On Tue, Dec 15, 2015 at 01:15:58AM +0100, Andreas Cadhalpun wrote: > On 14.12.2015 23:14, Michael Niedermayer wrote: > > On Mon, Dec 14, 2015 at 08:43:38PM +0100, Andreas Cadhalpun wrote: > >> opus_silk.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > >> cc0c02e14c1bda0ab35813c8d4629e742af7d23f > >> 0001-opus_silk-fix-int16_t-overflow-in-silk_stabilize_lsf.patch > >> From 958789a66e6f55e05ab3d8e945b8ff899680c073 Mon Sep 17 00:00:00 2001 > >> From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > >> Date: Mon, 14 Dec 2015 20:31:41 +0100 > >> Subject: [PATCH] opus_silk: fix int16_t overflow in silk_stabilize_lsf > >> > >> nlsf[i - 1] + min_delta[i] can be larger than INT16_MAX, causing nlsf to > >> be set to a negative value. However, it is not supposed to be negative > >> and if it is, it causes an out of bounds read in silk_lsf2lpc. > >> > >> Since min_delta is unsigned, the overflow only happens when the result > >> of the addition is assigned to nlsf, so that the FFMIN solves the > >> problem. > >> > >> Even though the specification implies that the value of nlfs can be > >> larger than INT16_MAX at this intermediary point, it is reduced to the > >> int16_t range in the next loop, the result of which doesn't change if > >> the too large intermediary values are replaced by INT16_MAX. > >> > >> Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > >> --- > >> libavcodec/opus_silk.c | 2 +- > >> 1 file changed, 1 insertion(+), 1 deletion(-) > > > > should be ok > > I assume you don't mind the change to av_clip_int16, or do you?
no objections to av_clip_int16 [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB No snowflake in an avalanche ever feels responsible. -- Voltaire
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
