falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

prevent infinite loop and memcpy of negative amounts 

fixes issue194

Originally committed as revision 10726 to svn://svn.ffmpeg.org/ffmpeg/trunk
tags/v0.5
Michael Niedermayer 17 years ago
parent
972c5f9e10
commit
4d570f94ba
2 changed files with 6 additions and 0 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +3
    -0
      libavcodec/aac_parser.c
  2. +3
    -0
      libavcodec/ac3_parser.c

+ 3
- 0
libavcodec/aac_parser.c View File

@@ -67,6 +67,9 @@ static int aac_sync(const uint8_t *buf, int *channels, int *sample_rate,
skip_bits1(&bits); /* copyright_identification_bit */ skip_bits1(&bits); /* copyright_identification_bit */
skip_bits1(&bits); /* copyright_identification_start */ skip_bits1(&bits); /* copyright_identification_start */
size = get_bits(&bits, 13); /* aac_frame_length */ size = get_bits(&bits, 13); /* aac_frame_length */
if(size < AAC_HEADER_SIZE)
return 0;

skip_bits(&bits, 11); /* adts_buffer_fullness */ skip_bits(&bits, 11); /* adts_buffer_fullness */
rdb = get_bits(&bits, 2); /* number_of_raw_data_blocks_in_frame */ rdb = get_bits(&bits, 2); /* number_of_raw_data_blocks_in_frame */




+ 3
- 0
libavcodec/ac3_parser.c View File

@@ -114,6 +114,9 @@ static int ac3_sync(const uint8_t *buf, int *channels, int *sample_rate,
return 0; /* Currently don't support additional streams */ return 0; /* Currently don't support additional streams */


frmsiz = get_bits(&bits, 11) + 1; frmsiz = get_bits(&bits, 11) + 1;
if(frmsiz*2 < AC3_HEADER_SIZE)
return 0;

fscod = get_bits(&bits, 2); fscod = get_bits(&bits, 2);
if (fscod == 3) { if (fscod == 3) {
fscod2 = get_bits(&bits, 2); fscod2 = get_bits(&bits, 2);


Write Preview
Loading…
Cancel
Save