[FFmpeg-devel] [PATCH] avfilter/avf_showcqt: fix unbounded index when copying to fft_data
Muhammad Faiz
mfcc64 at gmail.com
Fri Aug 8 02:23:39 EEST 2025
On Thu, Jul 3, 2025 at 8:48 PM Muhammad Faiz <mfcc64 at gmail.com> wrote:
> When timeclamp and/or fps are low, j can be negative.
>
> Fix Ticket11640
> ---
> libavfilter/avf_showcqt.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/libavfilter/avf_showcqt.c b/libavfilter/avf_showcqt.c
> index 8ff6ecb..8f9b782 100644
> --- a/libavfilter/avf_showcqt.c
> +++ b/libavfilter/avf_showcqt.c
> @@ -1515,7 +1515,7 @@ static int filter_frame(AVFilterLink *inlink,
> AVFrame *insamples)
> i = insamples->nb_samples - remaining;
> j = s->fft_len/2 + s->remaining_fill_max - s->remaining_fill;
> if (remaining >= s->remaining_fill) {
> - for (m = 0; m < s->remaining_fill; m++) {
> + for (m = FFMAX(0, -j); m < s->remaining_fill; m++) {
> s->fft_data[j+m].re = audio_data[2*(i+m)];
> s->fft_data[j+m].im = audio_data[2*(i+m)+1];
> }
> @@ -1544,7 +1544,7 @@ static int filter_frame(AVFilterLink *inlink,
> AVFrame *insamples)
> s->fft_data[m] = s->fft_data[m+step];
> s->remaining_fill = step;
> } else {
> - for (m = 0; m < remaining; m++) {
> + for (m = FFMAX(0, -j); m < remaining; m++) {
> s->fft_data[j+m].re = audio_data[2*(i+m)];
> s->fft_data[j+m].im = audio_data[2*(i+m)+1];
> }
> --
> 2.43.0
>
>
Ping
More information about the ffmpeg-devel
mailing list