From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 38CAD49A96 for ; Tue, 27 Feb 2024 18:37:28 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id D079E68CCDC; Tue, 27 Feb 2024 20:37:25 +0200 (EET) Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05olkn2059.outbound.protection.outlook.com [40.92.91.59]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 7723168CB95 for ; Tue, 27 Feb 2024 20:37:19 +0200 (EET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=l3o8AXAzPVGf0K1l+2ccJ2QnqfxCk8CHSEljy7gbtxQ1S5kZPSA2R8kY20EysUk2Vyf06L5bWpV/DtZb792yJWnj/eLqPt5OLk1OsMANlWiM8iFO805pbdRIYR0hJNfrKziyJOXUG+L96fYG3oHq8o6EglPAnQBc9FJEakeeBqw+Qt47anRd5Wjbv4tfqTmdcSkiZ7qGQLamOMWoyfwB9O5NoQzlDazIzg8Q2HTwdvbd4fRXxUXu1QDezZ9LKlsL62pvmra8KYBO0bA7s4CJ6qxTHZ0LvL2ORsNJBdsTqJvYvenmL309VuABPNLcloq2ue9pkHzXcTCfdhXnK/aCpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=pi6A2sSnYSDK1etqz3nt5tLFlNm3khqcznLWZoPCQvA=; b=K25vyl8gV7XyL/nOWnlKNha5Lu7huQICJXt4U9pudRzTxoZjnHILqDGct+5obZoReRmsQWyZhGzBMk26gpEKoodb12qEYiKA8n1Ycwg6PUAGa26Zuai8OxazRUfhew+losBmvTddPSw4k1pg+/UcA3OfR5gNCiF80nnpn93xc4B3aMu/kRDlgrVDdQEiXMlqXdHe+aV9MLXKXdeGo9URp9yzlxMpPpvnMXAogZ1VGuBZR4y8ZRulxxOdSW1wp8x8sltPcArsFTKmu+8O8OY6U2L0Hg2dCUdlOJIdNYRfCf3FXDWuYN8f4SagTtaTsgk15suXA2fz/NW3tINCRK8eiw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pi6A2sSnYSDK1etqz3nt5tLFlNm3khqcznLWZoPCQvA=; b=nVCRKnVdy33HPZiEafdciT5MZoqywtDqemfsvDSnSpjjXv8Xouywtaw26PdZMXkygfEz9tsFJkNUPaPzOkZbkYc1VhntZrGI9JSDTPspmS99kNDrmQAoApcVzJ5nizHtjUZRjSD4v25L6X0kdI8tyiOTOMditu3/4aWAH3aDv/89K0FRB5EEK/uSHPX1sc7nD53f/+TRFtFKYa5oCy4f0Gl4l7h4vMnF1tVM2Tqgi/7vPPZWmuUM5wLYhiJIl4cJsjD2g3zPIEkAJtB+IG08ovuWkbfWjMfnYUxXM7s2IJfGvM4QkQCzoxsINWzrhfq/Fd5vkw5kmuQ7xEECkRlCZw== Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) by AM8P250MB0296.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:32b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.36; Tue, 27 Feb 2024 18:37:17 +0000 Received: from AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d]) by AS8P250MB0744.EURP250.PROD.OUTLOOK.COM ([fe80::65aa:deb0:a18e:d48d%5]) with mapi id 15.20.7316.023; Tue, 27 Feb 2024 18:37:17 +0000 Message-ID: Date: Tue, 27 Feb 2024 19:39:16 +0100 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240225184429.2962707-1-gseanmcg@gmail.com> <20240225184429.2962707-2-gseanmcg@gmail.com> Content-Language: en-US From: Andreas Rheinhardt In-Reply-To: <20240225184429.2962707-2-gseanmcg@gmail.com> X-TMN: [El5dHRAnirgPOyI3XaQFmkKfDiEQx7RyRcYtW/N5Wes=] X-ClientProxiedBy: ZR0P278CA0114.CHEP278.PROD.OUTLOOK.COM (2603:10a6:910:20::11) To AS8P250MB0744.EURP250.PROD.OUTLOOK.COM (2603:10a6:20b:541::14) X-Microsoft-Original-Message-ID: <92039284-f951-4e3f-9da6-6f89a04deb3e@outlook.com> MIME-Version: 1.0 X-MS-Exchange-MessageSentRepresentingType: 1 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: AS8P250MB0744:EE_|AM8P250MB0296:EE_ X-MS-Office365-Filtering-Correlation-Id: