From c4255f08f787ff6a41504b538fa4c2e911d40ec7 Mon Sep 17 00:00:00 2001 From: Camilo Celis Guzman Date: Mon, 18 Apr 2022 18:14:44 +0900 Subject: [PATCH] video-frame: avoid possible out of bound memory access Although the components' initialization code would fill in -1 to all unset components, make the code a bit more defensive and check for an index bound first. Part-of: --- subprojects/gst-plugins-base/gst-libs/gst/video/video-frame.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/subprojects/gst-plugins-base/gst-libs/gst/video/video-frame.c b/subprojects/gst-plugins-base/gst-libs/gst/video/video-frame.c index d920912..a1bfe39 100644 --- a/subprojects/gst-plugins-base/gst-libs/gst/video/video-frame.c +++ b/subprojects/gst-plugins-base/gst-libs/gst/video/video-frame.c @@ -283,7 +283,7 @@ scale_tile_shifts (const GstVideoFormatInfo * finfo, gint plane, guint * ws, guint * hs) { gint comp[GST_VIDEO_MAX_COMPONENTS]; - gint i; + gint i = 1; gst_video_format_info_component (finfo, plane, comp); @@ -294,8 +294,10 @@ scale_tile_shifts (const GstVideoFormatInfo * finfo, gint plane, guint * ws, /* for each additional component in the same plane, double the tile width, * this should provide the appropriate tile size when the tile size varies * base on the subsampling. */ - for (i = 1; comp[i] >= 0; i++) + while (i < GST_VIDEO_MAX_COMPONENTS && comp[i] >= 0) { *ws += 1; + i++; + } } -- 2.7.4