On 26 October 2015 at 22:48, Hendrik Leppkes <h.lepp...@gmail.com> wrote:
> On Mon, Oct 26, 2015 at 11:29 PM, Kieran Kunhya <kier...@obe.tv> wrote:
>> From a1314d5c9774d555718bbc0a8612144c890bbc59 Mon Sep 17 00:00:00 2001
>> From: Kieran Kunhya <kier...@obe.tv>
>> Date: Mon, 26 Oct 2015 22:26:35 +0000
>> Subject: [PATCH] opusdec: Don't run vector_fmul_scalar on zero length arrays
>>
>> Fixes crashes on fuzzed files
>>
>> ---
>> libavcodec/opusdec.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/libavcodec/opusdec.c b/libavcodec/opusdec.c
>> index acae6e1..03dd872 100644
>> --- a/libavcodec/opusdec.c
>> +++ b/libavcodec/opusdec.c
>> @@ -587,7 +587,7 @@ static int opus_decode_packet(AVCodecContext
>> *avctx, void *data,
>> memset(frame->extended_data[i], 0, frame->linesize[0]);
>> }
>>
>> - if (c->gain_i) {
>> + if (c->gain_i && decoded_samples >= 8) {
>> c->fdsp.vector_fmul_scalar((float*)frame->extended_data[i],
>> (float*)frame->extended_data[i],
>> c->gain, FFALIGN(decoded_samples,
>> 8));
>
>> 0 might be less arbitrary.
New version:
From 25edf86e35773d419b4bcc7aeeb7b96d0f1ef958 Mon Sep 17 00:00:00 2001
From: Kieran Kunhya <kier...@obe.tv>
Date: Mon, 26 Oct 2015 23:08:31 +0000
Subject: [PATCH] opusdec: Don't run vector_fmul_scalar on zero length arrays
Fixes crashes on fuzzed files
---
libavcodec/opusdec.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavcodec/opusdec.c b/libavcodec/opusdec.c
index acae6e1..93c72c3 100644
--- a/libavcodec/opusdec.c
+++ b/libavcodec/opusdec.c
@@ -587,7 +587,7 @@ static int opus_decode_packet(AVCodecContext
*avctx, void *data,
memset(frame->extended_data[i], 0, frame->linesize[0]);
}
- if (c->gain_i) {
+ if (c->gain_i && decoded_samples > 0) {
c->fdsp.vector_fmul_scalar((float*)frame->extended_data[i],
(float*)frame->extended_data[i],
c->gain, FFALIGN(decoded_samples, 8));
--
1.7.9.5
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
