From c89ebf8bf10bf901078db95255d0c728e7a6310b Mon Sep 17 00:00:00 2001
From: Joose Sainio <joose.sainio@tuni.fi>
Date: Thu, 15 Dec 2022 13:12:42 +0200
Subject: [PATCH] [cclm] Fix heap corruption for non 64 divisible frames

---
 src/search.c     | 2 +-
 src/videoframe.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/search.c b/src/search.c
index 8ebc9280..dee9bbbe 100644
--- a/src/search.c
+++ b/src/search.c
@@ -450,7 +450,7 @@ static void downsample_cclm_rec(encoder_state_t *state, int x, int y, int width,
   if((y + height * 2) % 64 == 0) {
     int line = y / 64 * stride2 / 2;
     y_rec -= LCU_WIDTH;
-    for (int i = 0; i < width; ++i) {
+    for (int i = 0; i < width && i + x < stride2 / 2; ++i) {
       int s = 2;
       s += y_rec[i * 2] * 2;
       s += y_rec[i * 2 + 1];
diff --git a/src/videoframe.c b/src/videoframe.c
index f5a4d8af..e9a43dc1 100644
--- a/src/videoframe.c
+++ b/src/videoframe.c
@@ -61,7 +61,7 @@ videoframe_t * uvg_videoframe_alloc(int32_t width,
     frame->sao_chroma = MALLOC(sao_info_t, frame->width_in_lcu * frame->height_in_lcu);
     if (cclm) {
       assert(chroma_format == UVG_CSP_420);
-      frame->cclm_luma_rec = MALLOC(uvg_pixel, (((width + 7) & ~7) + FRAME_PADDING_LUMA) * (((height + 7) & ~7) + FRAME_PADDING_LUMA) / 4);
+      frame->cclm_luma_rec = MALLOC(uvg_pixel, (((width + 7) & ~7) + FRAME_PADDING_LUMA) * (((height + 15) & ~7) + FRAME_PADDING_LUMA) / 4);
       frame->cclm_luma_rec_top_line = MALLOC(uvg_pixel, (((width + 7) & ~7) + FRAME_PADDING_LUMA) / 2 * CEILDIV(height, 64));
     }
   }