mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
aacsbr: prevent out of bounds memcpy().
Fixes Libav Bug 195. This doesn't make the code handle sample rate or upsample/downsample change properly but this is still a good sanity check. Based on change by Michael Niedermayer. Signed-off-by: Alex Converse <alex.converse@gmail.com>
This commit is contained in:
Alex Converse
parent
4556ebfb7d
commit
17ce52912f
@ -1181,14 +1181,15 @@ static void sbr_qmf_synthesis(DSPContext *dsp, FFTContext *mdct,
|
|||||||
{
|
{
|
||||||
int i, n;
|
int i, n;
|
||||||
const float *sbr_qmf_window = div ? sbr_qmf_window_ds : sbr_qmf_window_us;
|
const float *sbr_qmf_window = div ? sbr_qmf_window_ds : sbr_qmf_window_us;
|
||||||
|
const int step = 128 >> div;
|
||||||
float *v;
|
float *v;
|
||||||
for (i = 0; i < 32; i++) {
|
for (i = 0; i < 32; i++) {
|
||||||
if (*v_off == 0) {
|
if (*v_off < step) {
|
||||||
int saved_samples = (1280 - 128) >> div;
|
int saved_samples = (1280 - 128) >> div;
|
||||||
memcpy(&v0[SBR_SYNTHESIS_BUF_SIZE - saved_samples], v0, saved_samples * sizeof(float));
|
memcpy(&v0[SBR_SYNTHESIS_BUF_SIZE - saved_samples], v0, saved_samples * sizeof(float));
|
||||||
*v_off = SBR_SYNTHESIS_BUF_SIZE - saved_samples - (128 >> div);
|
*v_off = SBR_SYNTHESIS_BUF_SIZE - saved_samples - step;
|
||||||
} else {
|
} else {
|
||||||
*v_off -= 128 >> div;
|
*v_off -= step;
|
||||||
}
|
}
|
||||||
v = v0 + *v_off;
|
v = v0 + *v_off;
|
||||||
if (div) {
|
if (div) {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user