virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-13 21:28:01 +02:00
Code Issues Releases Activity

wmalosslessdec: increase channel_coeffs/residues size

Browse Source 
Fixes CVE-2012-2792

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This commit is contained in:
Anton Khirnov 2012-09-29 08:40:42 +02:00
parent 4a969030e4
commit 065b3a1cfa
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/wmalosslessdec.c
View File

@ -23,6 +23,8 @@
*/ */
#include "libavutil/attributes.h" #include "libavutil/attributes.h"
#include "libavutil/avassert.h"
#include "avcodec.h" #include "avcodec.h"
#include "internal.h" #include "internal.h"
#include "get_bits.h" #include "get_bits.h"
@ -158,14 +160,14 @@ typedef struct WmallDecodeCtx {
int ave_sum[2]; int ave_sum[2];
int channel_residues[2][2048]; int channel_residues[2][WMALL_BLOCK_MAX_SIZE];
int lpc_coefs[2][40]; int lpc_coefs[2][40];
int lpc_order; int lpc_order;
int lpc_scaling; int lpc_scaling;
int lpc_intbits; int lpc_intbits;
int channel_coeffs[2][2048]; int channel_coeffs[2][WMALL_BLOCK_MAX_SIZE];
} WmallDecodeCtx; } WmallDecodeCtx;
@ -215,6 +217,7 @@ static av_cold int decode_init(AVCodecContext *avctx)
/* get frame len */ /* get frame len */
s->samples_per_frame = 1 << ff_wma_get_frame_len_bits(avctx->sample_rate, s->samples_per_frame = 1 << ff_wma_get_frame_len_bits(avctx->sample_rate,
3, s->decode_flags); 3, s->decode_flags);
av_assert0(s->samples_per_frame <= WMALL_BLOCK_MAX_SIZE);
/* init previous block len */ /* init previous block len */
for (i = 0; i < avctx->channels; i++) for (i = 0; i < avctx->channels; i++)