diff options
| author | Michael Niedermayer <michaelni@gmx.at> | 2012-11-15 12:20:45 +0100 |
|---|---|---|
| committer | Michael Niedermayer <michaelni@gmx.at> | 2012-11-15 12:33:40 +0100 |
| commit | 17da2d9eee6bb3968522a2f1cdb54117260b6b7d (patch) | |
| tree | da799aff2f60a966e982abb9efdaa898e1190d57 /libswresample/resample_template.c | |
| parent | 0e482a8e49f34bd479b8436da9aee75455c9bcb7 (diff) | |
swr: reorder/redesign operations to avoid integer overflow.
This fixes a out of array read.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libswresample/resample_template.c')
| -rw-r--r-- | libswresample/resample_template.c | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/libswresample/resample_template.c b/libswresample/resample_template.c index ad840702ce..d519ec6b99 100644 --- a/libswresample/resample_template.c +++ b/libswresample/resample_template.c @@ -48,10 +48,16 @@ int RENAME(swri_resample)(ResampleContext *c, DELEM *dst, const DELEM *src, int index += dst_index * dst_incr; index += (frac + dst_index * (int64_t)dst_incr_frac) / c->src_incr; frac = (frac + dst_index * (int64_t)dst_incr_frac) % c->src_incr; + av_assert2(index >= 0); + *consumed= index >> c->phase_shift; + index &= c->phase_mask; }else if(compensation_distance == 0 && !c->linear && index >= 0){ + int sample_index = 0; for(dst_index=0; dst_index < dst_size; dst_index++){ - FELEM *filter= ((FELEM*)c->filter_bank) + c->filter_alloc*(index & c->phase_mask); - int sample_index= index >> c->phase_shift; + FELEM *filter; + sample_index += index >> c->phase_shift; + index &= c->phase_mask; + filter= ((FELEM*)c->filter_bank) + c->filter_alloc*index; if(sample_index + c->filter_length > src_size){ break; @@ -74,12 +80,17 @@ int RENAME(swri_resample)(ResampleContext *c, DELEM *dst, const DELEM *src, int index++; } } + *consumed = sample_index; }else{ + int sample_index = 0; for(dst_index=0; dst_index < dst_size; dst_index++){ - FELEM *filter= ((FELEM*)c->filter_bank) + c->filter_alloc*(index & c->phase_mask); - int sample_index= index >> c->phase_shift; + FELEM *filter; FELEM2 val=0; + sample_index += index >> c->phase_shift; + index &= c->phase_mask; + filter = ((FELEM*)c->filter_bank) + c->filter_alloc*index; + if(sample_index + c->filter_length > src_size || -sample_index >= src_size){ break; }else if(sample_index < 0){ @@ -113,9 +124,9 @@ int RENAME(swri_resample)(ResampleContext *c, DELEM *dst, const DELEM *src, int dst_incr= c->ideal_dst_incr / c->src_incr; } } + *consumed= FFMAX(sample_index, 0); + index += FFMIN(sample_index, 0) << c->phase_shift; } - *consumed= FFMAX(index, 0) >> c->phase_shift; - if(index>=0) index &= c->phase_mask; if(compensation_distance){ compensation_distance -= dst_index; |