From 79b1eacba9c3f7d871cd034f893e574c593ed128 Mon Sep 17 00:00:00 2001
From: Richard Antalik <richardantalik@gmail.com>
Date: Tue, 24 Oct 2023 04:37:34 +0200
Subject: [PATCH] Fix #113890: Buffer overread when rendering after strip
 content range

Caused by incorrect frame index clamping in `SEQ_give_frame_index()`.
---
 source/blender/sequencer/intern/strip_time.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/blender/sequencer/intern/strip_time.cc b/source/blender/sequencer/intern/strip_time.cc
index d58d3ed1825..5f96942b50c 100644
--- a/source/blender/sequencer/intern/strip_time.cc
+++ b/source/blender/sequencer/intern/strip_time.cc
@@ -68,7 +68,7 @@ float SEQ_give_frame_index(const Scene *scene, Sequence *seq, float timeline_fra
   float frame_index;
   float sta = SEQ_time_start_frame_get(seq);
   float end = SEQ_time_content_end_frame_get(scene, seq) - 1;
-  const float length = seq->len;
+  const float frame_index_max = seq->len - 1;
 
   if (seq->type & SEQ_TYPE_EFFECT) {
     end = SEQ_time_right_handle_frame_get(scene, seq);
@@ -95,10 +95,10 @@ float SEQ_give_frame_index(const Scene *scene, Sequence *seq, float timeline_fra
 
   if (SEQ_retiming_is_active(seq)) {
     const float retiming_factor = seq_retiming_evaluate(seq, frame_index);
-    frame_index = retiming_factor * (length);
+    frame_index = retiming_factor * frame_index_max;
   }
   /* Clamp frame index to strip content frame range. */
-  frame_index = clamp_f(frame_index, 0, length);
+  frame_index = clamp_f(frame_index, 0, frame_index_max);
 
   if (seq->strobe < 1.0f) {
     seq->strobe = 1.0f;