falkTX
/
FFmpeg
mirror of https://github.com/falkTX/FFmpeg.git
1
0
Fork 0
Code Issues 0 Releases 338 Wiki Activity
Browse Source

mlpdec: Do not set invalid context in read_restart_header 

The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
tags/n2.1
Luca Barbato 12 years ago
parent
2b379a9251
commit
e9d394f3fa
1 changed files with 14 additions and 9 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +14
    -9
      libavcodec/mlpdec.c

+ 14
- 9
libavcodec/mlpdec.c View File

@@ -389,9 +389,10 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,
uint8_t checksum;
uint8_t lossless_check;
int start_count = get_bits_count(gbp);
const int max_matrix_channel = m->avctx->codec_id == AV_CODEC_ID_MLP
? MAX_MATRIX_CHANNEL_MLP
: MAX_MATRIX_CHANNEL_TRUEHD;
int min_channel, max_channel, max_matrix_channel;
const int std_max_matrix_channel = m->avctx->codec_id == AV_CODEC_ID_MLP
? MAX_MATRIX_CHANNEL_MLP
: MAX_MATRIX_CHANNEL_TRUEHD;

sync_word = get_bits(gbp, 13);

@@ -410,18 +411,18 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,

skip_bits(gbp, 16); /* Output timestamp */

s->min_channel = get_bits(gbp, 4);
s->max_channel = get_bits(gbp, 4);
s->max_matrix_channel = get_bits(gbp, 4);
min_channel = get_bits(gbp, 4);
max_channel = get_bits(gbp, 4);
max_matrix_channel = get_bits(gbp, 4);

if (s->max_matrix_channel > max_matrix_channel) {
if (max_matrix_channel > std_max_matrix_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Max matrix channel cannot be greater than %d.\n",
max_matrix_channel);
return AVERROR_INVALIDDATA;
}

if (s->max_channel != s->max_matrix_channel) {
if (max_channel != max_matrix_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Max channel must be equal max matrix channel.\n");
return AVERROR_INVALIDDATA;
@@ -437,12 +438,16 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,
return AVERROR_PATCHWELCOME;
}

if (s->min_channel > s->max_channel) {
if (min_channel > max_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Substream min channel cannot be greater than max channel.\n");
return AVERROR_INVALIDDATA;
}

s->min_channel = min_channel;
s->max_channel = max_channel;
s->max_matrix_channel = max_matrix_channel;

#if FF_API_REQUEST_CHANNELS
if (m->avctx->request_channels > 0 &&
m->avctx->request_channels <= s->max_channel + 1 &&


Write Preview
Loading…
Cancel
Save