On Wed, Feb 22, 2012 at 04:49:59PM -0800, Ronald S. Bultje wrote: > From: "Ronald S. Bultje" <[email protected]> > > Fixes crashes for extremely large resizes (several 100-fold). > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC: [email protected] > --- > libswscale/x86/swscale_mmx.c | 38 ++++++++++++++++++++++++++++++++++++++ > 1 files changed, 38 insertions(+), 0 deletions(-) > > diff --git a/libswscale/x86/swscale_mmx.c b/libswscale/x86/swscale_mmx.c > index 764472e..64d5f0f 100644 > --- a/libswscale/x86/swscale_mmx.c > +++ b/libswscale/x86/swscale_mmx.c > @@ -117,6 +117,44 @@ void updateMMXDitherTables(SwsContext *c, int dstY, int > lumBufIndex, int chrBufI > const int16_t **chrUSrcPtr= (const int16_t **) chrUPixBuf + > chrBufIndex + firstChrSrcY - lastInChrBuf + vChrBufSize; > const int16_t **alpSrcPtr= (CONFIG_SWSCALE_ALPHA && alpPixBuf) ? > (const int16_t **) alpPixBuf + lumBufIndex + firstLumSrcY - lastInLumBuf + > vLumBufSize : NULL; > int i; > + > + if (firstLumSrcY < 0 || firstLumSrcY + vLumFilterSize > c->srcH) { > + const int16_t **tmpY = (const int16_t **) lumPixBuf + 2 * > vLumBufSize; > + int neg = -firstLumSrcY, i, end = FFMIN(c->srcH - firstLumSrcY, > vLumFilterSize); > + for (i = 0; i < neg; i++) > + tmpY[i] = lumSrcPtr[neg]; > + for ( ; i < end; i++) > + tmpY[i] = lumSrcPtr[i]; > + for ( ; i < vLumFilterSize; i++) > + tmpY[i] = tmpY[i-1];
looks okay, though those tails (;i < vXxxFilterSize; i++) can be optimised since they set the same value _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
