From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.ffmpeg.org (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTPS id A6B454E252 for ; Thu, 15 Jan 2026 08:47:35 +0000 (UTC) Authentication-Results: ffbox; dkim=fail (body hash mismatch (got b'cvWCPWIVWdGoNzs0308tnV0jseGbShyLEFYu29UYUeQ=', expected b'ySgoYr6pLS2weR2PrCx6evpCLaoK8fKZb7Rb2YrlZ9w=')) header.d=googlemail.com header.a=rsa-sha256 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ffmpeg.org; i=@ffmpeg.org; q=dns/txt; s=mail; t=1768466841; h=mime-version : references : in-reply-to : date : message-id : to : reply-to : subject : list-id : list-archive : list-archive : list-help : list-owner : list-post : list-subscribe : list-unsubscribe : from : cc : content-type : content-transfer-encoding : from; bh=K5VKvEs8jHUz4yFXMVSmSw7W+bBqe6XaQaEJuw/o6jA=; b=hUP4aLWzON71NVWoqtIPyLIo1RpX9LO6m7Dv/nb/ecKbN9H/MOMhyqM6A2Lg7OVpHgQLS UW0FqzqhxZxOL45JtrOHQ/j2zcx1l8REMhThEV5XkMlxpb9zCcW/zSxGOVlYIxhW1Z1gM8I /UOzFuUBdSE6H6Enxjc+Aoa6R0A9+aObAwQnUrSdY8WL1K1EG0l4Ba4tSDgTtelYwYWHYR7 b7fVNOTgTeBDo4XDh67ce7BFcP1Cngy5+qNdA1FNdg8jIB2Zwzzqtyd8t04iW/7MFc0493u J+UlQEX35Rlf0ouKdL0+SyH722to3s7BiP7VCalep/93i6BABygd8TVjAOXA== Received: from [172.20.0.4] (unknown [172.20.0.4]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTP id 3C3ED690E2B; Thu, 15 Jan 2026 10:47:21 +0200 (EET) ARC-Seal: i=2; cv=pass; a=rsa-sha256; d=ffmpeg.org; s=arc; t=1768466819; b=eBS2cIq/TMebBx47thfQ7BdRaT2smEYzD7/TrUE3l9+b0SNfxLpgIqzopRXO8A2xp5617 Mpwm4driTESQVKMWbR8WaXtVuYT3MKCPpJUOQ5KUoujVVOugiGxolOFvp0tUHB9cZpDjLlM qjGDl7e4jIZyfzF50ZN0T30g0fMMtnuSwfbc+/7f7LrmZiqIVd3EGutvTJbCE9mNjewW/Ty 7oOdjexggQroWakydjcaUdcSW+EXbzLhE73dYF2R1eM5eEPAgFLNi+ndhB79dzDpHLVN5Tl 1KAr9kC2cvzNYQ3rwCDzGb0cmn07+O0O4Ja1zmq8svUFe5LwpFuEoDBwHPQw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=ffmpeg.org; s=arc; t=1768466819; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=cvWCPWIVWdGoNzs0308tnV0jseGbShyLEFYu29UYUeQ=; b=Z/SUtVElEJkxDph/+OzB6hThHWWD9t4ly9HMU2a+c1rqTg5Rob71hShUZaeoQgNn9WddR JecVS9koOj8qUMQe0UTP892uRjZCjS3/7kK7qG3DMqHOa1u0vWlODwbw8wS/Wxzm0npdJ0y 3BHjXAKv4JaYhJWO5CDNccWQb2UzyBMCs9GE6tVQBDHSlKjIdWUvcmBGhuqYufdnMg5yGrR jkOsqTCkVFjMK6ypVhU6BS41gWrqv0vOISJd9idII8llPMb3K/ezBXJJmBqr7cAXcSYmUP6 MdusXn0pVLMMYC2BPuiSQ8oFOUtMyO7M+HH9fVf7U3SIoWkfsxrFni8s5wxA== ARC-Authentication-Results: i=2; ffmpeg.org; dkim=pass header.d=googlemail.com; arc=pass; dmarc=pass header.from=googlemail.com policy.dmarc=quarantine Authentication-Results: ffmpeg.org; dkim=pass header.d=googlemail.com; arc=pass; dmarc=pass (Used From Domain Record) header.from=googlemail.com policy.dmarc=quarantine Received: from mail-yx1-f43.google.com (mail-yx1-f43.google.com [74.125.224.43]) by ffbox0-bg.ffmpeg.org (Postfix) with ESMTPS id 7376E690D9F for ; Thu, 15 Jan 2026 10:46:42 +0200 (EET) Received: by mail-yx1-f43.google.com with SMTP id 956f58d0204a3-64472121ad5so454274d50.0 for ; Thu, 15 Jan 2026 00:46:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768466801; cv=none; d=google.com; s=arc-20240605; b=ELjS0YgEiwC4uWK8Y1w8T+jp2+HdVkd6bVC1dxWYNsNGwDgwqa8+MsjBq1J7Bxk3kp