Segfault when calling sws_scale

[Felix Kaaman]

Summary of the bug:

Segfault occurs when calling sws_scale on a 360x640 YUV420p image to a 360x640 BGR24 image.

Found after having upgraded to 4.3.1 from 3.14.

How to reproduce:

I've rewritten doc/examples/video_scaling.c to a minimal example of the issue:

#include <libavutil/imgutils.h>
#include <libavutil/parseutils.h>
#include <libswscale/swscale.h>

int main(int argc, char **argv)
{
    uint8_t *src_data[4], *dst_data[4];
    int src_linesize[4], dst_linesize[4];
    int src_w = 360, src_h = 640, dst_w = 360, dst_h = 640;
    enum AVPixelFormat src_pix_fmt = AV_PIX_FMT_YUV420P, dst_pix_fmt = AV_PIX_FMT_RGB24;
    struct SwsContext *sws_ctx;
    int i, ret;

    /* create scaling context */
    sws_ctx = sws_getContext(src_w, src_h, src_pix_fmt,
                             dst_w, dst_h, dst_pix_fmt,
                             SWS_BILINEAR, NULL, NULL, NULL);
    if (!sws_ctx) {
        ret = AVERROR(EINVAL);
        goto end;
    }

    /* allocate source and destination image buffers */
    if ((ret = av_image_alloc(src_data, src_linesize,
                              src_w, src_h, src_pix_fmt, 16)) < 0) {
        goto end;
    }

    /* buffer is going to be written to rawvideo file, no alignment */
    if ((ret = av_image_alloc(dst_data, dst_linesize,
                              dst_w, dst_h, dst_pix_fmt, 1)) < 0) {
        goto end;
    }

    for (i = 0; i < 100; i++) {
        sws_scale(sws_ctx, (const uint8_t * const*)src_data,
                  src_linesize, 0, src_h, dst_data, dst_linesize);
    }

end:
    av_freep(&src_data[0]);
    av_freep(&dst_data[0]);
    sws_freeContext(sws_ctx);
    return ret < 0;
}

[Felix Kaaman]

gdb session

[Felix Kaaman]

valgrind session

[Elon Musk]

In both calls to swscale proper aligned is required. thus report is invalid.
But code should make sure that it is properly aligned.