From 252746d052652b48f7bc0652e7c1601b1e997d9c Mon Sep 17 00:00:00 2001 From: Stefano Sabatini Date: Sat, 8 Sep 2012 00:31:41 +0200 Subject: [PATCH] lavu/imgutils: add consistency checks to av_image_copy_plane() Add assertions and abort in case of invalid |dst_linesize| < bytewidth or |src_linesize| < bytewidth. Avoid to silently corrupt memory. --- libavutil/imgutils.c | 3 +++ libavutil/imgutils.h | 3 +++ libavutil/version.h | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libavutil/imgutils.c b/libavutil/imgutils.c index 8595ba1bbf..3060b0705f 100644 --- a/libavutil/imgutils.c +++ b/libavutil/imgutils.c @@ -21,6 +21,7 @@ * misc image utilities */ +#include "avassert.h" #include "common.h" #include "imgutils.h" #include "internal.h" @@ -244,6 +245,8 @@ void av_image_copy_plane(uint8_t *dst, int dst_linesize, { if (!dst || !src) return; + av_assert0(abs(src_linesize) >= bytewidth); + av_assert0(abs(dst_linesize) >= bytewidth); for (;height > 0; height--) { memcpy(dst, src, bytewidth); dst += dst_linesize; diff --git a/libavutil/imgutils.h b/libavutil/imgutils.h index a9317a71e1..ab32d667d3 100644 --- a/libavutil/imgutils.h +++ b/libavutil/imgutils.h @@ -99,6 +99,9 @@ int av_image_alloc(uint8_t *pointers[4], int linesizes[4], * The first byte of each successive line is separated by *_linesize * bytes. * + * bytewidth must be contained by both absolute values of dst_linesize + * and src_linesize, otherwise the function behavior is undefined. + * * @param dst_linesize linesize for the image plane in dst * @param src_linesize linesize for the image plane in src */ diff --git a/libavutil/version.h b/libavutil/version.h index 792086a3ab..9902f0fc3d 100644 --- a/libavutil/version.h +++ b/libavutil/version.h @@ -76,7 +76,7 @@ #define LIBAVUTIL_VERSION_MAJOR 52 #define LIBAVUTIL_VERSION_MINOR 9 -#define LIBAVUTIL_VERSION_MICRO 100 +#define LIBAVUTIL_VERSION_MICRO 101 #define LIBAVUTIL_VERSION_INT AV_VERSION_INT(LIBAVUTIL_VERSION_MAJOR, \ LIBAVUTIL_VERSION_MINOR, \