RZAm3ZJx61mqJPg417zjXuopQyMZujzFA18aMrvPJag+ewN8kgDkr1iT74bF/bhnn5BB Plw3sf88NZbjFoKIf4pZojeGkZYkOsN6CVaLUMUliudf5IPeuzlWCbkXBHYnAPrOKwgw 87+H0hVojq6GS9a7JPb8asu7Twd4c4nQr1Wn52vZelrkXokFQ2pGmigjcABkFgFhnMip a4o6If13jfN06G4jXLVxpPSQ0dGNe3IlOix8sHsTJ4zZwLeOHRM143pyJkY+ahkb0vgZ jRwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:dkim-signature; bh=ySgoYr6pLS2weR2PrCx6evpCLaoK8fKZb7Rb2YrlZ9w=; fh=VY5/xFH4wIfPcNK9U0j3NzAjIpShQSuqqOQh04l9OLI=; b=DiQvBobSA3mAdSwVFtTQa/xlk7gMSYkePZgOTccLb5so5v9g9bOU3PLQZ1XDQN054S LPE6CxXWlJMw1GqRmR6N7JmioqhFo9bRP7JcOYrzDx8l+Kr7irzr5m5+FmAX7QNQ1LE6 DyQ6ZW+9N9+didLIy/csiEeCIHfLcFK2h0110c4F6dZOlLbdFkf8n4bZaHiPnmmeGbHD Ym/NZ9Gz52VH5lXvSPlQuS45n2w3zKx1xOfBvtkVZtejsmEzW7Ku0RJaPF2FdSgV4CuE P2fuiqtqcbfE9bnSvaZzYDf2o138TvXMYme1H4HNl3QXVc1gQpzW9vWLjJ9T/gCAw6cK ra2Q==; darn=ffmpeg.org ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20230601; t=1768466801; x=1769071601; darn=ffmpeg.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ySgoYr6pLS2weR2PrCx6evpCLaoK8fKZb7Rb2YrlZ9w=; b=PFzCTmaNru7ZbAHVJLc2mpMn8fmKIOhja7OTnHFALT/euc+qttxmyWrj4ylFC4UCAb tKD30a9WQPC2Wid2Flj+JmAwmicNFVAHlpjs/AdzPlyF8Z9Fe1OFtk1+TJW2PeZ2BTkC vrUkCS8nusyjwlVL2r0Xqnl99K7XLZh/6wFifM9Pin4/deS7iGGcS/NQA2iDqIjit5zh e8dAD4uSVlflNbFChF2n5noSCBwUwa0Y6WBPKaMSGM4ZnwMdSt1eg4j1Jb8QzFgK/GAZ aR93M23cX//tKL3BSimCsk5L4GLRFh5KGpUQxddiqwqSmKJRybLLSZLU/d+8sxoAavmX 1xkw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1768466801; x=1769071601; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=ySgoYr6pLS2weR2PrCx6evpCLaoK8fKZb7Rb2YrlZ9w=; b=b5V/u5ijHwypMLPOXv7+Nb59NMc/tUkU+bN8D/NLndBfYgiY9X+ZOd8lFQiWfcTadY pKqk40tfXuayqsFwOvtmc2eWhi5+2AABamXUO5u/NhPKPRFjzMJa9lSYltEEN8GRYvQB hfy4Kwf9GMdKxIKqZDOhBRd83RpGTv8OrhgEu9sRlyX87GgKVZOCAHouOXlpKa2zOQhU DFtbRZI5wehk7gwE1Tk3I2QDCa/Ne9P3y1x8uOdO9y6egleYD2iiVnS2Xg1kUzpxfDO4 Ldcu2SX0ifJV4OFiK+2l5AdtFJ7aQHrk+0RlEgedYW0w75plilaQ2Qvts7wFn9lXcGII PZtw== X-Gm-Message-State: AOJu0YyHSaBAv/k827u2FnmkTcFAzLlMtREQL9xZJGFGwKzrZIbgs6JZ 8YfYUkRaUqpfiYDfaOn9fNySBoQmQHLgrUbKQQA+r80uYsdTNMtYYJu/jQmmlqdJ8pXkpNqnBUL WHCUF8xBN/zV3veGi45N6xy6z6wKoU+A8KeyU X-Gm-Gg: AY/fxX6QvxHUUH/mByCCcR1SeQNS82k6os2aNfcEEJGs4BnRa3Wp1lToawjsG22mj7h umw+klzYbPrGsio0YuckvQeFcOPv/hJisk1z9LaLl+cI3veUCx6ySLDTG23aMdbzGT4GmN1yVF2 3zPQ1RWx3UuGjEc3Yqh46OkNHwS1mqqgmW8OA6Mivx6DbcASufe0HBkQqj1phqoJGgcJCvEbyZu n27rTJz/cahQiiiqBTwiIfP7MaF4U8YoiYOSVDcwsAeLoahAwaM8yHDti4KoiW+7poyjmm2kA== X-Received: by 2002:a05:690e:1881:b0:646:7ad7:c85e with SMTP id 956f58d0204a3-64901b2cf3emr4260888d50.85.1768466800665; Thu, 15 Jan 2026 00:46:40 -0800 (PST) MIME-Version: 1.0 References: <176843651261.25.2084360299744095431@4457048688e7> In-Reply-To: <176843651261.25.2084360299744095431@4457048688e7> Date: Thu, 15 Jan 2026 02:46:29 -0600 X-Gm-Features: AZwV_Qir4wZAHzs5xQZwTnKQV8bXpTpde1fb59mAHffTeuUMTbBo7gohkEDgqb4 Message-ID: To: FFmpeg development discussions and patches Message-ID-Hash: M24VABXOAWUQJ3DKANNKMYGNBSOR6YUD X-Message-ID-Hash: M24VABXOAWUQJ3DKANNKMYGNBSOR6YUD X-MailFrom: SRS0=M3u5=7U=googlemail.com=kieran618@ffmpeg.