[FFmpeg-cvslog] avfilter/af_compand: fix invalid read

Andrew Kelley git at videolan.org
Tue Feb 25 20:00:40 CET 2014


ffmpeg | branch: master | Andrew Kelley <superjoe30 at gmail.com> | Tue Feb 25 04:37:26 2014 -0500| [9e329185d701f60412eb70c4ffbeb345bd459e82] | committer: Paul B Mahol

avfilter/af_compand: fix invalid read

Fixes #3383.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9e329185d701f60412eb70c4ffbeb345bd459e82
---

 libavfilter/af_compand.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/libavfilter/af_compand.c b/libavfilter/af_compand.c
index a2f2bb7..29332a4 100644
--- a/libavfilter/af_compand.c
+++ b/libavfilter/af_compand.c
@@ -46,6 +46,7 @@ typedef struct CompandContext {
     char *attacks, *decays, *points;
     CompandSegment *segments;
     ChanParam *channels;
+    int nb_segments;
     double in_min_lin;
     double out_min_lin;
     double curve_dB;
@@ -160,11 +161,11 @@ static double get_volume(CompandContext *s, double in_lin)
 
     in_log = log(in_lin);
 
-    for (i = 1;; i++)
-        if (in_log <= s->segments[i + 1].x)
+    for (i = 1; i < s->nb_segments; i++)
+        if (in_log <= s->segments[i].x)
             break;
 
-    cs = &s->segments[i];
+    cs = &s->segments[i - 1];
     in_log -= cs->x;
     out_log = cs->y + in_log * (cs->a * in_log + cs->b);
 
@@ -318,7 +319,8 @@ static int config_output(AVFilterLink *outlink)
     uninit(ctx);
 
     s->channels = av_mallocz_array(outlink->channels, sizeof(*s->channels));
-    s->segments = av_mallocz_array((nb_points + 4) * 2, sizeof(*s->segments));
+    s->nb_segments = (nb_points + 4) * 2;
+    s->segments = av_mallocz_array(s->nb_segments, sizeof(*s->segments));
 
     if (!s->channels || !s->segments)
         return AVERROR(ENOMEM);



More information about the ffmpeg-cvslog mailing list