From ab0b268bb78ccd5ba4411594ae74a368ad2186e1 Mon Sep 17 00:00:00 2001
From: Paul B Mahol <onemda@gmail.com>
Date: Fri, 11 Oct 2019 12:42:13 +0200
Subject: [PATCH] avfilter/vf_bitplanenoise: fix overreads

Fixes #8244

(cherry picked from commit 0b567238741854b41f84f7457686b044eadfe29c)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
---
 libavfilter/vf_bitplanenoise.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavfilter/vf_bitplanenoise.c b/libavfilter/vf_bitplanenoise.c
index de278bc22a..a81c5786bb 100644
--- a/libavfilter/vf_bitplanenoise.c
+++ b/libavfilter/vf_bitplanenoise.c
@@ -123,7 +123,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
 
     if (s->depth <= 8) {
         for (plane = 0; plane < s->nb_planes; plane++) {
-            const int linesize = in->linesize[plane];
+            const int linesize = s->planeheight[plane] > 1 ? in->linesize[plane] : 0;
             const int dlinesize = out->linesize[plane];
             uint8_t *val = in->data[plane];
             uint8_t *dst = s->filter ? out->data[plane]: NULL;
@@ -152,7 +152,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
         }
     } else {
         for (plane = 0; plane < s->nb_planes; plane++) {
-            const int linesize = in->linesize[plane] / 2;
+            const int linesize = s->planeheight[plane] > 1 ? in->linesize[plane] / 2 : 0;
             const int dlinesize = out->linesize[plane] / 2;
             uint16_t *val = (uint16_t *)in->data[plane];
             uint16_t *dst = s->filter ? (uint16_t *)out->data[plane] : NULL;