[SCM] libav/experimental: Fixed overreads in TTA decoder with corrupted bistreams.
siretart at users.alioth.debian.org
siretart at users.alioth.debian.org
Sun Jun 30 17:02:40 UTC 2013
The following commit has been merged in the experimental branch:
commit a9837b58e1b060ed31753821536de128a0deaf26
Author: Laurent Aimar <fenrir at videolan.org>
Date: Wed Mar 3 19:31:46 2010 +0000
Fixed overreads in TTA decoder with corrupted bistreams.
Originally committed as revision 22176 to svn://svn.ffmpeg.org/ffmpeg/trunk
diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index b26724b..7dd4cc5 100644
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -332,9 +332,14 @@ static int tta_decode_frame(AVCodecContext *avctx,
unary--;
}
- if (k)
+ if (get_bits_left(&s->gb) < k)
+ return -1;
+
+ if (k) {
+ if (k > MIN_CACHE_BITS)
+ return -1;
value = (unary << k) + get_bits(&s->gb, k);
- else
+ } else
value = unary;
// FIXME: copy paste from original
@@ -404,6 +409,8 @@ static int tta_decode_frame(AVCodecContext *avctx,
}
}
+ if (get_bits_left(&s->gb) < 32)
+ return -1;
skip_bits(&s->gb, 32); // frame crc
// convert to output buffer
--
Libav/FFmpeg packaging
More information about the pkg-multimedia-commits
mailing list