[FFmpeg-cvslog] avcodec/aacenc: Check all coefficients for finiteness

Michael Niedermayer git at videolan.org
Wed Jan 20 21:22:40 CET 2016


ffmpeg | branch: master | Michael Niedermayer <michael at niedermayer.cc> | Wed Jan 20 15:05:38 2016 +0100| [2cb8edea7c9af336f3fa60ac8a0f9b8a17e92188] | committer: Michael Niedermayer

avcodec/aacenc: Check all coefficients for finiteness

This is needed as near infinite values on the input side result in only some
output to be non finite.
Also it may still be insufficient if subsequent computations overflow

Fixes null pointer dereference
Fixes: ae66c0f6c12ac1cd5c2c237031240f57/signal_sigsegv_2618c99_9516_6007026f2185a26d7afea895fbed6e38.ogg

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Reviewed-by: Claudio Freire <klaussfreire at gmail.com>
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2cb8edea7c9af336f3fa60ac8a0f9b8a17e92188
---

 libavcodec/aacenc.c |   17 ++++++-----------
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c
index fe54763..553a5ae 100644
--- a/libavcodec/aacenc.c
+++ b/libavcodec/aacenc.c
@@ -544,6 +544,7 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
         chans    = tag == TYPE_CPE ? 2 : 1;
         cpe      = &s->cpe[i];
         for (ch = 0; ch < chans; ch++) {
+            int k;
             float clip_avoidance_factor;
             sce = &cpe->ch[ch];
             ics = &sce->ics;
@@ -607,17 +608,11 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
                 s->mdct1024.mdct_calc(&s->mdct1024, sce->lcoeffs, sce->ret_buf);
             }
 
-            if (!(isfinite(cpe->ch[ch].coeffs[    0]) &&
-                  isfinite(cpe->ch[ch].coeffs[  128]) &&
-                  isfinite(cpe->ch[ch].coeffs[2*128]) &&
-                  isfinite(cpe->ch[ch].coeffs[3*128]) &&
-                  isfinite(cpe->ch[ch].coeffs[4*128]) &&
-                  isfinite(cpe->ch[ch].coeffs[5*128]) &&
-                  isfinite(cpe->ch[ch].coeffs[6*128]) &&
-                  isfinite(cpe->ch[ch].coeffs[7*128]))
-            ) {
-                av_log(avctx, AV_LOG_ERROR, "Input contains NaN/+-Inf\n");
-                return AVERROR(EINVAL);
+            for (k = 0; k < 1024; k++) {
+                if (!isfinite(cpe->ch[ch].coeffs[k])) {
+                    av_log(avctx, AV_LOG_ERROR, "Input contains NaN/+-Inf\n");
+                    return AVERROR(EINVAL);
+                }
             }
             avoid_clipping(s, sce);
         }



More information about the ffmpeg-cvslog mailing list