[FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
Michael Niedermayer
michael at niedermayer.cc
Wed Jul 10 19:19:15 EEST 2024
On Tue, Jul 09, 2024 at 02:41:16PM +0200, epirat07 at gmail.com wrote:
>
>
> On 6 Jul 2024, at 11:26, Stefano Sabatini wrote:
>
> > On date Tuesday 2024-07-02 20:38:00 +0200, Marvin Scholz wrote:
> >> An incorrect calculation in ff_perlin_init causes a write to the
> >> stack array at index 256, which is out of bounds.
> >>
> >> Fixes: CID1608711
> >> ---
> >> libavfilter/perlin.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
> >> index 09bae7ad33..ffad8c1e4e 100644
> >> --- a/libavfilter/perlin.c
> >> +++ b/libavfilter/perlin.c
> >> @@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
> >> for (i = 0; i < 256; i++) {
> >> unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
> >> uint8_t random_val = random_permutations[random_idx];
> >> - random_permutations[random_idx] = random_permutations[256-i];
> >> + random_permutations[random_idx] = random_permutations[255-i];
> >>
> >> perlin->permutations[i] = perlin->permutations[i+256] = random_val;
> >> }
> >
> > Looks good, thanks.
>
> Please push then, I do not have commit access.
applied
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Awnsering whenever a program halts or runs forever is
On a turing machine, in general impossible (turings halting problem).
On any real computer, always possible as a real computer has a finite number
of states N, and will either halt in less than N cycles or never halt.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240710/33932810/attachment.sig>
More information about the ffmpeg-devel
mailing list