Fix possible crashes in resize and crop filters with high bitdepth input

diff --git a/filters/video/crop.c b/filters/video/crop.c
index a58813b77d3789c44aea1c7c7bd0f5fad4140f9c..98faab741f22ee392a106ec411043ce270b2af0f 100644 (file)
--- a/filters/video/crop.c
+++ b/filters/video/crop.c
@@ -105,8 +105,7 @@ static int get_frame( hnd_t handle, cli_pic_t *output, int frame )
     for( int i = 0; i < output->img.planes; i++ )
     {
         intptr_t offset = output->img.stride[i] * h->dims[1] * h->csp->height[i];
-        offset += h->dims[0] * h->csp->width[i];
-        offset *= x264_cli_csp_depth_factor( output->img.csp );
+        offset += h->dims[0] * h->csp->width[i] * x264_cli_csp_depth_factor( output->img.csp );
         output->img.plane[i] += offset;
     }
     return 0;

diff --git a/filters/video/resize.c b/filters/video/resize.c
index 197a0e385c3f0d42e54f667db5ce9e9196186bd5..1974710555acc9abeb5762b058ec668eb5236f87 100644 (file)
--- a/filters/video/resize.c
+++ b/filters/video/resize.c
@@ -392,7 +392,7 @@ static int check_resizer( resizer_hnd_t *h, cli_pic_t *in )
     h->scale = input_prop;
     if( !h->buffer_allocated )
     {
-        if( x264_cli_pic_alloc( &h->buffer, h->dst_csp, h->dst.width, h->dst.height ) )
+        if( x264_cli_pic_alloc_aligned( &h->buffer, h->dst_csp, h->dst.width, h->dst.height ) )
             return -1;
         h->buffer_allocated = 1;
     }

diff --git a/input/input.c b/input/input.c
index 9c6763d23f1947e4b1ef380b65e50be8d7dc0ccb..5cb277cf000438338f58997f0fc0a73b6d6ad978 100644 (file)
--- a/input/input.c
+++ b/input/input.c
@@ -74,7 +74,7 @@ uint64_t x264_cli_pic_size( int csp, int width, int height )
     return size;
 }
 
-int x264_cli_pic_alloc( cli_pic_t *pic, int csp, int width, int height )
+static int x264_cli_pic_alloc_internal( cli_pic_t *pic, int csp, int width, int height, int align )
 {
     memset( pic, 0, sizeof(cli_pic_t) );
     int csp_mask = csp & X264_CSP_MASK;
@@ -87,15 +87,29 @@ int x264_cli_pic_alloc( cli_pic_t *pic, int csp, int width, int height )
     pic->img.height = height;
     for( int i = 0; i < pic->img.planes; i++ )
     {
-         pic->img.plane[i] = x264_malloc( x264_cli_pic_plane_size( csp, width, height, i ) );
-         if( !pic->img.plane[i] )
-             return -1;
-         pic->img.stride[i] = width * x264_cli_csps[csp_mask].width[i] * x264_cli_csp_depth_factor( csp );
+        int stride = width * x264_cli_csps[csp_mask].width[i];
+        stride *= x264_cli_csp_depth_factor( csp );
+        stride = ALIGN( stride, align );
+        uint64_t size = (uint64_t)(height * x264_cli_csps[csp_mask].height[i]) * stride;
+        pic->img.plane[i] = x264_malloc( size );
+        if( !pic->img.plane[i] )
+            return -1;
+        pic->img.stride[i] = stride;
     }
 
     return 0;
 }
 
+int x264_cli_pic_alloc( cli_pic_t *pic, int csp, int width, int height )
+{
+    return x264_cli_pic_alloc_internal( pic, csp, width, height, 1 );
+}
+
+int x264_cli_pic_alloc_aligned( cli_pic_t *pic, int csp, int width, int height )
+{
+    return x264_cli_pic_alloc_internal( pic, csp, width, height, NATIVE_ALIGN );
+}
+
 void x264_cli_pic_clean( cli_pic_t *pic )
 {
     for( int i = 0; i < pic->img.planes; i++ )

diff --git a/input/input.h b/input/input.h
index 5137be31602a1b1722088e17a0dd6ffbda0b9c5d..a33d22a937b982436c7e5681d11c38cf42409fb8 100644 (file)
--- a/input/input.h
+++ b/input/input.h
@@ -124,6 +124,7 @@ extern const x264_cli_csp_t x264_cli_csps[];
 int      x264_cli_csp_is_invalid( int csp );
 int      x264_cli_csp_depth_factor( int csp );
 int      x264_cli_pic_alloc( cli_pic_t *pic, int csp, int width, int height );
+int      x264_cli_pic_alloc_aligned( cli_pic_t *pic, int csp, int width, int height );
 void     x264_cli_pic_clean( cli_pic_t *pic );
 uint64_t x264_cli_pic_plane_size( int csp, int width, int height, int plane );
 uint64_t x264_cli_pic_size( int csp, int width, int height );