[FFmpeg-trac] #7995(undetermined:new): Division by zero at libavcodec/aacpsy.c:797:29
FFmpeg
trac at avcodec.org
Thu Jul 4 10:52:57 EEST 2019
#7995: Division by zero at libavcodec/aacpsy.c:797:29
-------------------------------------+-------------------------------------
Reporter: Suhwan | Type: defect
Status: new | Priority: normal
Component: | Version: git-
undetermined | master
Keywords: ubsan asan | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
-------------------------------------+-------------------------------------
Summary of the bug:
There's division by zero at libavcodec/aacpsy.c:797:29 and also this
triggers heap buffer overflow
How to reproduce:
{{{
% ffmpeg_g -y -i tmp.flv -map 0 -c:v zmbv -c:s:3 ayuv -disposition:v:109
dpx -disposition:s pcm_mulaw -r 6 -ab 945 -ac 3 -level 37 tmp_.loas
ffmpeg version : N-94163-g664a27ea40
built with clang version 9.0.0
}}}
In the code, varible 'norm_fac' is zero.
{{{
795 if (pe < 1.15f * desired_pe) {
796 /* 6.6.1.3.6 "Final threshold modification by
linearization" */
797 norm_fac = 1.0f / norm_fac;
798 for (w = 0; w < wi->num_windows*16; w += 16) {
799 for (g = 0; g < num_bands; g++) {
800 AacPsyBand *band = &pch->band[w+g];
801
802 if (band->active_lines > 0.5f) {
803 float delta_sfb_pe = band->norm_fac *
norm_fac * delta_pe;
804 float thr = band->thr;
805
806 thr *= exp2f(delta_sfb_pe /
band->active_lines);
807 if (thr > coeffs[g].min_snr * band->energy &&
band->avoid_holes == PSY_3GPP_AH
808 thr = FFMAX(band->thr, coeffs[g].min_snr
* band->energy);
809 band->thr = thr;
810 }
811 }
812 }
}}}
--
Ticket URL: <https://trac.ffmpeg.org/ticket/7995>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list