From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 9F1E848063 for ; Mon, 8 Jul 2024 02:29:08 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 5C0C368D899; Mon, 8 Jul 2024 05:29:06 +0300 (EEST) Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 3338868D7AA for ; Mon, 8 Jul 2024 05:28:59 +0300 (EEST) Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-70af8062039so1966171b3a.0 for ; Sun, 07 Jul 2024 19:28:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1720405736; x=1721010536; darn=ffmpeg.org; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id:from :to:cc:subject:date:message-id:reply-to; bh=HBcPe3uFvmBKv2dqLaXMQj2QUx9b12MBgHoy4Oofruk=; b=PRJGmYYFml/h/He9ZGDf0wUOdyI7sDXB43hKwZEXsFw4fTYVcb68vX3SZiYqS7g/el nzNxHGG7dAzMnxJIoIZCXqQOR+y+zN3dFTJbrJydpdrC3RHZhnZubRWwYliZJvCVmjhi Vinkj89E+otGvSXvByf3SXofR97eFgTYoH5AI2iTqrilLhqpHP+T3GGNfKM2jDCB9aYJ tRoL7GsICfmUk7cuhsKKA6wRj/zcaZj+MtQgz408tfe8WBPBpTbVqMDPvloV8JiDXRMH Bja29egUPm23aECXbkOv/egqloO2ijq5/vjrGFS/OlY8Wo9IRTCDU94hMb2ZoCCvvD5i YDFw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1720405736; x=1721010536; h=content-transfer-encoding:in-reply-to:from:content-language :references:to:subject:user-agent:mime-version:date:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=HBcPe3uFvmBKv2dqLaXMQj2QUx9b12MBgHoy4Oofruk=; b=STmtO6FZHw/SxZ2esM/S/SSqFV07zr8NowAjsy/bhGkD4+FuWMeZzPWHOrwY056XVg 4CBWagZ1BmWX7TcxV7ONr/5QOy1pQMkPGnHRIOWyqJYutvxUZRijgx+SOscmOpoVI4lL RICDKoPtrOryCL6WzcgJaAoKoVIl02qe2F5lllSB+QLEJL1mBeAvRDD+5bI0McJ8A54A X8UTrsUZncI8SEduWbgtpENU6r8em4WtjesQhXuRQi8K50lW/TXevFOLX5HlFZCyEbqn bsc1K+o7xwEWiGHrk/9VtKM001OcSlbxu7OcrK3YdmFWX9PJxij1IX1vRjRDaQZDC7i4 HoxA== X-Gm-Message-State: AOJu0YzYtracH7P5xrJvTpJaAnOxFqlocP8+7V5KfzcBl0MBfFbdlVQT TaSQgoxH9z7pqa3Ux0aMIntweOKuCx0hRM/tty0E1glZ3aevgc28KWYHeQ== X-Google-Smtp-Source: AGHT+IFP+MJE/Hy7UNakC4UWkN4I1akSrVBBAwWyDY4zobBbc62I15HDOxfddWUQD9PMtYhYZ93OfA== X-Received: by 2002:a05:6a00:3d0b:b0:708:2b90:eaed with SMTP id d2e1a72fcca58-70b00920712mr9917559b3a.6.1720405735783; Sun, 07 Jul 2024 19:28:55 -0700 (PDT) Received: from [192.168.0.16] ([190.194.167.233]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-70b23cf41dasm2160693b3a.114.2024.07.07.19.28.54 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 07 Jul 2024 19:28:55 -0700 (PDT) Message-ID: Date: Sun, 7 Jul 2024 23:28:54 -0300 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird To: ffmpeg-devel@ffmpeg.org References: <20240707184729.3525852-1-michael@niedermayer.cc> <20240707184729.3525852-6-michael@niedermayer.cc> <20240707215917.GT4991@pb2> Content-Language: en-US From: James Almer In-Reply-To: <20240707215917.GT4991@pb2> Subject: Re: [FFmpeg-devel] [PATCH 6/6] avfilter/af_surround: Check av_channel_layout_channel_from_index() stays within the fixed array used X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="us-ascii"; Format="flowed" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On 7/7/2024 6:59 PM, Michael Niedermayer wrote: > On Sun, Jul 07, 2024 at 09:12:06PM +0200, Andreas Rheinhardt wrote: >> Andreas Rheinhardt: >>> Michael Niedermayer: >>>> Fixes: CID1516994 Out-of-bounds access >>>> Fixes: CID1516996 Out-of-bounds access >>>> Fixes: CID1516999 Out-of-bounds access >>>> >>>> Sponsored-by: Sovereign Tech Fund >>>> Signed-off-by: Michael Niedermayer >>>> --- >>>> libavfilter/af_surround.c | 3 +++ >>>> 1 file changed, 3 insertions(+) >>>> >>>> diff --git a/libavfilter/af_surround.c b/libavfilter/af_surround.c >>>> index e37dddc3614..fab39a37ea9 100644 >>>> --- a/libavfilter/af_surround.c >>>> +++ b/libavfilter/af_surround.c >>>> @@ -269,6 +269,9 @@ static int config_output(AVFilterLink *outlink) >>>> >>>> for (int ch = 0; ch < outlink->ch_layout.nb_channels; ch++) { >>>> float iscale = 1.f; >>>> + const int chan = av_channel_layout_channel_from_index(&s->out_ch_layout, ch); >>>> + if (chan >= FF_ARRAY_ELEMS(sc_map)) >>>> + return AVERROR_PATCHWELCOME; >>>> >>>> ret = av_tx_init(&s->irdft[ch], &s->itx_fn, AV_TX_FLOAT_RDFT, >>>> 1, s->win_size, &iscale, 0); >>> >>> Can this happen? > > IMHO, this doesnt matter. A filter that depends on a audio channel layout > API from another lib cannot depend on its implementation but just the > public API/ABI > So even if the av_channel_layout_* API didnt allow us to set such layout > today we would need to check for it > > now can this happen? > try this: > > ./ffmpeg -i matrixbench_mpeg2.mpg -af surround=chl_out="123456789" -f null - > > I get a > Segmentation fault (core dumped) > > and it doesnt segfault after the patch This is (probably) a regression since 66afa361e816. Maybe an output layout sanity check should be added back to init() in some form instead, to return EINVAL after an "Unsupported upmix" warning message is printed, like it used to be the case. _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".