[FFmpeg-devel] [PATCH 1/3] aacsbr_fixed: avoid division by zero in sbr_gain_calc

Michael Niedermayer michael at niedermayer.cc
Wed Nov 11 23:19:11 CET 2015


On Wed, Nov 11, 2015 at 09:31:18PM +0100, Andreas Cadhalpun wrote:
> On 11.11.2015 14:55, Michael Niedermayer wrote:
> > On Sun, Nov 08, 2015 at 10:02:56PM +0100, Andreas Cadhalpun wrote:
> >> This fixes a SIGFPE crash in the aac_fixed decoder.
> >>
> >> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> >> ---
> >>  libavcodec/aacsbr_fixed.c | 4 ++--
> >>  1 file changed, 2 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/libavcodec/aacsbr_fixed.c b/libavcodec/aacsbr_fixed.c
> >> index f942d74..efe40f2 100644
> >> --- a/libavcodec/aacsbr_fixed.c
> >> +++ b/libavcodec/aacsbr_fixed.c
> >> @@ -434,8 +434,8 @@ static void sbr_gain_calc(AACContext *ac, SpectralBandReplication *sbr,
> >>                gain_max = FLOAT_100000;
> >>              for (m = sbr->f_tablelim[k] - sbr->kx[1]; m < sbr->f_tablelim[k + 1] - sbr->kx[1]; m++) {
> >>                  SoftFloat q_m_max = av_div_sf(
> >> -                                        av_mul_sf(sbr->q_m[e][m], gain_max),
> >> -                                        sbr->gain[e][m]);
> >> +                                        av_add_sf(FLOAT_EPSILON, av_mul_sf(sbr->q_m[e][m], gain_max)),
> >> +                                        av_add_sf(FLOAT_EPSILON, sbr->gain[e][m]));
> > 
> > is gain == 0 here ?
> 
> Yes: sbr->gain[e][m] == {mant = 0, exp = -126}
> 
> > isnt that invalid ?
> 
> I'm not sure, but it can happen, when q_mapped is very small, which can be
> caused by noise_facs becoming tiny in sbr_dequant.
> That's kind of the opposite problem of 'envelope scalefactors overflowing'.

sbr_dequant() does not look like it can set noise_facs to 0
except by underflow of the exponent range

that "has" to be invalid as this depends on the implementation 

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

What does censorship reveal? It reveals fear. -- Julian Assange
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151111/54c634f4/attachment.sig>


More information about the ffmpeg-devel mailing list