mirror of
https://github.com/FFmpeg/FFmpeg.git
synced 2024-12-23 12:43:46 +02:00
wmalosslessdec: Reset put bit buffer when num_saved_bits is reset.
Fixes CVE-2012-2799 CC:libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Anton Khirnov <anton@khirnov.net>
This commit is contained in:
Michael Niedermayer
Anton Khirnov
parent
d05f72c754
commit
d65d834731
@ -1230,6 +1230,7 @@ static int decode_packet(AVCodecContext *avctx, void *data, int *got_frame_ptr,
|
|||||||
* to decode incomplete frames in the s->len_prefix == 0 case. */
|
* to decode incomplete frames in the s->len_prefix == 0 case. */
|
||||||
s->num_saved_bits = 0;
|
s->num_saved_bits = 0;
|
||||||
s->packet_loss = 0;
|
s->packet_loss = 0;
|
||||||
|
init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE);
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
@ -1282,6 +1283,7 @@ static void flush(AVCodecContext *avctx)
|
|||||||
s->next_packet_start = 0;
|
s->next_packet_start = 0;
|
||||||
s->cdlms[0][0].order = 0;
|
s->cdlms[0][0].order = 0;
|
||||||
s->frame.nb_samples = 0;
|
s->frame.nb_samples = 0;
|
||||||
|
init_put_bits(&s->pb, s->frame_data, MAX_FRAMESIZE);
|
||||||
}
|
}
|
||||||
|
|
||||||
AVCodec ff_wmalossless_decoder = {
|
AVCodec ff_wmalossless_decoder = {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user