| commit | 95e81df132e3dbc555974d125e56ae701a0f6968 | |
| author | wm4 <wm4@nowhere> | |
| Sun, 26 Aug 2012 19:40:54 +0000 (26 21:40 +0200) | ||
| committer | Uoti Urpala <uau@mplayer2.org> | |
| Mon, 27 Aug 2012 21:18:09 +0000 (28 00:18 +0300) | ||
| tree | 1fdb4a3d80229ba11aa9f6c99577929493e7d8c5 | treesnapshot (tar.gz zip) |
| parent | 8fdc298fdc1fc2d52a4b7f08629404f9d6c8b94d | commitdiff |
af_scaletempo: fix crash after channel reconfiguration
af_scaletempo could crash if the audio format was changed with
AF_CONTROL_REINIT while the filter was active. In a test case this
happened when audio channels were reconfigured from 6 channels to 2
and playback speed was set to 2. The problem is that reinitialization
does not properly reset filter state. Thus the amount of buffered
audio can be larger than the new maximum buffer size, i.e. the
invariant bytes_queued <= bytes_queue is violated. As a result, memcpy
is called with a negative size.
Fix this by resetting the buffer length when reconfiguring (set the
bytes_queued variable to 0). Also reset some other state for clarity
and robustness, although these changes aren't strictly needed for
avoiding the actual crash.
This may also get rid of some noise played after reinitialization,
caused by using the old buffer contents which were now in the wrong
audio format.
af_scaletempo could crash if the audio format was changed with
AF_CONTROL_REINIT while the filter was active. In a test case this
happened when audio channels were reconfigured from 6 channels to 2
and playback speed was set to 2. The problem is that reinitialization
does not properly reset filter state. Thus the amount of buffered
audio can be larger than the new maximum buffer size, i.e. the
invariant bytes_queued <= bytes_queue is violated. As a result, memcpy
is called with a negative size.
Fix this by resetting the buffer length when reconfiguring (set the
bytes_queued variable to 0). Also reset some other state for clarity
and robustness, although these changes aren't strictly needed for
avoiding the actual crash.
This may also get rid of some noise played after reinitialization,
caused by using the old buffer contents which were now in the wrong
audio format.
| libaf/af_scaletempo.c | diffblobblamehistory |