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-ffmpeg-devel.ffmpeg.org-0; header-match-ffmpeg-devel.ffmpeg.org-1; header-match-ffmpeg-devel.ffmpeg.org-2; header-match-ffmpeg-devel.ffmpeg.org-3; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Content-Filtered-By: Mailman/MimeDel 3.3.10 X-Mailman-Version: 3.3.10 Precedence: list Reply-To: FFmpeg development discussions and patches Subject: [FFmpeg-devel] Re: [PR] lavc/aacdec_usac: fix CPE channel index in ff_aac_usac_reset_state() (PR #21469) List-Id: FFmpeg development discussions and patches Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Kieran Kunhya via ffmpeg-devel Cc: ruikai , Kieran Kunhya Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Archived-At: List-Archive: List-Post: On Wed, 14 Jan 2026, 18:22 ruikai via ffmpeg-devel, wrote: > PR #21469 opened by ruikai > URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21469 > Patch URL: https://code.ffmpeg.org/FFmpeg/FFmpeg/pulls/21469.patch > > fix a simple index bug in ff_aac_usac_reset_state() > that writes past the end of ChannelElement.ch[2] for CPE > > ff_aac_usac_reset_state() loops over channels with j < ch, but > incorrectly takes &che->ch[ch]. For CPE (ch == 2) this becomes > che->ch[2], which is one past the end of ChannelElement.ch[2], and the > subsequent memset() causes an intra-object out-of-bounds write. > > index the channel element with the loop variable (j). > > > >From c8b8c41a6b2a3de017aaacb4cdc076cbd2cb8754 Mon Sep 17 00:00:00 2001 > From: Ruikai Peng > Date: Wed, 14 Jan 2026 19:16:43 -0500 > Subject: [PATCH] lavc/aacdec_usac: fix CPE channel index in > ff_aac_usac_reset_state() > > fix a simple index bug in ff_aac_usac_reset_state() > that writes past the end of ChannelElement.ch[2] for CPE > > ff_aac_usac_reset_state() loops over channels with j < ch, but > incorrectly takes &che->ch[ch]. For CPE (ch == 2) this becomes > che->ch[2], which is one past the end of ChannelElement.ch[2], and the > subsequent memset() causes an intra-object out-of-bounds write. > > index the channel element with the loop variable (j). > --- > libavcodec/aac/aacdec_usac.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/libavcodec/aac/aacdec_usac.c b/libavcodec/aac/aacdec_usac.c > index c4b821bbba..237a247d5b 100644 > --- a/libavcodec/aac/aacdec_usac.c > +++ b/libavcodec/aac/aacdec_usac.c > @@ -315,7 +315,7 @@ int ff_aac_usac_reset_state(AACDecContext *ac, > OutputConfiguration *oc) > ff_aac_sbr_config_usac(ac, che, e); > > for (int j = 0; j < ch; j++) { > - SingleChannelElement *sce = &che->ch[ch]; > + SingleChannelElement *sce = &che->ch[j]; > AACUsacElemData *ue = &sce->ue; > > memset(ue, 0, sizeof(*ue)); > -- > 2.49.1 > > _______________________________________________ > ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org > To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org LGTM > > _______________________________________________ ffmpeg-devel mailing list -- ffmpeg-devel@ffmpeg.org To unsubscribe send an email to ffmpeg-devel-leave@ffmpeg.org