From 988873974fb9ed0750ace9601786673d267c5f3d Mon Sep 17 00:00:00 2001
From: starfish <zhangshaoyuanzsy@163.com>
Date: Tue, 22 Jun 2021 03:50:12 +0000
Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8DCVE-2020-22025=E6=BC=8F?=
 =?UTF-8?q?=E6=B4=9E=E5=A4=84=E7=90=86?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 ffmpeg-y/libavfilter/vf_edgedetect.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/ffmpeg-y/libavfilter/vf_edgedetect.c b/ffmpeg-y/libavfilter/vf_edgedetect.c
index a0ddcbbf5c..0bc46adf54 100755
--- a/ffmpeg-y/libavfilter/vf_edgedetect.c
+++ b/ffmpeg-y/libavfilter/vf_edgedetect.c
@@ -150,7 +150,10 @@ static void gaussian_blur(AVFilterContext *ctx, int w, int h,
     int i, j;
 
     memcpy(dst, src, w); dst += dst_linesize; src += src_linesize;
-    memcpy(dst, src, w); dst += dst_linesize; src += src_linesize;
+    // mod begin: fix CVE-2020-22025
+    if (h > 1)
+        memcpy(dst, src, w); dst += dst_linesize; src += src_linesize;
+    // mod end
     for (j = 2; j < h - 2; j++) {
         dst[0] = src[0];
         dst[1] = src[1];
@@ -180,8 +183,12 @@ static void gaussian_blur(AVFilterContext *ctx, int w, int h,
         dst += dst_linesize;
         src += src_linesize;
     }
-    memcpy(dst, src, w); dst += dst_linesize; src += src_linesize;
-    memcpy(dst, src, w);
+    // mod begin: fix CVE-2020-22025
+    if (h > 2)
+        memcpy(dst, src, w); dst += dst_linesize; src += src_linesize;
+    if (h > 3)
+        memcpy(dst, src, w);
+    // mod end
 }
 
 enum {
-- 
Gitee