avfilter/af_headphone: Fix segfault when using very short streams

When the headphone filter does its processing in the time domain,
the lengths of the buffers involved are determined by three parameters,
only two of which are relevant here: ir_len and air_len. The former is
the length (in samples) of the longest HRIR input stream and the latter
is the smallest power-of-two bigger than ir_len.

Using optimized functions to calculate the convolution places
restrictions on the alignment of the length of the vectors whose scalar
product is calculated. Therefore said length, namely ir_len, is aligned
on 32; but the number of elements of the buffers used is given by air_len
and for ir_len < 16 a buffer overflow happens.

This commit fixes this by ensuring that air_len is always >= 32 if
processing happens in the time domain.

Reviewed-by: Paul B Mahol <onemda@gmail.com>
Signed-off-by: Andreas Rheinhardt <andreas.rheinhardt@gmail.com>

diff --git a/libavfilter/af_headphone.c b/libavfilter/af_headphone.c
index f488e0e28db9dd7f9956dddeb2cecb3c638b9ede..54b5dfec4c8dca121bbd6b94928773733cae9745 100644 (file)
--- a/libavfilter/af_headphone.c
+++ b/libavfilter/af_headphone.c
@@ -405,6 +405,9 @@ static int convert_coeffs(AVFilterContext *ctx, AVFilterLink *inlink)
     int i, j, k;
 
     s->air_len = 1 << (32 - ff_clz(ir_len));
+    if (s->type == TIME_DOMAIN) {
+        s->air_len = FFALIGN(s->air_len, 32);
+    }
     s->buffer_length = 1 << (32 - ff_clz(s->air_len));
     s->n_fft = n_fft = 1 << (32 - ff_clz(ir_len + s->size));