Commit e71ca21f authored by Michael Niedermayer's avatar Michael Niedermayer

avcodec/motion_est_template: Fix undefined behavior in small_diamond_search()

Fixes: asan_heap-oob_394322e_138_cov_4265020547_CVPCMNL1_SVA_C.264

Found-by: Samuel Groß, Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent ae55fc82
...@@ -426,8 +426,8 @@ static av_always_inline int small_diamond_search(MpegEncContext * s, int *best, ...@@ -426,8 +426,8 @@ static av_always_inline int small_diamond_search(MpegEncContext * s, int *best,
chroma_cmpf = s->mecc.me_cmp[size + 1]; chroma_cmpf = s->mecc.me_cmp[size + 1];
{ /* ensure that the best point is in the MAP as h/qpel refinement needs it */ { /* ensure that the best point is in the MAP as h/qpel refinement needs it */
const unsigned key = (best[1]<<ME_MAP_MV_BITS) + best[0] + map_generation; const unsigned key = ((unsigned)best[1]<<ME_MAP_MV_BITS) + best[0] + map_generation;
const int index= ((best[1]<<ME_MAP_SHIFT) + best[0])&(ME_MAP_SIZE-1); const int index= (((unsigned)best[1]<<ME_MAP_SHIFT) + best[0])&(ME_MAP_SIZE-1);
if(map[index]!=key){ //this will be executed only very rarey if(map[index]!=key){ //this will be executed only very rarey
score_map[index]= cmp(s, best[0], best[1], 0, 0, size, h, ref_index, src_index, cmpf, chroma_cmpf, flags); score_map[index]= cmp(s, best[0], best[1], 0, 0, size, h, ref_index, src_index, cmpf, chroma_cmpf, flags);
map[index]= key; map[index]= key;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment