eac3: add support for dependent stream

James Almer Thu, 29 Mar 2018 19:58:57 -0700

On 3/28/2018 3:59 PM, Paul B Mahol wrote:
> Signed-off-by: Paul B Mahol <one...@gmail.com>
> ---
>  libavcodec/aac_ac3_parser.c |   9 ++-
>  libavcodec/ac3_parser.c     |   2 +-
>  libavcodec/ac3dec.c         | 177 
> +++++++++++++++++++++++++++++++++++---------
>  libavcodec/ac3dec.h         |  10 ++-
>  libavcodec/eac3dec.c        |  11 +--
>  tests/ref/fate/ts-demux     |   2 +-
>  tests/ref/seek/lavf-rm      |   6 +-
>  7 files changed, 164 insertions(+), 53 deletions(-)
>


> @@ -1463,14 +1483,17 @@ static int ac3_decode_frame(AVCodecContext * avctx, 
> void *data,
>  {
>      AVFrame *frame     = data;
>      const uint8_t *buf = avpkt->data;
> -    int buf_size = avpkt->size;
> +    int buf_size, full_buf_size = avpkt->size;
>      AC3DecodeContext *s = avctx->priv_data;
> -    int blk, ch, err, ret;
> +    int blk, ch, err, offset, ret;
> +    int got_independent_frame = 0;
>      const uint8_t *channel_map;
> +    uint8_t extended_channel_map[AC3_MAX_CHANNELS * 2];

AC3_MAX_CHANNELS is 7

[...]

> +    for (ch = 0; ch < 16; ch++)
> +        extended_channel_map[ch] = ch;

Which means an out of array access takes place here.

This is making all ac3 and eac3 tests crash with SIGABRT on Linux GCC
when -fstack-protector is enabled (which is on by default).

http://fate.ffmpeg.org/report.cgi?time=20180329202433&slot=x86_64-archlinux-gcc-threads-auto

[...]

> @@ -239,11 +242,12 @@ typedef struct AC3DecodeContext {
>  ///@name Aligned arrays
>      DECLARE_ALIGNED(16, int,   
> fixed_coeffs)[AC3_MAX_CHANNELS][AC3_MAX_COEFS];       ///< fixed-point 
> transform coefficients
>      DECLARE_ALIGNED(32, INTFLOAT, 
> transform_coeffs)[AC3_MAX_CHANNELS][AC3_MAX_COEFS];   ///< transform 
> coefficients
> -    DECLARE_ALIGNED(32, INTFLOAT, delay)[AC3_MAX_CHANNELS][AC3_BLOCK_SIZE];  
>            ///< delay - added to the next block
> +    DECLARE_ALIGNED(32, INTFLOAT, delay)[2 * 
> AC3_MAX_CHANNELS][AC3_BLOCK_SIZE];         ///< delay - added to the next 
> block
>      DECLARE_ALIGNED(32, INTFLOAT, window)[AC3_BLOCK_SIZE];                   
>            ///< window coefficients
>      DECLARE_ALIGNED(32, INTFLOAT, tmp_output)[AC3_BLOCK_SIZE];               
>            ///< temporary storage for output before windowing
> -    DECLARE_ALIGNED(32, SHORTFLOAT, 
> output)[AC3_MAX_CHANNELS][AC3_BLOCK_SIZE];            ///< output after imdct 
> transform and windowing
> +    DECLARE_ALIGNED(32, SHORTFLOAT, output)[2 * 
> AC3_MAX_CHANNELS][AC3_BLOCK_SIZE];            ///< output after imdct 
> transform and windowing
>      DECLARE_ALIGNED(32, uint8_t, input_buffer)[AC3_FRAME_BUFFER_SIZE + 
> AV_INPUT_BUFFER_PADDING_SIZE]; ///< temp buffer to prevent overread
> +    DECLARE_ALIGNED(32, SHORTFLOAT, output_buffer)[2 * 
> AC3_MAX_CHANNELS][AC3_BLOCK_SIZE * 6];  ///< final output buffer

Not sure if the same happens with these, but better make sure.

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH 1/2] avcodec/eac3: add support for dependent stream

Reply via email to