ea82f7ce-c07c-42af-f0e0-08dc37c31ffb X-MS-Exchange-SLBlob-MailProps: 9IecXKUgicD587NGnUzrlKvAP7Ji4A2CRLyERqYKe/xmAXfdPYC9KesJirSIoRuGbYUWlnGZFtQa4LewpCzYsDGYRbRi0AqfP5fvw76fdWo2jipZSbUQP9F3825NJl3TIf5qkfNoXw6ENLa8p9ytEjS0mZIxmSLHrVPG9tTFhiQc8qlFfADaR6t1dVB0iu0Y90X3KiV3RSof2BiP79eA7hUz4jty3EEpNnGrm8kYp5Iq5jUDK/QRdc+Pe25TtzqvSrRD9w8vbHCeZEJ9TDqFJO56tfgaNcVXb3vW/poGJnGNK79OGNC/Y9cJaUTLgN9IsMtwHEzIKlNyC6D1AkonyO33myICsnKXqMDFFET+jgTZ5dKE8Vj82gP7f7HxYHQyP9bu7GNSfa+vGVAzpAPa5Z1PsPTG1Wu9JpcDnBYkHYOfZsCZc551dtCUrwx++DWqxpSgDATsoZRBNYa0pGH500miaL4cbVaUut6LV0DgwE+TkVx4/WNqwI8xHrs+sbzMq4LSFQGp8WP58SRIlMHRnygGFNp0UUznzMj7dvW/4caDuJhycyJlGbLzWYuwQDaVlRclfLmipkaczvSYdjY5rcY3LUj14jS56IJFnfZibYPKsdjzN9szoxyicdOkKWdszPoBHPI46Y58s9OLvfOjtnNPrAQPAxjH/9/TZqW/Az4R2LKkzBWaDQxhj2PqhwUawhGF0n7LCo+7Kiv4ZfPTtAk4sJZvP7gA007gYQ9TzDY7Iay0b9QTug== X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: cllzo/AhP8PXtpv92GdhmyMLu6UZIvlaosboCoH+ArOvkXN24/rHIdgi+UX4VbBV8pRvinRh30pIqVj0fcSlCm/SWPlELNf6dsYHVxhoUiHAKsF8xE2BW6e70sVCtnXSBiAkspekRTWmqwaP+Ge3FUYdAQcM4gMP8HawdArbHJNhUJXDQiZvab8+JYPHfsUm78L0NchOAek5E3ro3EYp0i9JHt13SKQ8YHvgme+99HlFxK8Uk2TAz7nofPDBYDRN/j042we23gxYvIpquBYkWk9woG3dNp0hXaGFByiWIOEQZRc//5qGx7M5bLDY8qYZWwVo95DIKBZMrkZLeJIXKddvtG74qHjqrRq3tqXcTxtpliTHLAPlq3nqmsijrpP/ioCkKGmkzqtTRZw83K6tsQaV1ZFxdOAlx1oYtwMEta4Ab1ydePpK/vxOC4E38cwaSB/ld7m/CS/UajYCdDGqja1kgjgL5FyV6IS2xb3Jc02qOZno2wVERFMHrtDMUYz1xyUaj2L8lUDe4YHYo59FGyFlIRW/bP7E32VC6G1nJt8w3UHpw9DSq/U15WjzKIW2 X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?T3M2RGZrR0xuSTJJYkVIcnZRUHc4ZHFpT3QwUi9rUm9iaW1zV00yN2ZXd2Qy?= =?utf-8?B?Q2daQTlWaXp6dkZ0U2NzM1h6UFFiaXJxUlR3TXRzcFJMVDdMQTZHQzJ1S1FQ?= =?utf-8?B?NFBFdnh1R2pjdzA3L1dhWjViSzB4SUNHeVRRaHBqUFg2S0l2b09JZjJHSmE3?= =?utf-8?B?Q2NOQ0d0QnBGcWZXZTdXT1dyQ0o5L1NhemdLc1BiTmVZK1VVQUk5NmF6ZGdu?= =?utf-8?B?Z3FKOTJxc1ZHVWQxT3lUanh2YWJ0TCtpQzdlQUJwNVJqRmdzSkJpVUVFbXM1?= =?utf-8?B?Nnc2QjlsN1RPVFMyMTZhZkVkV3hIMkxIVmRXRTgra2RsVWVhUzVLY3pXelNH?= =?utf-8?B?bVBCNHJuMXkyZnJIdmN5UnlTQ1daQVdCbmw3VFB2SnkzbUszTWxjbDdpUUVO?= =?utf-8?B?WTErSTQzRGZBdjN3U1EzVjAvcnJ5UTlzRXVFejBYT1RKRzFGUjRqZkFJRlQz?= =?utf-8?B?VWxpT21RQkxSTEdKaDAyM0M1T2d0bDZYMkhINEthZEZJcWF6OHFEQVhGa1cv?= =?utf-8?B?Uno2ZEZINkl0ZUZIdDNQOWZuZzc3dVNZaXNhOWErSFBsUWZyZ2praGhpRXpu?= =?utf-8?B?UVoxWFBPNjdqNldTYysrWk1sVG1LRDBEU0dSb3R3MEpJTjc4NzBHMGN1ZWgx?= =?utf-8?B?b0JSSCtrekRLNmdYdEZUL3pnUlFnNDNmUDlTUzR4RDYzbmYzeEg4SjVTYXFO?= =?utf-8?B?N2FkWW40MXZhVG4rc01Od05ILzd5SStXZElDd3cxWlpBUzFOckc5U3N4L1Ur?= =?utf-8?B?UEw1ZHZCQ2UvWnNjMUJSSE9ZR3VKem41OVQ3dE9jNTBnTm96cHluNjRuV0Yr?= =?utf-8?B?blFOVitlNUpKMG5TYWp0R0JEMk9rT1ZLYlh1U1FVOFNuZXV2bmtHODVKcWhM?= =?utf-8?B?U1hOT3YrUlc5V2JvV2tTOW9uRDJkdEN6MmxDNUxzb2RwNmFLTEtZaWhQK01C?= =?utf-8?B?azBqT25hbUxpVmsrMjdUcmw3dmlqaW9ISENuNngyN0ppQW5QdXphTFFaRkF0?= =?utf-8?B?MkpHWDlycVI5LzBTNXF4S1o3Qy84WlMwdU1VWnVzd0ZORWFCS0p0TjZKU1hE?= =?utf-8?B?UStvenJTVTB6cnJrcGJ5Tys1ZFNzUXNDaW43U05OT2NxNFVoR0hCRGxKbENn?