virtualenv/FFmpeg
1
0
Fork 0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00
Code Issues Releases Activity

avcodec/aacdec: Fix pulse position checks in decode_pulses()

Browse Source 
Fixes out of array read
Fixes: asan_static-oob_1efed25_1887_cov_2013541199_HeyYa_RA10_AAC_192K_30s.rm
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2014-02-03 05:04:42 +01:00
parent 4d7d9a5782
commit 6e42ccb9db
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libavcodec/aacdec.c
View File

@ -1426,12 +1426,12 @@ static int decode_pulses(Pulse *pulse, GetBitContext *gb,
return -1; return -1;
pulse->pos[0] = swb_offset[pulse_swb]; pulse->pos[0] = swb_offset[pulse_swb];
pulse->pos[0] += get_bits(gb, 5); pulse->pos[0] += get_bits(gb, 5);
if (pulse->pos[0] > 1023) if (pulse->pos[0] >= swb_offset[num_swb])
return -1; return -1;
pulse->amp[0] = get_bits(gb, 4); pulse->amp[0] = get_bits(gb, 4);
for (i = 1; i < pulse->num_pulse; i++) { for (i = 1; i < pulse->num_pulse; i++) {
pulse->pos[i] = get_bits(gb, 5) + pulse->pos[i - 1]; pulse->pos[i] = get_bits(gb, 5) + pulse->pos[i - 1];
if (pulse->pos[i] > 1023) if (pulse->pos[i] >= swb_offset[num_swb])
return -1; return -1;
pulse->amp[i] = get_bits(gb, 4); pulse->amp[i] = get_bits(gb, 4);
} }