diff --git a/libavcodec/dca_parser.c b/libavcodec/dca_parser.c index 4a3d8125bf..e233f50cfb 100644 --- a/libavcodec/dca_parser.c +++ b/libavcodec/dca_parser.c @@ -60,10 +60,12 @@ static int dca_find_frame_end(DCAParseContext * pc1, const uint8_t * buf, if (IS_MARKER(state, i, buf, buf_size)) { if (pc1->lastmarker && state == pc1->lastmarker) { start_found = 1; + i++; break; } else if (!pc1->lastmarker) { start_found = 1; pc1->lastmarker = state; + i++; break; } } @@ -78,9 +80,6 @@ static int dca_find_frame_end(DCAParseContext * pc1, const uint8_t * buf, if (state == pc1->lastmarker && IS_MARKER(state, i, buf, buf_size)) { if(pc1->framesize > pc1->size) continue; - if(!pc1->framesize){ - pc1->framesize = pc1->hd_pos ? pc1->hd_pos : pc1->size; - } pc->frame_start_found = 0; pc->state = -1; pc1->size = 0; @@ -102,7 +101,7 @@ static av_cold int dca_parse_init(AVCodecParserContext * s) } static int dca_parse_params(const uint8_t *buf, int buf_size, int *duration, - int *sample_rate) + int *sample_rate, int *framesize) { GetBitContext gb; uint8_t hdr[12 + FF_INPUT_BUFFER_PADDING_SIZE] = { 0 }; @@ -122,7 +121,11 @@ static int dca_parse_params(const uint8_t *buf, int buf_size, int *duration, return AVERROR_INVALIDDATA; *duration = 256 * (sample_blocks / 8); - skip_bits(&gb, 20); + *framesize = get_bits(&gb, 14) + 1; + if (*framesize < 95) + return AVERROR_INVALIDDATA; + + skip_bits(&gb, 6); sr_code = get_bits(&gb, 4); *sample_rate = avpriv_dca_sample_rates[sr_code]; if (*sample_rate == 0) @@ -153,7 +156,7 @@ static int dca_parse(AVCodecParserContext * s, } /* read the duration and sample rate from the frame header */ - if (!dca_parse_params(buf, buf_size, &duration, &sample_rate)) { + if (!dca_parse_params(buf, buf_size, &duration, &sample_rate, &pc1->framesize)) { s->duration = duration; avctx->sample_rate = sample_rate; } else