Fix #111642: VSE glow code can overflow with small proxies

With such small proxy sizes (combined with a small blur radius), the kernels `halfWidth` can get zero, which leads to a memory allocation of same zero size and writing to that memory leads to overflow/crashes/can only go downhill from there. Now early out in such cases [which leads to slightly different output -- well if the "buggy" output survives and does not crash that is]. (alternatively we could just prevent the overflow and still let do `RVBlurBitmap2_float` do stuff that it really shouldnt imo, see first version of the PR) Pull Request: https://projects.blender.org/blender/blender/pulls/111660
2023-08-30 10:24:45 +02:00
parent 5894ab2e07
commit f77fdbff8a
1 changed files with 6 additions and 1 deletions
--- a/source/blender/sequencer/intern/effects.cc
+++ b/source/blender/sequencer/intern/effects.cc
@@ -1980,6 +1980,12 @@ static void RVBlurBitmap2_float(float *map, int width, int height, float blur, i
    return;
  }

+  /* If result would be no blurring, early out. */
+  halfWidth = ((quality + 1) * blur);
+  if (halfWidth == 0) {
+    return;
+  }
+
  /* Allocate memory for the temp-map and the blur filter matrix. */
  temp = static_cast<float *>(MEM_mallocN(sizeof(float[4]) * width * height, "blurbitmaptemp"));
  if (!temp) {
@@ -1987,7 +1993,6 @@ static void RVBlurBitmap2_float(float *map, int width, int height, float blur, i
  }

  /* Allocate memory for the filter elements */
-  halfWidth = ((quality + 1) * blur);
  filter = (float *)MEM_mallocN(sizeof(float) * halfWidth * 2, "blurbitmapfilter");
  if (!filter) {
    MEM_freeN(temp);