.c
index eceda8a..2eaffa5 100644
--- a/libavcodec/h264_slice.c
+++ b/libavcodec/h264_slice.c
@@ -171,9 +171,9 @@ static int alloc_scratch_buffers(H264SliceContext *sl, int
linesize)
// (= 21x21 for h264)
av_fast_malloc(&sl->edge_emu_buffer, &sl->edge_emu_buffer_allocated,
alloc_size * 2 * 21);
- av_fast_malloc(&sl->top_borders[0], &sl->top_borders_allocated[0],
+ av_fast_mallocz(&sl->top_borders[0], &sl->top_borders_allocated[0],
h->mb_width * 16 * 3 * sizeof(uint8_t) * 2);
- av_fast_malloc(&sl->top_borders[1], &sl->top_borders_allocated[1],
+ av_fast_mallocz(&sl->top_borders[1], &sl->top_borders_allocated[1],
h->mb_width * 16 * 3 * sizeof(uint8_t) * 2);
if (!sl->bipred_scratchpad || !sl->edge_emu_buffer ||
--
1.7.9.5
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
