[FFmpeg-devel] [PATCH 6/6] avfilter/af_surround: Check av_channel_layout_channel_from_index() stays within the fixed array used
Andreas Rheinhardt
andreas.rheinhardt at outlook.com
Sun Jul 7 22:05:41 EEST 2024
Michael Niedermayer:
> Fixes: CID1516994 Out-of-bounds access
> Fixes: CID1516996 Out-of-bounds access
> Fixes: CID1516999 Out-of-bounds access
>
> Sponsored-by: Sovereign Tech Fund
> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> ---
> libavfilter/af_surround.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/libavfilter/af_surround.c b/libavfilter/af_surround.c
> index e37dddc3614..fab39a37ea9 100644
> --- a/libavfilter/af_surround.c
> +++ b/libavfilter/af_surround.c
> @@ -269,6 +269,9 @@ static int config_output(AVFilterLink *outlink)
>
> for (int ch = 0; ch < outlink->ch_layout.nb_channels; ch++) {
> float iscale = 1.f;
> + const int chan = av_channel_layout_channel_from_index(&s->out_ch_layout, ch);
> + if (chan >= FF_ARRAY_ELEMS(sc_map))
> + return AVERROR_PATCHWELCOME;
>
> ret = av_tx_init(&s->irdft[ch], &s->itx_fn, AV_TX_FLOAT_RDFT,
> 1, s->win_size, &iscale, 0);
Can this happen?
- Andreas
More information about the ffmpeg-devel
mailing list