Re: [libav-devel] [PATCH] opusdec: Don't run vector_fmul_scalar on zero length arrays

Mon, 26 Oct 2015 17:30:38 -0700 

On 27/10/15 00:09, Kieran Kunhya wrote:
> On 26 October 2015 at 22:48, Hendrik Leppkes <h.lepp...@gmail.com> wrote:
>> On Mon, Oct 26, 2015 at 11:29 PM, Kieran Kunhya <kier...@obe.tv> wrote:
>>> From a1314d5c9774d555718bbc0a8612144c890bbc59 Mon Sep 17 00:00:00 2001
>>> From: Kieran Kunhya <kier...@obe.tv>
>>> Date: Mon, 26 Oct 2015 22:26:35 +0000
>>> Subject: [PATCH] opusdec: Don't run vector_fmul_scalar on zero length arrays
>>>
>>> Fixes crashes on fuzzed files
>>>
>>> ---
>>>  libavcodec/opusdec.c |    2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/libavcodec/opusdec.c b/libavcodec/opusdec.c
>>> index acae6e1..03dd872 100644
>>> --- a/libavcodec/opusdec.c
>>> +++ b/libavcodec/opusdec.c
>>> @@ -587,7 +587,7 @@ static int opus_decode_packet(AVCodecContext
>>> *avctx, void *data,
>>>              memset(frame->extended_data[i], 0, frame->linesize[0]);
>>>          }
>>>
>>> -        if (c->gain_i) {
>>> +        if (c->gain_i && decoded_samples >= 8) {
>>>              c->fdsp.vector_fmul_scalar((float*)frame->extended_data[i],
>>>                                         (float*)frame->extended_data[i],
>>>                                         c->gain, FFALIGN(decoded_samples, 
>>> 8));
>>
>>> 0 might be less arbitrary.
> 
> New version:
> 
> From 25edf86e35773d419b4bcc7aeeb7b96d0f1ef958 Mon Sep 17 00:00:00 2001
> From: Kieran Kunhya <kier...@obe.tv>
> Date: Mon, 26 Oct 2015 23:08:31 +0000
> Subject: [PATCH] opusdec: Don't run vector_fmul_scalar on zero length arrays
> 
> Fixes crashes on fuzzed files
> ---
>  libavcodec/opusdec.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/libavcodec/opusdec.c b/libavcodec/opusdec.c
> index acae6e1..93c72c3 100644
> --- a/libavcodec/opusdec.c
> +++ b/libavcodec/opusdec.c
> @@ -587,7 +587,7 @@ static int opus_decode_packet(AVCodecContext
> *avctx, void *data,
>              memset(frame->extended_data[i], 0, frame->linesize[0]);
>          }
> 
> -        if (c->gain_i) {
> +        if (c->gain_i && decoded_samples > 0) {
>              c->fdsp.vector_fmul_scalar((float*)frame->extended_data[i],
>                                         (float*)frame->extended_data[i],
>                                         c->gain, FFALIGN(decoded_samples, 8));

Which is the range of valid values here?

lu
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to