virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-08-15 14:13:16 +02:00
Code Issues Releases Activity

Check for out of bound writes in the QDM2 decoder.

Browse Source 
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Laurent Aimar
2011-10-01 00:45:05 +02:00
committed by Michael Niedermayer
parent 491eaf35ae
commit 4a7876c6e4
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/qdm2.c
View File

@@ -1800,6 +1800,8 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx)
avctx->channels = s->nb_channels = s->channels = AV_RB32(extradata); avctx->channels = s->nb_channels = s->channels = AV_RB32(extradata);
extradata += 4; extradata += 4;
if (s->channels > MPA_MAX_CHANNELS)
return AVERROR_INVALIDDATA;
avctx->sample_rate = AV_RB32(extradata); avctx->sample_rate = AV_RB32(extradata);
extradata += 4; extradata += 4;
@@ -1821,6 +1823,8 @@ static av_cold int qdm2_decode_init(AVCodecContext *avctx)
// something like max decodable tones // something like max decodable tones
s->group_order = av_log2(s->group_size) + 1; s->group_order = av_log2(s->group_size) + 1;
s->frame_size = s->group_size / 16; // 16 iterations per super block s->frame_size = s->group_size / 16; // 16 iterations per super block
if (s->frame_size > FF_ARRAY_ELEMS(s->output_buffer) / 2)
return AVERROR_INVALIDDATA;
s->sub_sampling = s->fft_order - 7; s->sub_sampling = s->fft_order - 7;
s->frequency_range = 255 / (1 << (2 - s->sub_sampling)); s->frequency_range = 255 / (1 << (2 - s->sub_sampling));