ffplay: fix sws_scale possible out of bounds array access

As I used simple RGBA formats for subtitles and for the video texture if avfilter is disabled I kind of assumed that sws_scale won't access data pointers and strides above index 0, but apparently that is not the case. Fixes Coverity CID 1396737, 1396738, 1396739, 1396740. Reviewed-by: Michael Niedermayer <michael@niedermayer.cc> Signed-off-by: Marton Balint <cus@passwd.hu>
author: Marton Balint <cus@passwd.hu> 2016-12-10 14:46:54 +0300
committer: Marton Balint <cus@passwd.hu> 2016-12-11 01:22:11 +0300
commit: 1f3910262e1b9091f597ebbb710b478d40319986 (patch)
tree: 8bcd397d8e1e10a9949b524b3d3365db7dbb567a /ffplay.c
parent: 3703f13333e24540a5ef132e7b2a9c0ded7e4531 (diff)
1 files changed, 8 insertions, 8 deletions
diff --git a/ffplay.c b/ffplay.c
index bb781a2ab5..911fd7f947 100644
--- a/ffplay.c
+++ b/ffplay.c
@@ -883,11 +883,11 @@ static int upload_texture(SDL_Texture *tex, AVFrame *frame, struct SwsContext **
                 frame->width, frame->height, frame->format, frame->width, frame->height,
                 AV_PIX_FMT_BGRA, sws_flags, NULL, NULL, NULL);
             if (*img_convert_ctx != NULL) {
-                uint8_t *pixels;
-                int pitch;
-                if (!SDL_LockTexture(tex, NULL, (void **)&pixels, &pitch)) {
+                uint8_t *pixels[4];
+                int pitch[4];
+                if (!SDL_LockTexture(tex, NULL, (void **)pixels, pitch)) {
                     sws_scale(*img_convert_ctx, (const uint8_t * const *)frame->data, frame->linesize,
-                              0, frame->height, &pixels, &pitch);
+                              0, frame->height, pixels, pitch);
                     SDL_UnlockTexture(tex);
                 }
             } else {
@@ -913,8 +913,8 @@ static void video_image_display(VideoState *is)
 
                 if (vp->pts >= sp->pts + ((float) sp->sub.start_display_time / 1000)) {
                     if (!sp->uploaded) {
-                        uint8_t *pixels;
-                        int pitch;
+                        uint8_t* pixels[4];
+                        int pitch[4];
                         int i;
                         if (!sp->width || !sp->height) {
                             sp->width = vp->width;
@@ -939,9 +939,9 @@ static void video_image_display(VideoState *is)
                                 av_log(NULL, AV_LOG_FATAL, "Cannot initialize the conversion context\n");
                                 return;
                             }
-                            if (!SDL_LockTexture(is->sub_texture, (SDL_Rect *)sub_rect, (void **)&pixels, &pitch)) {
+                            if (!SDL_LockTexture(is->sub_texture, (SDL_Rect *)sub_rect, (void **)pixels, pitch)) {
                                 sws_scale(is->sub_convert_ctx, (const uint8_t * const *)sub_rect->data, sub_rect->linesize,
-                                          0, sub_rect->h, &pixels, &pitch);
+                                          0, sub_rect->h, pixels, pitch);
                                 SDL_UnlockTexture(is->sub_texture);
                             }
                         }
author	Marton Balint <cus@passwd.hu>	2016-12-10 14:46:54 +0300
committer	Marton Balint <cus@passwd.hu>	2016-12-11 01:22:11 +0300
commit	1f3910262e1b9091f597ebbb710b478d40319986 (patch)
tree	8bcd397d8e1e10a9949b524b3d3365db7dbb567a /ffplay.c
parent	3703f13333e24540a5ef132e7b2a9c0ded7e4531 (diff)