[FFmpeg-devel] [PATCH] avfft: avoid overreads with RDFT API users
Matthieu Bouron
matthieu.bouron at gmail.com
Fri Feb 9 21:18:38 EET 2024
On Fri, Feb 09, 2024 at 06:27:50PM +0100, Lynne wrote:
> The new API requires an extra array member at the very end,
> which old API users did not do.
>
> This disables in-place RDFT transforms and instead
> does the transform out of place by copying once, there shouldn't
> be a significant loss of speed as our in-place FFT requires a reorder
> which is likely more expensive in the majority of cases to do.
>
> Patch attached.
>
> From 763f2e8941dc3dd4282ad42574bd8d451a256a53 Mon Sep 17 00:00:00 2001
> From: Lynne <dev at lynne.ee>
> Date: Fri, 9 Feb 2024 18:17:54 +0100
> Subject: [PATCH] avfft: avoid overreads with RDFT API users
>
> The new API requires an extra array member at the very end,
> which old API users did not do.
>
> This disables in-place RDFT transforms and instead
> does the transform out of place by copying once, there shouldn't
> be a significant loss of speed as our in-place FFT requires a reorder
> which is likely more expensive in the majority of cases to do.
> ---
> libavcodec/avfft.c | 31 +++++++++++++++++++++++++------
> 1 file changed, 25 insertions(+), 6 deletions(-)
>
> diff --git a/libavcodec/avfft.c b/libavcodec/avfft.c
> index 999b5ed79a..485f216427 100644
> --- a/libavcodec/avfft.c
> +++ b/libavcodec/avfft.c
> @@ -152,7 +152,7 @@ RDFTContext *av_rdft_init(int nbits, enum RDFTransformType trans)
> return NULL;
>
> ret = av_tx_init(&s->ctx, &s->fn, AV_TX_FLOAT_RDFT, trans == IDFT_C2R,
> - 1 << nbits, &scale, AV_TX_INPLACE);
> + 1 << nbits, &scale, 0x0);
> if (ret < 0) {
> av_free(s);
> return NULL;
> @@ -162,17 +162,35 @@ RDFTContext *av_rdft_init(int nbits, enum RDFTransformType trans)
> s->len = 1 << nbits;
> s->inv = trans == IDFT_C2R;
>
> + s->tmp = av_malloc((s->len + 2)*sizeof(float));
> + if (!s->tmp) {
> + av_tx_uninit(&s->ctx);
> + av_free(s);
> + return NULL;
> + }
> +
> return (RDFTContext *)s;
> }
>
> void av_rdft_calc(RDFTContext *s, FFTSample *data)
> {
> AVTXWrapper *w = (AVTXWrapper *)s;
> - if (w->inv)
> - FFSWAP(float, data[1], data[w->len]);
> - w->fn(w->ctx, data, (void *)data, w->stride);
> - if (!w->inv)
> - FFSWAP(float, data[1], data[w->len]);
> + float *src = w->inv ? w->tmp : (float *)data;
> + float *dst = w->inv ? (float *)data : w->tmp;
> +
> + if (w->inv) {
> + memcpy(src, data, w->len*sizeof(float));
> +
> + src[w->len] = src[1];
> + src[1] = 0.0f;
> + }
> +
> + w->fn(w->ctx, dst, (void *)src, w->stride);
> +
> + if (!w->inv) {
> + dst[1] = dst[w->len];
> + memcpy(data, dst, w->len*sizeof(float));
> + }
> }
>
> av_cold void av_rdft_end(RDFTContext *s)
> @@ -180,6 +198,7 @@ av_cold void av_rdft_end(RDFTContext *s)
> if (s) {
> AVTXWrapper *w = (AVTXWrapper *)s;
> av_tx_uninit(&w->ctx);
> + av_free(&w->tmp);
av_free(w->tmp);
> av_free(w);
> }
> }
> --
> 2.43.0.381.gb435a96ce8
>
Hi,
I tested the patch with the av_free() adjustment and it fixed the crash /
memory corruption I was encountering on macOS.
Thanks,
Matthieu
More information about the ffmpeg-devel
mailing list