On Tue, Aug 18, 2020 at 12:45:17PM +0300, Jan Ekström wrote:
> On Sun, Aug 16, 2020 at 2:15 AM Michael Niedermayer
> <mich...@niedermayer.cc> wrote:
> >
> > On Sat, Aug 01, 2020 at 02:07:30PM +0300, Jan Ekström wrote:
> > > ---
> > > libavcodec/aacdec_template.c | 89 +++++++++++++++++++++++++++++++-----
> > > 1 file changed, 78 insertions(+), 11 deletions(-)
> > >
> > > diff --git a/libavcodec/aacdec_template.c b/libavcodec/aacdec_template.c
> > > index 21db12fdab..8c5048cc13 100644
> > > --- a/libavcodec/aacdec_template.c
> > > +++ b/libavcodec/aacdec_template.c
> > > @@ -387,17 +387,77 @@ static uint64_t sniff_channel_order(uint8_t
> > > (*layout_map)[3], int tags)
> > > i++;
> > > }
> > >
> > > - // Must choose a stable sort
> > > + // The previous checks would end up at 8 at this point for 22.2
> > > + if (tags == 16 && i == 8) {
> > > + e2c_vec[i] = (struct elem_to_channel) {
> > > + .av_position = AV_CH_TOP_FRONT_CENTER,
> > > + .syn_ele = layout_map[i][0],
> > > + .elem_id = layout_map[i][1],
> > > + .aac_position = layout_map[i][2]
> > > + }; i++;
> > > + i += assign_pair(e2c_vec, layout_map, i,
> > > + AV_CH_TOP_FRONT_LEFT,
> > > + AV_CH_TOP_FRONT_RIGHT,
> > > + AAC_CHANNEL_FRONT);
> > > + i += assign_pair(e2c_vec, layout_map, i,
> > > + AV_CH_TOP_SIDE_LEFT,
> > > + AV_CH_TOP_SIDE_RIGHT,
> > > + AAC_CHANNEL_SIDE);
> > > + e2c_vec[i] = (struct elem_to_channel) {
> > > + .av_position = AV_CH_TOP_CENTER,
> > > + .syn_ele = layout_map[i][0],
> > > + .elem_id = layout_map[i][1],
> > > + .aac_position = layout_map[i][2]
> > > + }; i++;
> > > + i += assign_pair(e2c_vec, layout_map, i,
> > > + AV_CH_TOP_BACK_LEFT,
> > > + AV_CH_TOP_BACK_RIGHT,
> > > + AAC_CHANNEL_BACK);
> > > + e2c_vec[i] = (struct elem_to_channel) {
> > > + .av_position = AV_CH_TOP_BACK_CENTER,
> > > + .syn_ele = layout_map[i][0],
> >
> > Does this code assume all types are CPE ?
> > because if thats not true i can exceed the tags
> >
>
> Sorry for responding late, I have been tired and didn't find a good
> spot to write things down.
>
> No, it should not assume that all types are CPE. 22.2 utilizes both
> CPE, SCE as well as LFE. The full definition of 22.2 was added in
> 93a2913ac8a3aa25c05fd30036da89cb493e68ee with each coding element
> being documented as it is in the spec.
>
> OK, then I did misunderstand what exactly the `tags` variable means
> and how it can go over (if that is a problem other than 22.2 with more
> coding elements than in standard samples not hitting this logic).the fuzzer found a case where the layout_map beyond tags seems to contain apparent bad values (different in each run and way too large) the code then eventually crashes. I did not investigate this further as you seem to be activly working on 22.2. I think you already have some testcases but i can provide the fuzzer testcase if you want another one thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The worst form of inequality is to try to make unequal things equal. -- Aristotle
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
