[Mplayer-advusers] AAC audio buffer overflow/crash
Urpala Uoti
urpala at ee.tut.fi
Mon Jan 26 03:52:01 CET 2004
Mplayer crashes when playing a matroska file containing 6-channel
audio, codec ID A_AAC/MPEG4/LC/SBR. Line 218 in libmpcodecs/ad_faad.c,
memcpy(buf+len,faac_sample_buffer, sh->samplesize*faac_finfo.samples);
writes beyond the end of the allocated buffer.
I believe the error is that line 45 in ad_faad.c,
sh->audio_out_minsize=2048*FAAD_MAX_CHANNELS;
should specify a larger value. I assume that 2048 comes from 1024
samples of 16-bit audio. However, apparently libfaad can return twice
that many samples with SBR ("hInfo->samples *= 2;", line 1147 in
libfaad2/decoder.c). Making audio_out_minsize twice as large fixes the
problem for my test file.
ad_faad.c also seems to have support for output formats larger than
16-bit, maybe the buffer should be larger still to take those into
account? (I haven't studied the code enough to tell whether that's
needed).
More information about the MPlayer-advusers
mailing list