[FFmpeg-devel] [PATCH] avcodec/speexdec: limit max frame_size

slbtty shenlebantongying at gmail.com
Wed Jan 29 04:12:04 EET 2025 

Still not 100% certain about the reason, 
but this works for both #11054 and #11078.

The max value of s->mode is 2 which means ultra wide band?

---
 libavcodec/speexdec.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
index d25823ef6e..a95d9890d8 100644
--- a/libavcodec/speexdec.c
+++ b/libavcodec/speexdec.c
@@ -1425,7 +1425,9 @@ static int parse_speex_extradata(AVCodecContext *avctx,
     if (s->frame_size < NB_FRAME_SIZE << (s->mode > 0) ||
         s->frame_size >     INT32_MAX >> (s->mode > 0))
         return AVERROR_INVALIDDATA;
-    s->frame_size <<= (s->mode > 0);
+    if (s->mode >= 2)
+        s->frame_size *= 2;
+    s->frame_size = FFMIN(640, s->frame_size);
     s->vbr = bytestream_get_le32(&buf);
     s->frames_per_packet = bytestream_get_le32(&buf);
     if (s->frames_per_packet <= 0 ||
-- 
2.48.1


> On Jan 28, 2025, at 8:31 PM, slbtty <shenlebantongying at gmail.com> wrote:
> 
> Correction: this fix the sample from #11054 but not #11078.
> 
> Still trying to figure out why.
> 
> 
>> On Jan 28, 2025, at 8:21 PM, shenleban tongying <shenlebantongying at gmail.com> wrote:
>> 
>> The max frame_size for speex format is 32000 Hz * 20 ms / 1000 ms = 640
>> 
>> close #11054 and #11078
>> 
>> Signed-off-by: shenleban tongying <shenlebantongying at gmail.com>
>> ---
>> libavcodec/speexdec.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>> 
>> diff --git a/libavcodec/speexdec.c b/libavcodec/speexdec.c
>> index d25823ef6e..555012a343 100644
>> --- a/libavcodec/speexdec.c
>> +++ b/libavcodec/speexdec.c
>> @@ -1425,7 +1425,7 @@ static int parse_speex_extradata(AVCodecContext *avctx,
>>   if (s->frame_size < NB_FRAME_SIZE << (s->mode > 0) ||
>>       s->frame_size >     INT32_MAX >> (s->mode > 0))
>>       return AVERROR_INVALIDDATA;
>> -    s->frame_size <<= (s->mode > 0);
>> +    s->frame_size = FFMIN(640, s->frame_size << (s->mode > 0));
>>   s->vbr = bytestream_get_le32(&buf);
>>   s->frames_per_packet = bytestream_get_le32(&buf);
>>   if (s->frames_per_packet <= 0 ||
>> -- 
>> 2.48.1
>> 
>

More information about the ffmpeg-devel mailing list