From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 1DF6F426AA for ; Thu, 6 Jan 2022 09:06:00 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id E013668AAE6; Thu, 6 Jan 2022 11:05:58 +0200 (EET) Received: from relay4-d.mail.gandi.net (relay4-d.mail.gandi.net [217.70.183.196]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id CF53868A987 for ; Thu, 6 Jan 2022 11:05:52 +0200 (EET) Received: from localhost (213-47-68-29.cable.dynamic.surfer.at [213.47.68.29]) (Authenticated sender: michael@niedermayer.cc) by relay4-d.mail.gandi.net (Postfix) with ESMTPSA id 0665BE000A for ; Thu, 6 Jan 2022 09:05:51 +0000 (UTC) Date: Thu, 6 Jan 2022 10:05:51 +0100 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20220106090551.GY2829255@pb2> References: <20220106004341.C06AC3F170@m2osw.com> MIME-Version: 1.0 In-Reply-To: <20220106004341.C06AC3F170@m2osw.com> Subject: Re: [FFmpeg-devel] [PATCH] Fix for possible buffer overflow. X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============4965754105370231341==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============4965754105370231341== Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="yna8S8U+TJvS0Ocq" Content-Disposition: inline --yna8S8U+TJvS0Ocq Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 05, 2022 at 04:26:09PM -0800, AlexisWilke wrote: > If it is true that the (index + c) can be larger than s->limiter_buf_size > then the overflow potential has to be handled in the previous two stateme= nts. >=20 > Signed-off-by: AlexisWilke > --- > libavfilter/af_loudnorm.c | 7 ++++--- > 1 file changed, 4 insertions(+), 3 deletions(-) >=20 > diff --git a/libavfilter/af_loudnorm.c b/libavfilter/af_loudnorm.c > index dbe7fba986..9e6a830a56 100644 > --- a/libavfilter/af_loudnorm.c > +++ b/libavfilter/af_loudnorm.c > @@ -206,10 +206,11 @@ static void detect_peak(LoudNormContext *s, int off= set, int nb_samples, int chan > continue; > =20 > for (c =3D 0; c < channels; c++) { > - if (c =3D=3D 0 || fabs(buf[index + c]) > max_peak) > - max_peak =3D fabs(buf[index + c]); > + int idx((index + c) < s->limiter_buf_size ? (index += c) : (index + c - s->limiter_buf_size)); which compiler did build this successfully ? [...] --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB No snowflake in an avalanche ever feels responsible. -- Voltaire --yna8S8U+TJvS0Ocq Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEIAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCYdaw6wAKCRBhHseHBAsP q610AJ9rzjqnTW7Yny0GSzzcu90IYgXR6gCfTAn6KESH/3/AHhAs6bU5DvQCyT0= =B3Ad -----END PGP SIGNATURE----- --yna8S8U+TJvS0Ocq-- --===============4965754105370231341== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============4965754105370231341==--