[FFmpeg-devel] [libav-devel] [PATCH] opusdec: Don't run vector_fmul_scalar on zero length arrays
Michael Niedermayer
michael at niedermayer.cc
Tue Oct 27 02:57:07 CET 2015
On Mon, Oct 26, 2015 at 11:09:44PM +0000, Kieran Kunhya wrote:
> On 26 October 2015 at 22:48, Hendrik Leppkes <h.leppkes at gmail.com> wrote:
> > On Mon, Oct 26, 2015 at 11:29 PM, Kieran Kunhya <kierank at obe.tv> wrote:
> >> From a1314d5c9774d555718bbc0a8612144c890bbc59 Mon Sep 17 00:00:00 2001
> >> From: Kieran Kunhya <kierank at obe.tv>
> >> Date: Mon, 26 Oct 2015 22:26:35 +0000
> >> Subject: [PATCH] opusdec: Don't run vector_fmul_scalar on zero length arrays
> >>
> >> Fixes crashes on fuzzed files
> >>
> >> ---
> >> libavcodec/opusdec.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/libavcodec/opusdec.c b/libavcodec/opusdec.c
> >> index acae6e1..03dd872 100644
> >> --- a/libavcodec/opusdec.c
> >> +++ b/libavcodec/opusdec.c
> >> @@ -587,7 +587,7 @@ static int opus_decode_packet(AVCodecContext
> >> *avctx, void *data,
> >> memset(frame->extended_data[i], 0, frame->linesize[0]);
> >> }
> >>
> >> - if (c->gain_i) {
> >> + if (c->gain_i && decoded_samples >= 8) {
> >> c->fdsp.vector_fmul_scalar((float*)frame->extended_data[i],
> >> (float*)frame->extended_data[i],
> >> c->gain, FFALIGN(decoded_samples, 8));
> >
> >> 0 might be less arbitrary.
>
> New version:
>
> From 25edf86e35773d419b4bcc7aeeb7b96d0f1ef958 Mon Sep 17 00:00:00 2001
> From: Kieran Kunhya <kierank at obe.tv>
> Date: Mon, 26 Oct 2015 23:08:31 +0000
> Subject: [PATCH] opusdec: Don't run vector_fmul_scalar on zero length arrays
>
> Fixes crashes on fuzzed files
> ---
> libavcodec/opusdec.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavcodec/opusdec.c b/libavcodec/opusdec.c
> index acae6e1..93c72c3 100644
> --- a/libavcodec/opusdec.c
> +++ b/libavcodec/opusdec.c
> @@ -587,7 +587,7 @@ static int opus_decode_packet(AVCodecContext
> *avctx, void *data,
> memset(frame->extended_data[i], 0, frame->linesize[0]);
> }
>
> - if (c->gain_i) {
> + if (c->gain_i && decoded_samples > 0) {
applied
thanks
PS: the >0 isnt needed but does no harm and maybe its more
robust in the future ...
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The educated differ from the uneducated as much as the living from the
dead. -- Aristotle
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151027/731b4932/attachment.sig>
More information about the ffmpeg-devel
mailing list