On Mon, May 31, 2021 at 09:22:09AM +0200, Anton Khirnov wrote: > Quoting Michael Niedermayer (2021-05-28 22:15:51) > > Fixes: Ticket8003 > > Fixes: CVE-2020-20453 > > > > Signed-off-by: Michael Niedermayer <mich...@niedermayer.cc> > > --- > > libavcodec/aacenc.c | 3 ++- > > 1 file changed, 2 insertions(+), 1 deletion(-) > > > > diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c > > index aa223cf25f..e80591ba86 100644 > > --- a/libavcodec/aacenc.c > > +++ b/libavcodec/aacenc.c > > @@ -28,6 +28,7 @@ > > * TODOs: > > * add sane pulse detection > > ***********************************/ > > +#include <float.h> > > > > #include "libavutil/libm.h" > > #include "libavutil/float_dsp.h" > > @@ -852,7 +853,7 @@ static int aac_encode_frame(AVCodecContext *avctx, > > AVPacket *avpkt, > > /* Not so fast though */ > > ratio = sqrtf(ratio); > > } > > - s->lambda = FFMIN(s->lambda * ratio, 65536.f); > > + s->lambda = av_clipf(s->lambda * ratio, FLT_MIN, 65536.f); > > Would FLT_EPSILON not be more appropriate? IIUC FLT_MIN is still > effectively zero.
yes, i was just trying to eliminate the x/0. In theory, lambda = 0 or lambda = infinity is not semantically wrong, one would mean smallest file disregarding distortion the other lowest distortion disregarding size. I do not know what the intend of the author of the original code was But the places where divisions by lambda seem to happen semm all followed by cliping so i guess the minimum doesnt matter and all reasonable options will give the same result more or less. ill change it to FLT_EPSILON thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Rewriting code that is poorly written but fully understood is good. Rewriting code that one doesnt understand is a sign that one is less smart than the original author, trying to rewrite it will not make it better.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
