avfilter/af_alimiter: Check nextpos before use

Fixes: out of array read
Fixes: tickets/10744/poc11ffmpeg

Found-by: Li Zeyuan and Zeng Yunxiang.
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
(cherry picked from commit a88b06f9ee)
Signed-off-by: Michael Niedermayer <michael@niedermayer.cc>
This commit is contained in:
Michael Niedermayer 2023-12-22 21:49:48 +01:00
parent 5715c8ed18
commit e6d1ed99ae
No known key found for this signature in database
GPG Key ID: B18E8928B3948D64
1 changed files with 4 additions and 3 deletions

View File

@ -176,10 +176,11 @@ static int filter_frame(AVFilterLink *inlink, AVFrame *in)
} else {
for (i = s->nextiter; i < s->nextiter + s->nextlen; i++) {
int j = i % buffer_size;
double ppeak, pdelta;
double ppeak = 0, pdelta;
ppeak = fabs(buffer[nextpos[j]]) > fabs(buffer[nextpos[j] + 1]) ?
fabs(buffer[nextpos[j]]) : fabs(buffer[nextpos[j] + 1]);
if (nextpos[j] >= 0)
ppeak = fabs(buffer[nextpos[j]]) > fabs(buffer[nextpos[j] + 1]) ?
fabs(buffer[nextpos[j]]) : fabs(buffer[nextpos[j] + 1]);
pdelta = (limit / peak - limit / ppeak) / (((buffer_size - nextpos[j] + s->pos) % buffer_size) / channels);
if (pdelta < nextdelta[j]) {
nextdelta[j] = pdelta;