[FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed

* [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
@ 2024-07-02 18:38 Marvin Scholz
  2024-07-06  9:26 ` Stefano Sabatini
  0 siblings, 1 reply; 4+ messages in thread
From: Marvin Scholz @ 2024-07-02 18:38 UTC (permalink / raw)
  To: ffmpeg-devel

An incorrect calculation in ff_perlin_init causes a write to the
stack array at index 256, which is out of bounds.

Fixes: CID1608711
---
 libavfilter/perlin.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
index 09bae7ad33..ffad8c1e4e 100644
--- a/libavfilter/perlin.c
+++ b/libavfilter/perlin.c
@@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
         for (i = 0; i < 256; i++) {
             unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
             uint8_t random_val = random_permutations[random_idx];
-            random_permutations[random_idx] = random_permutations[256-i];
+            random_permutations[random_idx] = random_permutations[255-i];
 
             perlin->permutations[i] = perlin->permutations[i+256] = random_val;
         }

base-commit: e783e45e29e78616debba7f6d1fe6e54dc336496
-- 
2.39.3 (Apple Git-146)
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
  2024-07-02 18:38 [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write Marvin Scholz
@ 2024-07-06  9:26 ` Stefano Sabatini
  2024-07-09 12:41   ` epirat07
  0 siblings, 1 reply; 4+ messages in thread
From: Stefano Sabatini @ 2024-07-06  9:26 UTC (permalink / raw)
  To: FFmpeg development discussions and patches

On date Tuesday 2024-07-02 20:38:00 +0200, Marvin Scholz wrote:
> An incorrect calculation in ff_perlin_init causes a write to the
> stack array at index 256, which is out of bounds.
> 
> Fixes: CID1608711
> ---
>  libavfilter/perlin.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
> index 09bae7ad33..ffad8c1e4e 100644
> --- a/libavfilter/perlin.c
> +++ b/libavfilter/perlin.c
> @@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
>          for (i = 0; i < 256; i++) {
>              unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
>              uint8_t random_val = random_permutations[random_idx];
> -            random_permutations[random_idx] = random_permutations[256-i];
> +            random_permutations[random_idx] = random_permutations[255-i];
>  
>              perlin->permutations[i] = perlin->permutations[i+256] = random_val;
>          }

Looks good, thanks.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
  2024-07-06  9:26 ` Stefano Sabatini
@ 2024-07-09 12:41   ` epirat07
  2024-07-10 16:19     ` Michael Niedermayer
  0 siblings, 1 reply; 4+ messages in thread
From: epirat07 @ 2024-07-09 12:41 UTC (permalink / raw)
  To: FFmpeg development discussions and patches



On 6 Jul 2024, at 11:26, Stefano Sabatini wrote:

> On date Tuesday 2024-07-02 20:38:00 +0200, Marvin Scholz wrote:
>> An incorrect calculation in ff_perlin_init causes a write to the
>> stack array at index 256, which is out of bounds.
>>
>> Fixes: CID1608711
>> ---
>>  libavfilter/perlin.c | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
>> index 09bae7ad33..ffad8c1e4e 100644
>> --- a/libavfilter/perlin.c
>> +++ b/libavfilter/perlin.c
>> @@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
>>          for (i = 0; i < 256; i++) {
>>              unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
>>              uint8_t random_val = random_permutations[random_idx];
>> -            random_permutations[random_idx] = random_permutations[256-i];
>> +            random_permutations[random_idx] = random_permutations[255-i];
>>
>>              perlin->permutations[i] = perlin->permutations[i+256] = random_val;
>>          }
>
> Looks good, thanks.

Please push then, I do not have commit access.

> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel@ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
  2024-07-09 12:41   ` epirat07
@ 2024-07-10 16:19     ` Michael Niedermayer
  0 siblings, 0 replies; 4+ messages in thread
From: Michael Niedermayer @ 2024-07-10 16:19 UTC (permalink / raw)
  To: FFmpeg development discussions and patches


[-- Attachment #1.1: Type: text/plain, Size: 1669 bytes --]

On Tue, Jul 09, 2024 at 02:41:16PM +0200, epirat07@gmail.com wrote:
> 
> 
> On 6 Jul 2024, at 11:26, Stefano Sabatini wrote:
> 
> > On date Tuesday 2024-07-02 20:38:00 +0200, Marvin Scholz wrote:
> >> An incorrect calculation in ff_perlin_init causes a write to the
> >> stack array at index 256, which is out of bounds.
> >>
> >> Fixes: CID1608711
> >> ---
> >>  libavfilter/perlin.c | 2 +-
> >>  1 file changed, 1 insertion(+), 1 deletion(-)
> >>
> >> diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
> >> index 09bae7ad33..ffad8c1e4e 100644
> >> --- a/libavfilter/perlin.c
> >> +++ b/libavfilter/perlin.c
> >> @@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
> >>          for (i = 0; i < 256; i++) {
> >>              unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
> >>              uint8_t random_val = random_permutations[random_idx];
> >> -            random_permutations[random_idx] = random_permutations[256-i];
> >> +            random_permutations[random_idx] = random_permutations[255-i];
> >>
> >>              perlin->permutations[i] = perlin->permutations[i+256] = random_val;
> >>          }
> >
> > Looks good, thanks.
> 
> Please push then, I do not have commit access.

applied

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

Awnsering whenever a program halts or runs forever is
On a turing machine, in general impossible (turings halting problem).
On any real computer, always possible as a real computer has a finite number
of states N, and will either halt in less than N cycles or never halt.

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2024-07-10 16:19 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-07-02 18:38 [FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write Marvin Scholz
2024-07-06  9:26 ` Stefano Sabatini
2024-07-09 12:41   ` epirat07
2024-07-10 16:19     ` Michael Niedermayer

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git