| Message ID | 20200908211856.16290-4-andreas.rheinhardt@gmail.com |
|---|---|
| State | Accepted |
| Commit | 7b74e02ef2d0099a2e1f1d1cefc1fce2e041f618 |
| Headers | show |
| Series | [FFmpeg-devel,01/25] avfilter/af_headphone: Don't use uninitialized buffer in log message | expand |
| Context | Check | Description |
|---|---|---|
| andriy/default | pending | |
| andriy/make | success | Make finished |
| andriy/make_fate | success | Make fate finished |
On Tue, Sep 08, 2020 at 11:18:35PM +0200, Andreas Rheinhardt wrote: > When the headphone filter does its processing in the time domain, > the lengths of the buffers involved are determined by three parameters, > only two of which are relevant here: ir_len and air_len. The former is > the length (in samples) of the longest HRIR input stream and the latter > is the smallest power-of-two bigger than ir_len. > > Using optimized functions to calculate the convolution places > restrictions on the alignment of the length of the vectors whose scalar > product is calculated. Therefore said length, namely ir_len, is aligned > on 32; but the number of elements of the buffers used is given by air_len > and for ir_len < 16 a buffer overflow happens. > > This commit fixes this by ensuring that air_len is always >= 32 if > processing happens in the time domain. > > Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> > --- > libavfilter/af_headphone.c | 3 +++ > 1 file changed, 3 insertions(+) > LGTM
diff --git a/libavfilter/af_headphone.c b/libavfilter/af_headphone.c index f488e0e28d..54b5dfec4c 100644 --- a/libavfilter/af_headphone.c +++ b/libavfilter/af_headphone.c @@ -405,6 +405,9 @@ static int convert_coeffs(AVFilterContext *ctx, AVFilterLink *inlink) int i, j, k; s->air_len = 1 << (32 - ff_clz(ir_len)); + if (s->type == TIME_DOMAIN) { + s->air_len = FFALIGN(s->air_len, 32); + } s->buffer_length = 1 << (32 - ff_clz(s->air_len)); s->n_fft = n_fft = 1 << (32 - ff_clz(ir_len + s->size));
When the headphone filter does its processing in the time domain, the lengths of the buffers involved are determined by three parameters, only two of which are relevant here: ir_len and air_len. The former is the length (in samples) of the longest HRIR input stream and the latter is the smallest power-of-two bigger than ir_len. Using optimized functions to calculate the convolution places restrictions on the alignment of the length of the vectors whose scalar product is calculated. Therefore said length, namely ir_len, is aligned on 32; but the number of elements of the buffers used is given by air_len and for ir_len < 16 a buffer overflow happens. This commit fixes this by ensuring that air_len is always >= 32 if processing happens in the time domain. Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com> --- libavfilter/af_headphone.c | 3 +++ 1 file changed, 3 insertions(+)