[FFmpeg-devel] [PATCH 6/6] avfilter/af_surround: Check av_channel_layout_channel_from_index() stays within the fixed array used

Andreas Rheinhardt andreas.rheinhardt at outlook.com
Sun Jul 7 22:05:41 EEST 2024


Michael Niedermayer:
> Fixes: CID1516994 Out-of-bounds access
> Fixes: CID1516996 Out-of-bounds access
> Fixes: CID1516999 Out-of-bounds access
> 
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
>  libavfilter/af_surround.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/libavfilter/af_surround.c b/libavfilter/af_surround.c
> index e37dddc3614..fab39a37ea9 100644
> --- a/libavfilter/af_surround.c
> +++ b/libavfilter/af_surround.c
> @@ -269,6 +269,9 @@ static int config_output(AVFilterLink *outlink)
>  
>      for (int ch = 0; ch < outlink->ch_layout.nb_channels; ch++) {
>          float iscale = 1.f;
> +        const int chan = av_channel_layout_channel_from_index(&s->out_ch_layout, ch);
> +        if (chan >= FF_ARRAY_ELEMS(sc_map))
> +            return AVERROR_PATCHWELCOME;
>  
>          ret = av_tx_init(&s->irdft[ch], &s->itx_fn, AV_TX_FLOAT_RDFT,
>                           1, s->win_size, &iscale, 0);

Can this happen?

- Andreas



More information about the ffmpeg-devel mailing list