[FFmpeg-cvslog] avfilter/af_tremolo: fix heap-buffer overflow

Paul B Mahol git at videolan.org
Wed May 4 21:29:52 EEST 2022


ffmpeg | branch: release/3.4 | Paul B Mahol <onemda at gmail.com> | Sat Oct 19 19:34:47 2019 +0200| [c5629402fa538e957e6e1d7d701ea199e78c36cc] | committer: Michael Niedermayer

avfilter/af_tremolo: fix heap-buffer overflow

Fixes #8317

(cherry picked from commit 58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=c5629402fa538e957e6e1d7d701ea199e78c36cc
---

 libavfilter/af_tremolo.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavfilter/af_tremolo.c b/libavfilter/af_tremolo.c
index 572e9e3b56..ebb7e71013 100644
--- a/libavfilter/af_tremolo.c
+++ b/libavfilter/af_tremolo.c
@@ -28,6 +28,7 @@ typedef struct TremoloContext {
     double freq;
     double depth;
     double *table;
+    int table_size;
     int index;
 } TremoloContext;
 
@@ -72,7 +73,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
         dst += channels;
         src += channels;
         s->index++;
-        if (s->index >= inlink->sample_rate / s->freq)
+        if (s->index >= s->table_size)
             s->index = 0;
     }
 
@@ -125,11 +126,12 @@ static int config_input(AVFilterLink *inlink)
     const double offset = 1. - s->depth / 2.;
     int i;
 
-    s->table = av_malloc_array(inlink->sample_rate / s->freq, sizeof(*s->table));
+    s->table_size = inlink->sample_rate / s->freq;
+    s->table = av_malloc_array(s->table_size, sizeof(*s->table));
     if (!s->table)
         return AVERROR(ENOMEM);
 
-    for (i = 0; i < inlink->sample_rate / s->freq; i++) {
+    for (i = 0; i < s->table_size; i++) {
         double env = s->freq * i / inlink->sample_rate;
         env = sin(2 * M_PI * fmod(env + 0.25, 1.0));
         s->table[i] = env * (1 - fabs(offset)) + offset;



More information about the ffmpeg-cvslog mailing list