[FFmpeg-cvslog] avfilter/af_aiir: do not crash with invalid options

Paul B Mahol git at videolan.org
Fri Jan 5 20:58:45 EET 2018 

ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Fri Jan  5 19:55:09 2018 +0100| [52c959a2376614e4c9089145b8ee69334b663257] | committer: Paul B Mahol

avfilter/af_aiir: do not crash with invalid options

Signed-off-by: Paul B Mahol <onemda at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=52c959a2376614e4c9089145b8ee69334b663257
---

 libavfilter/af_aiir.c | 26 +++++++++++++++++++++++---
 1 file changed, 23 insertions(+), 3 deletions(-)

diff --git a/libavfilter/af_aiir.c b/libavfilter/af_aiir.c
index 29010bde29..e14e464211 100644
--- a/libavfilter/af_aiir.c
+++ b/libavfilter/af_aiir.c
@@ -127,6 +127,9 @@ static void count_coefficients(char *item_str, int *nb_items)
 {
     char *p;
 
+    if (!item_str)
+        return;
+
     *nb_items = 1;
     for (p = item_str; *p && *p != '|'; p++) {
         if (*p == ' ')
@@ -170,10 +173,14 @@ static int read_channels(AVFilterContext *ctx, int channels, uint8_t *item_str,
         if (!(arg = av_strtok(p, "|", &saveptr)))
             arg = prev_arg;
 
-        p = NULL;
+        if (!arg)
+            return AVERROR(EINVAL);
+
         count_coefficients(arg, &nb[i]);
-        cache[i] = av_calloc(nb[i], sizeof(cache[i]));
-        c[i] = av_calloc(nb[i], sizeof(c[i]));
+
+        p = NULL;
+        cache[i] = av_calloc(nb[i] + 1, sizeof(double));
+        c[i] = av_calloc(nb[i], sizeof(double));
         if (!c[i] || !cache[i])
             return AVERROR(ENOMEM);
 
@@ -263,6 +270,18 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
     return ff_filter_frame(outlink, out);
 }
 
+static av_cold int init(AVFilterContext *ctx)
+{
+    AudioIIRContext *s = ctx->priv;
+
+    if (!s->a_str || !s->b_str) {
+        av_log(ctx, AV_LOG_ERROR, "Valid coefficients are mandatory.\n");
+        return AVERROR(EINVAL);
+    }
+
+    return 0;
+}
+
 static av_cold void uninit(AVFilterContext *ctx)
 {
     AudioIIRContext *s = ctx->priv;
@@ -326,6 +345,7 @@ AVFilter ff_af_aiir = {
     .name          = "aiir",
     .description   = NULL_IF_CONFIG_SMALL("Apply Infinite Impulse Response filter with supplied coefficients."),
     .priv_size     = sizeof(AudioIIRContext),
+    .init          = init,
     .uninit        = uninit,
     .query_formats = query_formats,
     .inputs        = inputs,

More information about the ffmpeg-cvslog mailing list