1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2025-01-24 13:56:33 +02:00

check values more thoroughly in vorbis_header()

Originally committed as revision 10707 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Måns Rullgård 2007-10-10 22:59:36 +00:00
parent 739587bf04
commit 736e63edc8

View File

@ -183,15 +183,32 @@ vorbis_header (AVFormatContext * s, int idx)
priv->packet[os->seq] = av_mallocz(os->psize); priv->packet[os->seq] = av_mallocz(os->psize);
memcpy(priv->packet[os->seq], os->buf + os->pstart, os->psize); memcpy(priv->packet[os->seq], os->buf + os->pstart, os->psize);
if (os->buf[os->pstart] == 1) { if (os->buf[os->pstart] == 1) {
uint8_t *p = os->buf + os->pstart + 11; //skip up to the audio channels uint8_t *p = os->buf + os->pstart + 7; /* skip "\001vorbis" tag */
unsigned blocksize, bs0, bs1;
if (os->psize != 30) if (os->psize != 30)
return -1; return -1;
if (bytestream_get_le32(&p) != 0) /* vorbis_version */
return -1;
st->codec->channels = bytestream_get_byte(&p); st->codec->channels = bytestream_get_byte(&p);
st->codec->sample_rate = bytestream_get_le32(&p); st->codec->sample_rate = bytestream_get_le32(&p);
p += 4; // skip maximum bitrate p += 4; // skip maximum bitrate
st->codec->bit_rate = bytestream_get_le32(&p); // nominal bitrate st->codec->bit_rate = bytestream_get_le32(&p); // nominal bitrate
p += 4; // skip minimum bitrate
blocksize = bytestream_get_byte(&p);
bs0 = blocksize & 15;
bs1 = blocksize >> 4;
if (bs0 > bs1)
return -1;
if (bs0 < 6 || bs1 > 13)
return -1;
if (bytestream_get_byte(&p) != 1) /* framing_flag */
return -1;
st->codec->codec_type = CODEC_TYPE_AUDIO; st->codec->codec_type = CODEC_TYPE_AUDIO;
st->codec->codec_id = CODEC_ID_VORBIS; st->codec->codec_id = CODEC_ID_VORBIS;