[FFmpeg-cvslog] videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations.
ffmpeg | branch: release/2.8 | Ronald S. Bultje| Sat Jan 16 14:44:28 2016 -0500| [62b2b2195b7eac8570ef31b8306916a1a53a537b] | committer: Michael Niedermayer videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations. This can overread (either before start or beyond end) of the buffer in Nx1 (i.e. height=1) images. Fixes mozilla bug 1240080. (cherry picked from commit 0f88b3f82fafd536979993aeaafcb11a22266dbd) Signed-off-by: Michael Niedermayer > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=62b2b2195b7eac8570ef31b8306916a1a53a537b --- libavcodec/x86/videodsp.asm | 21 ++--- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/libavcodec/x86/videodsp.asm b/libavcodec/x86/videodsp.asm index 48f5ac0..a807d3b 100644 --- a/libavcodec/x86/videodsp.asm +++ b/libavcodec/x86/videodsp.asm @@ -193,14 +193,10 @@ hvar_fn movvalb, [srcq+%2-1] %elif (%2-%%off) == 2 movvalw, [srcq+%2-2] -%elifidn %1, body +%else movvalb, [srcq+%2-1] -salvald, 16 +rorvald, 16 movvalw, [srcq+%2-3] -%elifidn %1, bottom -movd mm %+ %%mmx_idx, [srcq+%2-4] -%else ; top -movd mm %+ %%mmx_idx, [srcq+%2-3] %endif %endif ; (%2-%%off) >= 1 %endmacro ; READ_NUM_BYTES @@ -253,18 +249,13 @@ hvar_fn mov [dstq+%2-1], valb %elif (%2-%%off) == 2 mov [dstq+%2-2], valw -%elifidn %1, body -mov [dstq+%2-3], valw -sarvald, 16 -mov [dstq+%2-1], valb %else -movd vald, mm %+ %%mmx_idx -%ifidn %1, bottom -sarvald, 8 -%endif mov [dstq+%2-3], valw -sarvald, 16 +rorvald, 16 mov [dstq+%2-1], valb +%ifnidn %1, body +rorvald, 16 +%endif %endif %endif ; (%2-%%off) >= 1 %endmacro ; WRITE_NUM_BYTES ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
[FFmpeg-cvslog] videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations.
ffmpeg | branch: master | Ronald S. Bultje| Sat Jan 16 14:44:28 2016 -0500| [0f88b3f82fafd536979993aeaafcb11a22266dbd] | committer: Ronald S. Bultje videodsp: fix 1-byte overread in top/bottom READ_NUM_BYTES iterations. This can overread (either before start or beyond end) of the buffer in Nx1 (i.e. height=1) images. Fixes mozilla bug 1240080. > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0f88b3f82fafd536979993aeaafcb11a22266dbd --- libavcodec/x86/videodsp.asm | 21 ++--- 1 file changed, 6 insertions(+), 15 deletions(-) diff --git a/libavcodec/x86/videodsp.asm b/libavcodec/x86/videodsp.asm index 48f5ac0..a807d3b 100644 --- a/libavcodec/x86/videodsp.asm +++ b/libavcodec/x86/videodsp.asm @@ -193,14 +193,10 @@ hvar_fn movvalb, [srcq+%2-1] %elif (%2-%%off) == 2 movvalw, [srcq+%2-2] -%elifidn %1, body +%else movvalb, [srcq+%2-1] -salvald, 16 +rorvald, 16 movvalw, [srcq+%2-3] -%elifidn %1, bottom -movd mm %+ %%mmx_idx, [srcq+%2-4] -%else ; top -movd mm %+ %%mmx_idx, [srcq+%2-3] %endif %endif ; (%2-%%off) >= 1 %endmacro ; READ_NUM_BYTES @@ -253,18 +249,13 @@ hvar_fn mov [dstq+%2-1], valb %elif (%2-%%off) == 2 mov [dstq+%2-2], valw -%elifidn %1, body -mov [dstq+%2-3], valw -sarvald, 16 -mov [dstq+%2-1], valb %else -movd vald, mm %+ %%mmx_idx -%ifidn %1, bottom -sarvald, 8 -%endif mov [dstq+%2-3], valw -sarvald, 16 +rorvald, 16 mov [dstq+%2-1], valb +%ifnidn %1, body +rorvald, 16 +%endif %endif %endif ; (%2-%%off) >= 1 %endmacro ; WRITE_NUM_BYTES ___ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog