vp9: don't overread by 4 pixels in ff_vp9_avg4_mmxext().

If the block is at the end of the allocated buffer and there is no padding, this will over-read, which may cause crashes. Reported by Firefox.
3 years ago · 6e13c30a8f
parent d42b410e05
commit 6e13c30a8f
1 changed files with 5 additions and 0 deletions
--- a/libavcodec/x86/vp9mc.asm
+++ b/libavcodec/x86/vp9mc.asm
@ -604,7 +604,12 @@ cglobal vp9_%1%2 %+ %%szsuf, 5, 5, %8, dst, dstride, src, sstride, h
    %%pavg      m0, [dstq]
    %%pavg      m1, [dstq+d%3]
    %%pavg      m2, [dstq+d%4]
+%if %2 == 4
+    %%srcfn     m4, [dstq+d%5]
+    %%pavg      m3, m4
+%else
    %%pavg      m3, [dstq+d%5]
+%endif
 %if %2/mmsize == 8
    %%pavg      m4, [dstq+mmsize*4]
    %%pavg      m5, [dstq+mmsize*5]