mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
mp3dec: Fix possibly exploitable crash
I was sadly unable to find a non fuzzed mp3 that uses the
feature that contained the bug (and i searched hard ...), thus
while this fixes the security issue. It may or may not fix
mixed blocks in 8khz mp3s, i cant say due to lack of samples to test.
Security issue exists since: b37d945dd4
Reported-by: Dale Curtis <dalecurtis@google.com>
(Probably) Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
parent
13f0cd681e
commit
94041febc5
@ -213,7 +213,7 @@ static void ff_compute_band_indexes(MPADecodeContext *s, GranuleDef *g)
|
|||||||
else
|
else
|
||||||
g->long_end = 6;
|
g->long_end = 6;
|
||||||
|
|
||||||
g->short_start = 2 + (s->sample_rate_index != 8);
|
g->short_start = 3;
|
||||||
} else {
|
} else {
|
||||||
g->long_end = 0;
|
g->long_end = 0;
|
||||||
g->short_start = 0;
|
g->short_start = 0;
|
||||||
|
Loading…
Reference in New Issue
Block a user