diff options
| author | Miguel Freitas <miguelfreitas@users.sourceforge.net> | 2007-01-28 18:38:32 +0000 |
|---|---|---|
| committer | Miguel Freitas <miguelfreitas@users.sourceforge.net> | 2007-01-28 18:38:32 +0000 |
| commit | 7c3728d769962d288b73cc945c3143ae68726984 (patch) | |
| tree | 36f762f4ce762a77ed0333711f628c40ba1a0f98 /src/libffmpeg/libavcodec/flac.c | |
| parent | 9add5e858c10b369eb44fe7ab618efb37eb3c585 (diff) | |
| download | xine-lib-7c3728d769962d288b73cc945c3143ae68726984.tar.gz xine-lib-7c3728d769962d288b73cc945c3143ae68726984.tar.bz2 | |
another ffmpeg sync to include h264 security fixes
CVS patchset: 8573
CVS date: 2007/01/28 18:38:32
Diffstat (limited to 'src/libffmpeg/libavcodec/flac.c')
| -rw-r--r-- | src/libffmpeg/libavcodec/flac.c | 14 |
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libffmpeg/libavcodec/flac.c b/src/libffmpeg/libavcodec/flac.c index 6c64ad0a1..1016ed47f 100644 --- a/src/libffmpeg/libavcodec/flac.c +++ b/src/libffmpeg/libavcodec/flac.c @@ -225,6 +225,10 @@ static int decode_residuals(FLACContext *s, int channel, int pred_order) rice_order = get_bits(&s->gb, 4); samples= s->blocksize >> rice_order; + if (pred_order > samples) { + av_log(s->avctx, AV_LOG_ERROR, "invalid predictor order: %i > %i\n", pred_order, samples); + return -1; + } sample= i= pred_order; @@ -454,7 +458,7 @@ static inline int decode_subframe(FLACContext *s, int channel) return 0; } -static int decode_frame(FLACContext *s) +static int decode_frame(FLACContext *s, int alloc_data_size) { int blocksize_code, sample_rate_code, sample_size_code, assignment, i, crc8; int decorrelation, bps, blocksize, samplerate; @@ -516,6 +520,9 @@ static int decode_frame(FLACContext *s) return -1; } + if(blocksize * s->channels * sizeof(int16_t) > alloc_data_size) + return -1; + if (sample_rate_code == 0){ samplerate= s->samplerate; }else if ((sample_rate_code > 3) && (sample_rate_code < 12)) @@ -579,6 +586,9 @@ static int flac_decode_frame(AVCodecContext *avctx, FLACContext *s = avctx->priv_data; int tmp = 0, i, j = 0, input_buf_size = 0; int16_t *samples = data; + int alloc_data_size= *data_size; + + *data_size=0; if(s->max_framesize == 0){ s->max_framesize= 65536; // should hopefully be enough for the first header @@ -617,7 +627,7 @@ static int flac_decode_frame(AVCodecContext *avctx, goto end; // we may not have enough bits left to decode a frame, so try next time } skip_bits(&s->gb, 16); - if (decode_frame(s) < 0){ + if (decode_frame(s, alloc_data_size) < 0){ av_log(s->avctx, AV_LOG_ERROR, "decode_frame() failed\n"); s->bitstream_size=0; s->bitstream_index=0; |