* [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
@ 2024-07-02 18:38 Marvin Scholz
2024-07-06 9:26 ` Stefano Sabatini
0 siblings, 1 reply; 4+ messages in thread
From: Marvin Scholz @ 2024-07-02 18:38 UTC (permalink / raw)
To: ffmpeg-devel
An incorrect calculation in ff_perlin_init causes a write to the
stack array at index 256, which is out of bounds.
Fixes: CID1608711
---
libavfilter/perlin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
index 09bae7ad33..ffad8c1e4e 100644
--- a/libavfilter/perlin.c
+++ b/libavfilter/perlin.c
@@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
for (i = 0; i < 256; i++) {
unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
uint8_t random_val = random_permutations[random_idx];
- random_permutations[random_idx] = random_permutations[256-i];
+ random_permutations[random_idx] = random_permutations[255-i];
perlin->permutations[i] = perlin->permutations[i+256] = random_val;
}
base-commit: e783e45e29e78616debba7f6d1fe6e54dc336496
--
2.39.3 (Apple Git-146)
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
2024-07-02 18:38 [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write Marvin Scholz
@ 2024-07-06 9:26 ` Stefano Sabatini
2024-07-09 12:41 ` epirat07
0 siblings, 1 reply; 4+ messages in thread
From: Stefano Sabatini @ 2024-07-06 9:26 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On date Tuesday 2024-07-02 20:38:00 +0200, Marvin Scholz wrote:
> An incorrect calculation in ff_perlin_init causes a write to the
> stack array at index 256, which is out of bounds.
>
> Fixes: CID1608711
> ---
> libavfilter/perlin.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
> index 09bae7ad33..ffad8c1e4e 100644
> --- a/libavfilter/perlin.c
> +++ b/libavfilter/perlin.c
> @@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
> for (i = 0; i < 256; i++) {
> unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
> uint8_t random_val = random_permutations[random_idx];
> - random_permutations[random_idx] = random_permutations[256-i];
> + random_permutations[random_idx] = random_permutations[255-i];
>
> perlin->permutations[i] = perlin->permutations[i+256] = random_val;
> }
Looks good, thanks.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
2024-07-06 9:26 ` Stefano Sabatini
@ 2024-07-09 12:41 ` epirat07
2024-07-10 16:19 ` Michael Niedermayer
0 siblings, 1 reply; 4+ messages in thread
From: epirat07 @ 2024-07-09 12:41 UTC (permalink / raw)
To: FFmpeg development discussions and patches
On 6 Jul 2024, at 11:26, Stefano Sabatini wrote:
> On date Tuesday 2024-07-02 20:38:00 +0200, Marvin Scholz wrote:
>> An incorrect calculation in ff_perlin_init causes a write to the
>> stack array at index 256, which is out of bounds.
>>
>> Fixes: CID1608711
>> ---
>> libavfilter/perlin.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
>> index 09bae7ad33..ffad8c1e4e 100644
>> --- a/libavfilter/perlin.c
>> +++ b/libavfilter/perlin.c
>> @@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
>> for (i = 0; i < 256; i++) {
>> unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
>> uint8_t random_val = random_permutations[random_idx];
>> - random_permutations[random_idx] = random_permutations[256-i];
>> + random_permutations[random_idx] = random_permutations[255-i];
>>
>> perlin->permutations[i] = perlin->permutations[i+256] = random_val;
>> }
>
> Looks good, thanks.
Please push then, I do not have commit access.
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
2024-07-09 12:41 ` epirat07
@ 2024-07-10 16:19 ` Michael Niedermayer
0 siblings, 0 replies; 4+ messages in thread
From: Michael Niedermayer @ 2024-07-10 16:19 UTC (permalink / raw)
To: FFmpeg development discussions and patches
[-- Attachment #1.1: Type: text/plain, Size: 1669 bytes --]
On Tue, Jul 09, 2024 at 02:41:16PM +0200, epirat07@gmail.com wrote:
>
>
> On 6 Jul 2024, at 11:26, Stefano Sabatini wrote:
>
> > On date Tuesday 2024-07-02 20:38:00 +0200, Marvin Scholz wrote:
> >> An incorrect calculation in ff_perlin_init causes a write to the
> >> stack array at index 256, which is out of bounds.
> >>
> >> Fixes: CID1608711
> >> ---
> >> libavfilter/perlin.c | 2 +-
> >> 1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
> >> index 09bae7ad33..ffad8c1e4e 100644
> >> --- a/libavfilter/perlin.c
> >> +++ b/libavfilter/perlin.c
> >> @@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
> >> for (i = 0; i < 256; i++) {
> >> unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
> >> uint8_t random_val = random_permutations[random_idx];
> >> - random_permutations[random_idx] = random_permutations[256-i];
> >> + random_permutations[random_idx] = random_permutations[255-i];
> >>
> >> perlin->permutations[i] = perlin->permutations[i+256] = random_val;
> >> }
> >
> > Looks good, thanks.
>
> Please push then, I do not have commit access.
applied
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Awnsering whenever a program halts or runs forever is
On a turing machine, in general impossible (turings halting problem).
On any real computer, always possible as a real computer has a finite number
of states N, and will either halt in less than N cycles or never halt.
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
[-- Attachment #2: Type: text/plain, Size: 251 bytes --]
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-07-10 16:19 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-07-02 18:38 [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write Marvin Scholz
2024-07-06 9:26 ` Stefano Sabatini
2024-07-09 12:41 ` epirat07
2024-07-10 16:19 ` Michael Niedermayer
Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
ffmpegdev@gitmailbox.com
public-inbox-index ffmpegdev
Example config snippet for mirrors.
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git