#7995 closed defect (duplicate)
Division by zero at libavcodec/aacpsy.c:797:29
Reported by: | Suhwan | Owned by: | |
---|---|---|---|
Priority: | normal | Component: | undetermined |
Version: | git-master | Keywords: | ubsan asan |
Cc: | Michael Niedermayer | Blocked By: | |
Blocking: | Reproduced by developer: | no | |
Analyzed by developer: | no |
Description
Summary of the bug:
There's division by zero at libavcodec/aacpsy.c:797:29 and also this triggers heap buffer overflow
How to reproduce:
% ffmpeg_g -y -i tmp.flv -map 0 -c:v zmbv -c:s:3 ayuv -disposition:v:109 dpx -disposition:s pcm_mulaw -r 6 -ab 945 -ac 3 -level 37 tmp_.loas ffmpeg version : N-94163-g664a27ea40 built with clang version 9.0.0
In the code, varible 'norm_fac' is zero.
795 if (pe < 1.15f * desired_pe) { 796 /* 6.6.1.3.6 "Final threshold modification by linearization" */ 797 norm_fac = 1.0f / norm_fac; 798 for (w = 0; w < wi->num_windows*16; w += 16) { 799 for (g = 0; g < num_bands; g++) { 800 AacPsyBand *band = &pch->band[w+g]; 801 802 if (band->active_lines > 0.5f) { 803 float delta_sfb_pe = band->norm_fac * norm_fac * delta_pe; 804 float thr = band->thr; 805 806 thr *= exp2f(delta_sfb_pe / band->active_lines); 807 if (thr > coeffs[g].min_snr * band->energy && band->avoid_holes == PSY_3GPP_AH 808 thr = FFMAX(band->thr, coeffs[g].min_snr * band->energy); 809 band->thr = thr; 810 } 811 } 812 }
Attachments (2)
Change History (5)
by , 5 years ago
Attachment: | gdb_log_7995 added |
---|
by , 5 years ago
comment:2 by , 4 years ago
Cc: | added |
---|---|
Resolution: | → duplicate |
Status: | new → closed |
The out of array access is a duplicate of #7980
There is no integer division by 0. Floating point divisions by 0 is not a bug as such.
comment:3 by , 4 years ago
I will post a patch to ffmpeg-devel to avoid the floating point division.
Note:
See TracTickets
for help on using tickets.