1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

mp3dec: Fix possibly exploitable crash

I was sadly unable to find a non fuzzed mp3 that uses the
feature that contained the bug (and i searched hard ...), thus
while this fixes the security issue. It may or may not fix
mixed blocks in 8khz mp3s, i cant say due to lack of samples to test.

Security issue exists since: b37d945dd4

Reported-by: Dale Curtis <dalecurtis@google.com>
(Probably) Found-by: inferno@chromium.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
This commit is contained in:
Michael Niedermayer 2012-09-28 01:38:44 +02:00
parent 13f0cd681e
commit 94041febc5

View File

@ -213,7 +213,7 @@ static void ff_compute_band_indexes(MPADecodeContext *s, GranuleDef *g)
else else
g->long_end = 6; g->long_end = 6;
g->short_start = 2 + (s->sample_rate_index != 8); g->short_start = 3;
} else { } else {
g->long_end = 0; g->long_end = 0;
g->short_start = 0; g->short_start = 0;