| From 82ad1b76751bcfad5005440db48c46a4de5d6f02 Mon Sep 17 00:00:00 2001 |
| From: Michael Niedermayer <michael@niedermayer.cc> |
| Date: Sat, 29 May 2021 09:58:31 +0200 |
| Subject: [PATCH] avfilter/vf_vmafmotion: Check dimensions |
| |
| Fixes: out of array access |
| Fixes: Ticket8241 |
| Fixes: Ticket8246 |
| Fixes: CVE-2020-22019 |
| Fixes: CVE-2020-22033 |
| |
| Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> |
| |
| |
| CVE: CVE-2020-22033 |
| CVE: CVE-2020-22019 |
| Upstream-Status: Backport [82ad1b76751bcfad5005440db48c46a4de5d6f02] |
| |
| Signed-off-by: Tony Tascioglu <tony.tascioglu@windriver.com> |
| --- |
| libavfilter/vf_vmafmotion.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| diff --git a/libavfilter/vf_vmafmotion.c b/libavfilter/vf_vmafmotion.c |
| index 2db4783d8d..454ebb8afa 100644 |
| --- a/libavfilter/vf_vmafmotion.c |
| +++ b/libavfilter/vf_vmafmotion.c |
| @@ -238,6 +238,9 @@ int ff_vmafmotion_init(VMAFMotionData *s, |
| int i; |
| const AVPixFmtDescriptor *desc = av_pix_fmt_desc_get(fmt); |
| |
| + if (w < 3 || h < 3) |
| + return AVERROR(EINVAL); |
| + |
| s->width = w; |
| s->height = h; |
| s->stride = FFALIGN(w * sizeof(uint16_t), 32); |
| -- |
| 2.32.0 |
| |