Commit 36e1490b authored by Ronald S. Bultje's avatar Ronald S. Bultje

Over-allocate level array by 3-bytes

This is a workaround so that the AVX2 implementation of deblock can
index the levels array starting from the level type, which causes it
to over-read by up to 3 bytes. This is intended to fix #269.
parent 0282f6f3
Pipeline #6388 passed with stages
in 6 minutes and 12 seconds
......@@ -2692,7 +2692,9 @@ int dav1d_decode_frame(Dav1dFrameContext *const f) {
freep(&f->lf.level);
freep(&f->frame_thread.b);
f->lf.mask = malloc(f->sb128w * f->sb128h * sizeof(*f->lf.mask));
f->lf.level = malloc(f->sb128w * f->sb128h * 32 * 32 *
// over-allocate by 3 bytes since some of the SIMD implementations
// index this from the level type and can thus over-read by up to 3
f->lf.level = malloc(3 + f->sb128w * f->sb128h * 32 * 32 *
sizeof(*f->lf.level));
if (!f->lf.mask || !f->lf.level) goto error;
if (c->n_fc > 1) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment