yuanyuanxiang/SimpleRemoter
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity

Fix: clamp ARGBToNV12 dims to even-aligned ctx width/height

Browse Source 
to prevent heap overflow on odd-sized windows
This commit is contained in:
yuanyuanxiang
2026-06-15 15:24:12 +02:00
parent d3b9e7faae
commit 931492a294
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
client/CFFmpegH264Encoder.cpp
View File

@@ -210,9 +210,10 @@ int CFFmpegH264Encoder::convertRGB24ToNV12(uint8_t* rgb, uint32_t stride,
uint32_t width, uint32_t height,
int direction)
{
int signed_height = direction * (int)height;
int w = (int)width;
int h = (int)height;
// Clamp to encoder's even-aligned frame dimensions (same reason as encode()).
int w = m_ctx->width;
int h = m_ctx->height;
int signed_height = direction * h;
int y_size = w * h;
int uv_size = (w / 2) * (h / 2);
m_i420Scratch.resize(y_size + 2 * uv_size);
@@ -249,8 +250,12 @@ int CFFmpegH264Encoder::encode(
if (!m_ctx || !m_frame || !m_packet) return -1;
if (av_frame_make_writable(m_frame) < 0) return -1;
int w = (int)width;
int h = (int)height;
// Use the encoder's even-aligned dimensions, not the raw passed-in values.
// m_ctx->width/height = p.width & ~1, m_frame is allocated for exactly those
// dimensions. If we pass an odd width/height, ARGBToNV12 writes one extra row
// past the end of m_frame->data[0] → heap corruption / access violation.
int w = m_ctx->width;
int h = m_ctx->height;
int signed_height = direction * h;
if (bpp == 32) {