On Tue, Dec 15, 2015 at 10:41:15PM +0100, Andreas Cadhalpun wrote: > On 15.12.2015 08:17, Anton Khirnov wrote: > > Can you share the sample that shows the problem? > > I could, but it's of no use for comparing with libopus, because their > decoder errors out in an unrelated check. > > > From what I can see, libopus does not do any clipping at that point, so > > something else must ensure that there is no overflow. > > Indeed, the real problem is just a silly typo... > It might have been caused by the fact that the specification uses > i and k in exactly the opposite way than the code. > > New patch attached. > > Best regards, > Andreas > >
> opus_silk.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > 253c6f7d87dcadf712840f45dde18f5698b9c1d4 > 0001-opus_silk-fix-typo-causing-overflow-in-silk_stabiliz.patch > From d3b2c24d391d7871b978b3372f0f740730996ded Mon Sep 17 00:00:00 2001 > From: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > Date: Tue, 15 Dec 2015 22:00:31 +0100 > Subject: [PATCH] opus_silk: fix typo causing overflow in silk_stabilize_lsf > > Due to this typo max_center can be too large, causing nlsf to be set to > too large values, which in turn can cause nlsf[i - 1] + min_delta[i] to > overflow to a negative value, which is not allowed for nlsf and can > cause an out of bounds read in silk_lsf2lpc. this looks nicer then the previous fixes thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Many things microsoft did are stupid, but not doing something just because microsoft did it is even more stupid. If everything ms did were stupid they would be bankrupt already.
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
