[FFmpeg-devel] [PATCH] af_compand: fix invalid read
Andrew Kelley
superjoe30 at gmail.com
Tue Feb 25 10:37:26 CET 2014
This patch fixes http://trac.ffmpeg.org/ticket/3383
This patch is going into libav, but the devs had me squash it, so I extracted
it to be able to be merged cleanly into ffmpeg.
---
libavfilter/af_compand.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/libavfilter/af_compand.c b/libavfilter/af_compand.c
index a2f2bb7..29332a4 100644
--- a/libavfilter/af_compand.c
+++ b/libavfilter/af_compand.c
@@ -46,6 +46,7 @@ typedef struct CompandContext {
char *attacks, *decays, *points;
CompandSegment *segments;
ChanParam *channels;
+ int nb_segments;
double in_min_lin;
double out_min_lin;
double curve_dB;
@@ -160,11 +161,11 @@ static double get_volume(CompandContext *s, double in_lin)
in_log = log(in_lin);
- for (i = 1;; i++)
- if (in_log <= s->segments[i + 1].x)
+ for (i = 1; i < s->nb_segments; i++)
+ if (in_log <= s->segments[i].x)
break;
- cs = &s->segments[i];
+ cs = &s->segments[i - 1];
in_log -= cs->x;
out_log = cs->y + in_log * (cs->a * in_log + cs->b);
@@ -318,7 +319,8 @@ static int config_output(AVFilterLink *outlink)
uninit(ctx);
s->channels = av_mallocz_array(outlink->channels, sizeof(*s->channels));
- s->segments = av_mallocz_array((nb_points + 4) * 2, sizeof(*s->segments));
+ s->nb_segments = (nb_points + 4) * 2;
+ s->segments = av_mallocz_array(s->nb_segments, sizeof(*s->segments));
if (!s->channels || !s->segments)
return AVERROR(ENOMEM);
--
1.8.3.2
More information about the ffmpeg-devel
mailing list