From 0fbc9bbbbb39b9a6f62d57f237052b64eefac578 Mon Sep 17 00:00:00 2001
From: Timo Rothenpieler <timo@rothenpieler.org>
Date: Sun, 11 Jun 2017 14:56:44 +0200
Subject: [PATCH] avfilter/vf_scale_npp: fix out-of-bounds reads

Fixes CIDs 1396414 and 1396415
---
 libavfilter/vf_scale_npp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/vf_scale_npp.c b/libavfilter/vf_scale_npp.c
index b5acce653b0..c36772e8005 100644
--- a/libavfilter/vf_scale_npp.c
+++ b/libavfilter/vf_scale_npp.c
@@ -400,7 +400,7 @@ static int nppscale_resize(AVFilterContext *ctx, NPPScaleStageContext *stage,
     NppStatus err;
     int i;
 
-    for (i = 0; i < FF_ARRAY_ELEMS(in->data) && in->data[i]; i++) {
+    for (i = 0; i < FF_ARRAY_ELEMS(stage->planes_in) && i < FF_ARRAY_ELEMS(in->data) && in->data[i]; i++) {
         int iw = stage->planes_in[i].width;
         int ih = stage->planes_in[i].height;
         int ow = stage->planes_out[i].width;
-- 
GitLab