generic-library/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Check for out of bound writes in the QDM2 decoder.

Browse Source 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 4a7876c6e4)
This commit is contained in:
Laurent Aimar
2011-10-01 00:45:05 +02:00
committed by Michael Niedermayer
parent e0fb22cea9
commit b08df314dc
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/qdm2.c
View File

@@ -1799,6 +1799,8 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx)
avctx->channels = s->nb_channels = s->channels = AV_RB32(extradata); avctx->channels = s->nb_channels = s->channels = AV_RB32(extradata);
extradata += 4; extradata += 4;
if (s->channels > MPA_MAX_CHANNELS)
return AVERROR_INVALIDDATA;
avctx->sample_rate = AV_RB32(extradata); avctx->sample_rate = AV_RB32(extradata);
extradata += 4; extradata += 4;
@@ -1820,6 +1822,8 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx)
// something like max decodable tones // something like max decodable tones
s->group_order = av_log2(s->group_size) + 1; s->group_order = av_log2(s->group_size) + 1;
s->frame_size = s->group_size / 16; // 16 iterations per super block s->frame_size = s->group_size / 16; // 16 iterations per super block
if (s->frame_size > FF_ARRAY_ELEMS(s->output_buffer) / 2)
return AVERROR_INVALIDDATA;
s->sub_sampling = s->fft_order - 7; s->sub_sampling = s->fft_order - 7;
s->frequency_range = 255 / (1 << (2 - s->sub_sampling)); s->frequency_range = 255 / (1 << (2 - s->sub_sampling));