virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

flac: fix infinite loops on all-zero input or end-of-stream.

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This commit is contained in:
Ronald S. Bultje 2012-02-15 09:52:11 -08:00
parent b4027d9749
commit 52e4018be4
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
libavcodec/flacdec.c
View File

@ -422,7 +422,16 @@ static inline int decode_subframe(FLACContext *s, int channel)
type = get_bits(&s->gb, 6); type = get_bits(&s->gb, 6);
if (get_bits1(&s->gb)) { if (get_bits1(&s->gb)) {
int left = get_bits_left(&s->gb);
wasted = 1; wasted = 1;
if ( left < 0 ||
(left < s->curr_bps && !show_bits_long(&s->gb, left)) ||
!show_bits_long(&s->gb, s->curr_bps)) {
av_log(s->avctx, AV_LOG_ERROR,
"Invalid number of wasted bits > available bits (%d) - left=%d\n",
s->curr_bps, left);
return AVERROR_INVALIDDATA;
}
while (!get_bits1(&s->gb)) while (!get_bits1(&s->gb))
wasted++; wasted++;
s->curr_bps -= wasted; s->curr_bps -= wasted;

2
libavcodec/golomb.h
View File

@ -301,7 +301,7 @@ static inline int get_ur_golomb_jpegls(GetBitContext *gb, int k, int limit, int
return buf; return buf;
}else{ }else{
int i; int i;
for(i=0; SHOW_UBITS(re, gb, 1) == 0; i++){ for (i = 0; i < limit && SHOW_UBITS(re, gb, 1) == 0; i++) {
LAST_SKIP_BITS(re, gb, 1); LAST_SKIP_BITS(re, gb, 1);
UPDATE_CACHE(re, gb); UPDATE_CACHE(re, gb);
} }