[FFmpeg-devel] [PATCH 1/2] avcodec/eac3: add support for dependent stream
James Almer
jamrial at gmail.com
Fri Mar 30 05:58:15 EEST 2018
On 3/28/2018 3:59 PM, Paul B Mahol wrote:
> Signed-off-by: Paul B Mahol <onemda at gmail.com>
> ---
> libavcodec/aac_ac3_parser.c | 9 ++-
> libavcodec/ac3_parser.c | 2 +-
> libavcodec/ac3dec.c | 177 +++++++++++++++++++++++++++++++++++---------
> libavcodec/ac3dec.h | 10 ++-
> libavcodec/eac3dec.c | 11 +--
> tests/ref/fate/ts-demux | 2 +-
> tests/ref/seek/lavf-rm | 6 +-
> 7 files changed, 164 insertions(+), 53 deletions(-)
>
> @@ -1463,14 +1483,17 @@ static int ac3_decode_frame(AVCodecContext * avctx, void *data,
> {
> AVFrame *frame = data;
> const uint8_t *buf = avpkt->data;
> - int buf_size = avpkt->size;
> + int buf_size, full_buf_size = avpkt->size;
> AC3DecodeContext *s = avctx->priv_data;
> - int blk, ch, err, ret;
> + int blk, ch, err, offset, ret;
> + int got_independent_frame = 0;
> const uint8_t *channel_map;
> + uint8_t extended_channel_map[AC3_MAX_CHANNELS * 2];
AC3_MAX_CHANNELS is 7
[...]
> + for (ch = 0; ch < 16; ch++)
> + extended_channel_map[ch] = ch;
Which means an out of array access takes place here.
This is making all ac3 and eac3 tests crash with SIGABRT on Linux GCC
when -fstack-protector is enabled (which is on by default).
http://fate.ffmpeg.org/report.cgi?time=20180329202433&slot=x86_64-archlinux-gcc-threads-auto
[...]
> @@ -239,11 +242,12 @@ typedef struct AC3DecodeContext {
> ///@name Aligned arrays
> DECLARE_ALIGNED(16, int, fixed_coeffs)[AC3_MAX_CHANNELS][AC3_MAX_COEFS]; ///< fixed-point transform coefficients
> DECLARE_ALIGNED(32, INTFLOAT, transform_coeffs)[AC3_MAX_CHANNELS][AC3_MAX_COEFS]; ///< transform coefficients
> - DECLARE_ALIGNED(32, INTFLOAT, delay)[AC3_MAX_CHANNELS][AC3_BLOCK_SIZE]; ///< delay - added to the next block
> + DECLARE_ALIGNED(32, INTFLOAT, delay)[2 * AC3_MAX_CHANNELS][AC3_BLOCK_SIZE]; ///< delay - added to the next block
> DECLARE_ALIGNED(32, INTFLOAT, window)[AC3_BLOCK_SIZE]; ///< window coefficients
> DECLARE_ALIGNED(32, INTFLOAT, tmp_output)[AC3_BLOCK_SIZE]; ///< temporary storage for output before windowing
> - DECLARE_ALIGNED(32, SHORTFLOAT, output)[AC3_MAX_CHANNELS][AC3_BLOCK_SIZE]; ///< output after imdct transform and windowing
> + DECLARE_ALIGNED(32, SHORTFLOAT, output)[2 * AC3_MAX_CHANNELS][AC3_BLOCK_SIZE]; ///< output after imdct transform and windowing
> DECLARE_ALIGNED(32, uint8_t, input_buffer)[AC3_FRAME_BUFFER_SIZE + AV_INPUT_BUFFER_PADDING_SIZE]; ///< temp buffer to prevent overread
> + DECLARE_ALIGNED(32, SHORTFLOAT, output_buffer)[2 * AC3_MAX_CHANNELS][AC3_BLOCK_SIZE * 6]; ///< final output buffer
Not sure if the same happens with these, but better make sure.
More information about the ffmpeg-devel
mailing list