[FFmpeg-devel] [PATCH] avfilter/avf_showcqt: fix unbounded index when copying to fft_data
Muhammad Faiz
mfcc64 at gmail.com
Thu Jul 3 16:47:58 EEST 2025
When timeclamp and/or fps are low, j can be negative.
Fix Ticket11640
---
libavfilter/avf_showcqt.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavfilter/avf_showcqt.c b/libavfilter/avf_showcqt.c
index 8ff6ecb..8f9b782 100644
--- a/libavfilter/avf_showcqt.c
+++ b/libavfilter/avf_showcqt.c
@@ -1515,7 +1515,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *insamples)
i = insamples->nb_samples - remaining;
j = s->fft_len/2 + s->remaining_fill_max - s->remaining_fill;
if (remaining >= s->remaining_fill) {
- for (m = 0; m < s->remaining_fill; m++) {
+ for (m = FFMAX(0, -j); m < s->remaining_fill; m++) {
s->fft_data[j+m].re = audio_data[2*(i+m)];
s->fft_data[j+m].im = audio_data[2*(i+m)+1];
}
@@ -1544,7 +1544,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *insamples)
s->fft_data[m] = s->fft_data[m+step];
s->remaining_fill = step;
} else {
- for (m = 0; m < remaining; m++) {
+ for (m = FFMAX(0, -j); m < remaining; m++) {
s->fft_data[j+m].re = audio_data[2*(i+m)];
s->fft_data[j+m].im = audio_data[2*(i+m)+1];
}
--
2.43.0
More information about the ffmpeg-devel
mailing list