[FFmpeg-devel] [PATCH] lavfi/perlin: Fix out of bounds stack buffer write
Marvin Scholz
epirat07 at gmail.com
Tue Jul 2 21:38:00 EEST 2024
An incorrect calculation in ff_perlin_init causes a write to the
stack array at index 256, which is out of bounds.
Fixes: CID1608711
---
libavfilter/perlin.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libavfilter/perlin.c b/libavfilter/perlin.c
index 09bae7ad33..ffad8c1e4e 100644
--- a/libavfilter/perlin.c
+++ b/libavfilter/perlin.c
@@ -129,7 +129,7 @@ int ff_perlin_init(FFPerlin *perlin, double period, int octaves, double persiste
for (i = 0; i < 256; i++) {
unsigned int random_idx = av_lfg_get(&lfg) % (256-i);
uint8_t random_val = random_permutations[random_idx];
- random_permutations[random_idx] = random_permutations[256-i];
+ random_permutations[random_idx] = random_permutations[255-i];
perlin->permutations[i] = perlin->permutations[i+256] = random_val;
}
base-commit: e783e45e29e78616debba7f6d1fe6e54dc336496
--
2.39.3 (Apple Git-146)
More information about the ffmpeg-devel
mailing list