ref: 36e1490b31ba4cbc5a31bbe50beb9f04d023e6d2
parent: 0282f6f3d5916fdd169c3af6c3250ed214308f5c
author: Ronald S. Bultje <rsbultje@gmail.com>
date: Tue Apr 16 05:18:22 EDT 2019
Over-allocate level array by 3-bytes This is a workaround so that the AVX2 implementation of deblock can index the levels array starting from the level type, which causes it to over-read by up to 3 bytes. This is intended to fix #269.
--- a/src/decode.c
+++ b/src/decode.c
@@ -2692,7 +2692,9 @@
freep(&f->lf.level);
freep(&f->frame_thread.b);
f->lf.mask = malloc(f->sb128w * f->sb128h * sizeof(*f->lf.mask));
- f->lf.level = malloc(f->sb128w * f->sb128h * 32 * 32 *
+ // over-allocate by 3 bytes since some of the SIMD implementations
+ // index this from the level type and can thus over-read by up to 3
+ f->lf.level = malloc(3 + f->sb128w * f->sb128h * 32 * 32 *
sizeof(*f->lf.level));
if (!f->lf.mask || !f->lf.level) goto error;
if (c->n_fc > 1) {