[FFmpeg-devel] [libav-devel] [PATCH] opus_silk: fix out of array read in silk_lsf2lpc
michaelni at gmx.at
Wed Dec 16 02:02:41 CET 2015
On Tue, Dec 15, 2015 at 10:41:15PM +0100, Andreas Cadhalpun wrote:
> On 15.12.2015 08:17, Anton Khirnov wrote:
> > Can you share the sample that shows the problem?
> I could, but it's of no use for comparing with libopus, because their
> decoder errors out in an unrelated check.
> > From what I can see, libopus does not do any clipping at that point, so
> > something else must ensure that there is no overflow.
> Indeed, the real problem is just a silly typo...
> It might have been caused by the fact that the specification uses
> i and k in exactly the opposite way than the code.
> New patch attached.
> Best regards,
> opus_silk.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> 253c6f7d87dcadf712840f45dde18f5698b9c1d4 0001-opus_silk-fix-typo-causing-overflow-in-silk_stabiliz.patch
> From d3b2c24d391d7871b978b3372f0f740730996ded Mon Sep 17 00:00:00 2001
> From: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> Date: Tue, 15 Dec 2015 22:00:31 +0100
> Subject: [PATCH] opus_silk: fix typo causing overflow in silk_stabilize_lsf
> Due to this typo max_center can be too large, causing nlsf to be set to
> too large values, which in turn can cause nlsf[i - 1] + min_delta[i] to
> overflow to a negative value, which is not allowed for nlsf and can
> cause an out of bounds read in silk_lsf2lpc.
this looks nicer then the previous fixes
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Many things microsoft did are stupid, but not doing something just because
microsoft did it is even more stupid. If everything ms did were stupid they
would be bankrupt already.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: Digital signature
More information about the ffmpeg-devel