= =?utf-8?B?dmRXVHB0eHlDTitJRUxhZDNOTGtSSDV2VFlDamVqdXlJZUV4QS9ka1daMHND?= =?utf-8?B?c3FBMm1OOFMwTzhOc1IzVjVDSTZUbHRyKzBmblg5K1pBMXhxUWxITit2b0pE?= =?utf-8?B?ZnZJd2ZhbTZQU3QrSU9kbmJSUHR2RDBIRUF6UlZncTlsOTlDYzM5bkMzaW9p?= =?utf-8?B?b2d1M0dEU2gwaW5JaVFIaU5SQUlxNkM2RHBBSlF2cGx2cFJLTWdpS1AzTE9h?= =?utf-8?B?LzVucEVSZjFpTHgwaVgzZUROT3FXZW83ZWtFY28zNDNkSUU2RnhuNjNJdHo4?= =?utf-8?B?WHRhdVQ3RFVUN0xYVFA4bGcvV05tVVBoZlZMUUZPcE80K2JXczFyc1NlWFI2?= =?utf-8?B?VWtCWm9kZUUzU1RucC9CU0RxRmhoQU5sTnBMM25PeWNHQzZJUStYMUpKZ2FF?= =?utf-8?B?YUxJcldCOTJMVDdvd2FCY3E1M0E5OXI1U3NsYUp0a0k2dm9oYWtCeGJWcmg4?= =?utf-8?B?cjg5Y2o4SnRCTDQxRFVmMGJoTjZZQlByYUpPWU5zSTB2eFY1VmwzYU1nUHJD?= =?utf-8?B?T3FDMWxYWG1INFVraDZkK01rbG1wdmJxdzRoMGRnbG5wNWhJaTN4TEdnPT0=?= X-OriginatorOrg: outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ea82f7ce-c07c-42af-f0e0-08dc37c31ffb X-MS-Exchange-CrossTenant-AuthSource: AS8P250MB0744.EURP250.PROD.OUTLOOK.COM X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Feb 2024 18:37:17.7041 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM8P250MB0296 Subject: Re: [FFmpeg-devel] [PATCH 1/1] aacenc_pred: prevent UB in ff_aac_adjust_common_pred() X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: Sean McGovern: > --- > libavcodec/aacenc_pred.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/libavcodec/aacenc_pred.c b/libavcodec/aacenc_pred.c > index f87fcd5a00..d3efade85e 100644 > --- a/libavcodec/aacenc_pred.c > +++ b/libavcodec/aacenc_pred.c > @@ -162,9 +162,11 @@ void ff_aac_adjust_common_pred(AACEncContext *s, ChannelElement *cpe) > sce1->ics.window_sequence[0] == EIGHT_SHORT_SEQUENCE) > return; > > + const int num_swb = FFMIN(sce0->ics.num_swb, sizeof(sce0->ics.prediction_used)); > + > for (w = 0; w < sce0->ics.num_windows; w += sce0->ics.group_len[w]) { > start = 0; > - for (g = 0; g < sce0->ics.num_swb; g++) { > + for (g = 0; g < num_swb; g++) { > int sfb = w*16+g; > int sum = sce0->ics.prediction_used[sfb] + sce1->ics.prediction_used[sfb]; > float ener0 = 0.0f, ener1 = 0.0f, ener01 = 0.0f; As you can see, the actual index used for accesses is w*16 + g and not only g. So I was surprised that your fix fixed the test (as you claim). Digging into the code, num_windows can be either 1 or eight and it is only eight if window_sequence[0] is EIGHT_SHORT_SEQUENCE (see lines 477-488 in aacpsy.c as well as lines 877-897 in aacenc.c). In case window_sequence[0] is EIGHT_SHORT_SEQUENCE, we do not even enter this loop in ff_aac_adjust_common_pred(). This means that the outer loop above is actually not a loop at all and your fix would indeed fix the undefined behaviour. But this also shows that this whole code is a mess. Someone who actually knows it should take a look. Or maybe the grim reaper. Anyway, your fix would lead to a wdeclaration-after-statement warning. - Andreas _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".