virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

Revert "avcodec/adpcm_swf: support decoding multiple fixed-sized blocks at once"

Browse Source 
Is incorrect behaviour. Was covering for an encoder bug where it produced frames
of the wrong size.

This reverts commit e9dd73d30d.

Fixes: out of array write
Fixes: 26821/clusterfuzz-testcase-minimized-ffmpeg_AV_CODEC_ID_ADPCM_SWF_fuzzer-5764465137811456

Found-by: continuous fuzzing process https://github.com/google/oss-fuzz/tree/master/projects/ffmpeg

Signed-off-by: Zane van Iperen <zane@zanevaniperen.com>
This commit is contained in:
Zane van Iperen 2020-11-06 23:55:29 +10:00
parent 04b37b5d7f
commit 45d45c8ec5
No known key found for this signature in database
GPG Key ID: 68616B2D8AC4DCC5
1 changed files with 2 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
libavcodec/adpcm.c
View File

@ -880,7 +880,7 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb,
}
case AV_CODEC_ID_ADPCM_SWF:
{
int buf_bits = (avctx->block_align ? avctx->block_align : buf_size) * 8 - 2;
int buf_bits = buf_size * 8 - 2;
int nbits = (bytestream2_get_byte(gb) >> 6) + 2;
int block_hdr_size = 22 * ch;
int block_size = block_hdr_size + nbits * ch * 4095;
@ -889,9 +889,6 @@ static int get_nb_samples(AVCodecContext *avctx, GetByteContext *gb,
nb_samples = nblocks * 4096;
if (bits_left >= block_hdr_size)
nb_samples += 1 + (bits_left - block_hdr_size) / (nbits * ch);
if (avctx->block_align)
nb_samples *= buf_size / avctx->block_align;
break;
}
case AV_CODEC_ID_ADPCM_THP:
@ -1770,17 +1767,9 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
}
break;
case AV_CODEC_ID_ADPCM_SWF:
{
const int nb_blocks = avctx->block_align ? avpkt->size / avctx->block_align : 1;
const int block_size = avctx->block_align ? avctx->block_align : avpkt->size;
for (int block = 0; block < nb_blocks; block++) {
adpcm_swf_decode(avctx, buf + block * block_size, block_size, samples);
samples += nb_samples / nb_blocks;
}
adpcm_swf_decode(avctx, buf, buf_size, samples);
bytestream2_seek(&gb, 0, SEEK_END);
break;
}
case AV_CODEC_ID_ADPCM_YAMAHA:
for (n = nb_samples >> (1 - st); n > 0; n--) {
int v = bytestream2_get_byteu(&gb);