1
0
mirror of https://github.com/FFmpeg/FFmpeg.git synced 2024-12-23 12:43:46 +02:00

Fixed overreads in TTA decoder with corrupted bistreams.

Originally committed as revision 22176 to svn://svn.ffmpeg.org/ffmpeg/trunk
This commit is contained in:
Laurent Aimar 2010-03-03 19:31:46 +00:00
parent 19c8c4ecf4
commit a9837b58e1

View File

@ -332,9 +332,14 @@ static int tta_decode_frame(AVCodecContext *avctx,
unary--;
}
if (k)
if (get_bits_left(&s->gb) < k)
return -1;
if (k) {
if (k > MIN_CACHE_BITS)
return -1;
value = (unary << k) + get_bits(&s->gb, k);
else
} else
value = unary;
// FIXME: copy paste from original
@ -404,6 +409,8 @@ static int tta_decode_frame(AVCodecContext *avctx,
}
}
if (get_bits_left(&s->gb) < 32)
return -1;
skip_bits(&s->gb, 32); // frame crc
// convert to output buffer