[FFmpeg-cvslog] avfilter/af_tremolo: fix heap-buffer overflow

Paul B Mahol git at videolan.org
Tue Sep 14 00:16:33 EEST 2021


ffmpeg | branch: release/4.1 | Paul B Mahol <onemda at gmail.com> | Sat Oct 19 19:34:47 2019 +0200| [3a9f384225cb6e5720d36d0b01dd446cfd6f1772] | committer: James Almer

avfilter/af_tremolo: fix heap-buffer overflow

Fixes #8317

(cherry picked from commit 58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144)
Signed-off-by: James Almer <jamrial at gmail.com>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=3a9f384225cb6e5720d36d0b01dd446cfd6f1772
---

 libavfilter/af_tremolo.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/libavfilter/af_tremolo.c b/libavfilter/af_tremolo.c
index 8cbc79892d..f55e8e2b09 100644
--- a/libavfilter/af_tremolo.c
+++ b/libavfilter/af_tremolo.c
@@ -28,6 +28,7 @@ typedef struct TremoloContext {
     double freq;
     double depth;
     double *table;
+    int table_size;
     int index;
 } TremoloContext;
 
@@ -72,7 +73,7 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
         dst += channels;
         src += channels;
         s->index++;
-        if (s->index >= inlink->sample_rate / s->freq)
+        if (s->index >= s->table_size)
             s->index = 0;
     }
 
@@ -125,11 +126,12 @@ static int config_input(AVFilterLink *inlink)
     const double offset = 1. - s->depth / 2.;
     int i;
 
-    s->table = av_malloc_array(inlink->sample_rate / s->freq, sizeof(*s->table));
+    s->table_size = inlink->sample_rate / s->freq;
+    s->table = av_malloc_array(s->table_size, sizeof(*s->table));
     if (!s->table)
         return AVERROR(ENOMEM);
 
-    for (i = 0; i < inlink->sample_rate / s->freq; i++) {
+    for (i = 0; i < s->table_size; i++) {
         double env = s->freq * i / inlink->sample_rate;
         env = sin(2 * M_PI * fmod(env + 0.25, 1.0));
         s->table[i] = env * (1 - fabs(offset)) + offset;



More information about the ffmpeg-cvslog mailing list