[FFmpeg-devel] [PATCH] Fix for possible buffer overflow.

[FFmpeg-devel] [PATCH] Fix for possible buffer overflow.

[AlexisWilke]

If it is true that the (index + c) can be larger than s->limiter_buf_size
then the overflow potential has to be handled in the previous two statements.

Signed-off-by: AlexisWilke <alexis@m2osw.com>
---
 libavfilter/af_loudnorm.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/libavfilter/af_loudnorm.c b/libavfilter/af_loudnorm.c
index dbe7fba986..9e6a830a56 100644
--- a/libavfilter/af_loudnorm.c
+++ b/libavfilter/af_loudnorm.c
@@ -206,10 +206,11 @@ static void detect_peak(LoudNormContext *s, int offset, int nb_samples, int chan
                     continue;
 
                 for (c = 0; c < channels; c++) {
-                    if (c == 0 || fabs(buf[index + c]) > max_peak)
-                        max_peak = fabs(buf[index + c]);
+                    int idx((index + c) < s->limiter_buf_size ? (index + c) : (index + c - s->limiter_buf_size));
+                    if (c == 0 || fabs(buf[idx]) > max_peak)
+                        max_peak = fabs(buf[idx]);
 
-                    s->prev_smp[c] = fabs(buf[(index + c) < s->limiter_buf_size ? (index + c) : (index + c - s->limiter_buf_size)]);
+                    s->prev_smp[c] = fabs(buf[idx]);
                 }
 
                 *peak_delta = n;
-- 
2.17.1

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

Re: [FFmpeg-devel] [PATCH] Fix for possible buffer overflow.

[Michael Niedermayer]

[-- Attachment #1.1: Type: text/plain, Size: 1212 bytes --]

On Wed, Jan 05, 2022 at 04:26:09PM -0800, AlexisWilke wrote:
> If it is true that the (index + c) can be larger than s->limiter_buf_size
> then the overflow potential has to be handled in the previous two statements.
> 
> Signed-off-by: AlexisWilke <alexis@m2osw.com>
> ---
>  libavfilter/af_loudnorm.c | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/libavfilter/af_loudnorm.c b/libavfilter/af_loudnorm.c
> index dbe7fba986..9e6a830a56 100644
> --- a/libavfilter/af_loudnorm.c
> +++ b/libavfilter/af_loudnorm.c
> @@ -206,10 +206,11 @@ static void detect_peak(LoudNormContext *s, int offset, int nb_samples, int chan
>                      continue;
>  
>                  for (c = 0; c < channels; c++) {
> -                    if (c == 0 || fabs(buf[index + c]) > max_peak)
> -                        max_peak = fabs(buf[index + c]);

> +                    int idx((index + c) < s->limiter_buf_size ? (index + c) : (index + c - s->limiter_buf_size));

which compiler did build this successfully ?


[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

No snowflake in an avalanche ever feels responsible. -- Voltaire

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".