[vlc-devel] [patch] i420_rgb: buffer overflow

Francois Cartegnie fcvlcdev at free.fr
Thu Jan 24 18:07:08 CET 2019

Le 22/01/2019 à 18:44, jnqnfe at gmail.com a écrit :
> patch attached
> Incorrect pointer offset calculation in SSE2 (non-assembly version)
> RGB15 unpacking.
> Could, I believe, allow almost 128 bytes to be written past the end of
> the end of the buffer on last loop iteration.

So after investigating,
the only way to trigger that code path is (and probably why it never

- Build without swscale
- Build without asm tool (CAN_COMPILE_SSE2) but with intrinsics

In the use
- Have some I420 to RV15 conversion (unlikely in display)
- Have unaligned pixels

And it will overflow by 16 bytes at the end of the buffer, only if there
is no alignment.

Francois Cartegnie
VideoLAN - VLC Developer

More information about the vlc-devel mailing list