falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

avcodec/aacdec: Fix pulse position checks in decode_pulses() 

Fixes out of array read
Fixes: asan_static-oob_1efed25_1887_cov_2013541199_HeyYa_RA10_AAC_192K_30s.rm
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
tags/n2.2-rc1
Michael Niedermayer 11 years ago
parent
4d7d9a5782
commit
6e42ccb9db
1 changed files with 2 additions and 2 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +2
    -2
      libavcodec/aacdec.c

+ 2
- 2
libavcodec/aacdec.c View File

@@ -1426,12 +1426,12 @@ static int decode_pulses(Pulse *pulse, GetBitContext *gb,
return -1; return -1;
pulse->pos[0] = swb_offset[pulse_swb]; pulse->pos[0] = swb_offset[pulse_swb];
pulse->pos[0] += get_bits(gb, 5); pulse->pos[0] += get_bits(gb, 5);
if (pulse->pos[0] > 1023)
if (pulse->pos[0] >= swb_offset[num_swb])
return -1; return -1;
pulse->amp[0] = get_bits(gb, 4); pulse->amp[0] = get_bits(gb, 4);
for (i = 1; i < pulse->num_pulse; i++) { for (i = 1; i < pulse->num_pulse; i++) {
pulse->pos[i] = get_bits(gb, 5) + pulse->pos[i - 1]; pulse->pos[i] = get_bits(gb, 5) + pulse->pos[i - 1];
if (pulse->pos[i] > 1023)
if (pulse->pos[i] >= swb_offset[num_swb])
return -1; return -1;
pulse->amp[i] = get_bits(gb, 4); pulse->amp[i] = get_bits(gb, 4);
} }


Write Preview
Loading…
Cancel
Save