[FFmpeg-cvslog] opus_silk: fix typo causing overflow in silk_stabilize_lsf
Andreas Cadhalpun
git at videolan.org
Thu Dec 17 21:14:51 CET 2015
ffmpeg | branch: release/2.8 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Tue Dec 15 22:00:31 2015 +0100| [796f1a24f59b55cebea779e8360a50f56f3f20fe] | committer: Andreas Cadhalpun
opus_silk: fix typo causing overflow in silk_stabilize_lsf
Due to this typo max_center can be too large, causing nlsf to be set to
too large values, which in turn can cause nlsf[i - 1] + min_delta[i] to
overflow to a negative value, which is not allowed for nlsf and can
cause an out of bounds read in silk_lsf2lpc.
Reviewed-by: Michael Niedermayer <michael at niedermayer.cc>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit f61d44b74aaae1d306d8a0d38b7b3d4292c89ced)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=796f1a24f59b55cebea779e8360a50f56f3f20fe
---
libavcodec/opus_silk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/opus_silk.c b/libavcodec/opus_silk.c
index 841d1ed..73526f9 100644
--- a/libavcodec/opus_silk.c
+++ b/libavcodec/opus_silk.c
@@ -824,7 +824,7 @@ static inline void silk_stabilize_lsf(int16_t nlsf[16], int order, const uint16_
/* upper extent */
for (i = order; i > k; i--)
- max_center -= min_delta[k];
+ max_center -= min_delta[i];
max_center -= min_delta[k] >> 1;
/* move apart */
More information about the ffmpeg-cvslog
mailing list