From 92465a2347d959cbd9864b017a39b2a4ab9313ff Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Wed, 13 Jan 2016 22:33:59 +0100 Subject: [PATCH] avcodec/aacenc: Check for +-Inf too Fixes out of array read Fixes: 04442da73d935b776d2236282588d4f9/signal_sigsegv_2625a69_8790_ae85ffc889070663319b3417ede777b0.mov Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer --- libavcodec/aacenc.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c index 2a3fc6e1c4..9a7d3a8c4b 100644 --- a/libavcodec/aacenc.c +++ b/libavcodec/aacenc.c @@ -606,16 +606,16 @@ static int aac_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, s->mdct1024.mdct_calc(&s->mdct1024, sce->lcoeffs, sce->ret_buf); } - if (isnan(cpe->ch->coeffs[0]) || - isnan(cpe->ch->coeffs[ 128]) || - isnan(cpe->ch->coeffs[2*128]) || - isnan(cpe->ch->coeffs[3*128]) || - isnan(cpe->ch->coeffs[4*128]) || - isnan(cpe->ch->coeffs[5*128]) || - isnan(cpe->ch->coeffs[6*128]) || - isnan(cpe->ch->coeffs[7*128]) + if (isnan(cpe->ch->coeffs[ 0]) || isinf(cpe->ch->coeffs[ 0]) || + isnan(cpe->ch->coeffs[ 128]) || isinf(cpe->ch->coeffs[ 128]) || + isnan(cpe->ch->coeffs[2*128]) || isinf(cpe->ch->coeffs[2*128]) || + isnan(cpe->ch->coeffs[3*128]) || isinf(cpe->ch->coeffs[3*128]) || + isnan(cpe->ch->coeffs[4*128]) || isinf(cpe->ch->coeffs[4*128]) || + isnan(cpe->ch->coeffs[5*128]) || isinf(cpe->ch->coeffs[5*128]) || + isnan(cpe->ch->coeffs[6*128]) || isinf(cpe->ch->coeffs[6*128]) || + isnan(cpe->ch->coeffs[7*128]) || isinf(cpe->ch->coeffs[7*128]) ) { - av_log(avctx, AV_LOG_ERROR, "Input contains NaN\n"); + av_log(avctx, AV_LOG_ERROR, "Input contains NaN/+-Inf\n"); return AVERROR(EINVAL); } avoid_clipping(s, sce);