[FFmpeg-devel] [PATCH 6/6] avfilter/af_surround: Check av_channel_layout_channel_from_index() stays within the fixed array used
Andreas Rheinhardt
andreas.rheinhardt at outlook.com
Sun Jul 7 22:12:06 EEST 2024
Andreas Rheinhardt:
> Michael Niedermayer:
>> Fixes: CID1516994 Out-of-bounds access
>> Fixes: CID1516996 Out-of-bounds access
>> Fixes: CID1516999 Out-of-bounds access
>>
>> Sponsored-by: Sovereign Tech Fund
>> Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
>> ---
>> libavfilter/af_surround.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/libavfilter/af_surround.c b/libavfilter/af_surround.c
>> index e37dddc3614..fab39a37ea9 100644
>> --- a/libavfilter/af_surround.c
>> +++ b/libavfilter/af_surround.c
>> @@ -269,6 +269,9 @@ static int config_output(AVFilterLink *outlink)
>>
>> for (int ch = 0; ch < outlink->ch_layout.nb_channels; ch++) {
>> float iscale = 1.f;
>> + const int chan = av_channel_layout_channel_from_index(&s->out_ch_layout, ch);
>> + if (chan >= FF_ARRAY_ELEMS(sc_map))
>> + return AVERROR_PATCHWELCOME;
>>
>> ret = av_tx_init(&s->irdft[ch], &s->itx_fn, AV_TX_FLOAT_RDFT,
>> 1, s->win_size, &iscale, 0);
>
> Can this happen?
>
Apart from that: I think you are mistaken when you believe that this
will "fix" the issue. Coverity will not think that these issues are
fixed even with this check.
- Andreas
More information about the ffmpeg-devel
mailing list