diff options
author | Peter DeLong <petersdelong@gmail.com> | 2022-08-21 18:00:58 -0400 |
---|---|---|
committer | sfan5 <sfan5@live.de> | 2022-09-23 18:15:00 +0200 |
commit | f46bbde5e62243e284da2ff051e7f245ce2901a8 (patch) | |
tree | a57047d4dfd2bacac82723aa8e7c5952528dcff9 | |
parent | e6c5d58d1ed95c503ec7261a3d85de32315192cf (diff) | |
download | mpv-f46bbde5e62243e284da2ff051e7f245ce2901a8.tar.bz2 mpv-f46bbde5e62243e284da2ff051e7f245ce2901a8.tar.xz |
af_scaletempo2: fix crash when the number of channels increases
When af_scaletempo2.c:process() detects a format change, it goes back
through mp_scaletempo2_init() to reinitialize everything. However,
mp_scaletempo2.input_buffer is not necessarily reallocated due to a
check in af_scaletempo2_internals.c:resize_input_buffer(). This is a
problem if the number of audio channels increases, since without
reallocating, the buffer for the new channel(s) will at best point to
NULL, and at worst uninitialized memory.
Since resize_input_buffer() is only called from two places, pull size
check out into mp_scaletempo2_fill_input_buffer(). This allows each
caller to decide whether they want to resize or not. We could be
smarter about when to reallocate, but that would add a lot of machinery
for a case I don't expect to be hit often in practice.
-rw-r--r-- | audio/filter/af_scaletempo2_internals.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/audio/filter/af_scaletempo2_internals.c b/audio/filter/af_scaletempo2_internals.c index d7c0677c45..6cfa540e93 100644 --- a/audio/filter/af_scaletempo2_internals.c +++ b/audio/filter/af_scaletempo2_internals.c @@ -472,10 +472,8 @@ static int frames_needed(struct mp_scaletempo2 *p) static void resize_input_buffer(struct mp_scaletempo2 *p, int size) { - if (size > p->input_buffer_size) { - p->input_buffer_size = size; - p->input_buffer = realloc_2d(p->input_buffer, p->channels, size); - } + p->input_buffer_size = size; + p->input_buffer = realloc_2d(p->input_buffer, p->channels, size); } int mp_scaletempo2_fill_input_buffer(struct mp_scaletempo2 *p, @@ -487,7 +485,8 @@ int mp_scaletempo2_fill_input_buffer(struct mp_scaletempo2 *p, if (total_fill == 0) return 0; int required_size = total_fill + p->input_buffer_frames; - resize_input_buffer(p, required_size); + if (required_size > p->input_buffer_size) + resize_input_buffer(p, required_size); for (int i = 0; i < p->channels; ++i) { memcpy(p->input_buffer[i] + p->input_buffer_frames, |