Message ID | 20231222214502.24596-1-michael@niedermayer.cc |
---|---|
State | Accepted |
Commit | a88b06f9ee8c88f78bdd614fc25283225223e858 |
Headers | show |
Series | [FFmpeg-devel,1/4] avfilter/af_alimiter: Check nextpos before use | expand |
Context | Check | Description |
---|---|---|
yinshiyou/make_loongarch64 | success | Make finished |
yinshiyou/make_fate_loongarch64 | success | Make fate finished |
andriy/make_x86 | success | Make finished |
andriy/make_fate_x86 | success | Make fate finished |
On Fri, Dec 22, 2023 at 10:44:59PM +0100, Michael Niedermayer wrote: > Fixes: out of array read > Fixes: tickets/10744/poc11ffmpeg > > Found-by: Li Zeyuan and Zeng Yunxiang. > Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> > --- > libavfilter/af_alimiter.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) will apply patchset so the fixes are included in 6.1.1 thx [...]
diff --git a/libavfilter/af_alimiter.c b/libavfilter/af_alimiter.c index f08893229de..9a867047643 100644 --- a/libavfilter/af_alimiter.c +++ b/libavfilter/af_alimiter.c @@ -195,9 +195,10 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in) int j = i % buffer_size; double ppeak = 0, pdelta; - for (c = 0; c < channels; c++) { - ppeak = FFMAX(ppeak, fabs(buffer[nextpos[j] + c])); - } + if (nextpos[j] >= 0) + for (c = 0; c < channels; c++) { + ppeak = FFMAX(ppeak, fabs(buffer[nextpos[j] + c])); + } pdelta = (limit / peak - limit / ppeak) / (((buffer_size - nextpos[j] + s->pos) % buffer_size) / channels); if (pdelta < nextdelta[j]) { nextdelta[j] = pdelta;
Fixes: out of array read Fixes: tickets/10744/poc11ffmpeg Found-by: Li Zeyuan and Zeng Yunxiang. Signed-off-by: Michael Niedermayer <michael@niedermayer.cc> --- libavfilter/af_alimiter.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)