openharmony/third_party_ffmpeg
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_ffmpeg synced 2024-11-24 03:39:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

mlpdec: Do not set invalid context in read_restart_header

Browse Source 
The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.

Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
This commit is contained in:
Luca Barbato 2013-07-10 04:35:34 +02:00
parent 2b379a9251
commit e9d394f3fa
1 changed files with 14 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
libavcodec/mlpdec.c
View File

@ -389,9 +389,10 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,
uint8_t checksum;
uint8_t lossless_check;
int start_count = get_bits_count(gbp);
const int max_matrix_channel = m->avctx->codec_id == AV_CODEC_ID_MLP
? MAX_MATRIX_CHANNEL_MLP
: MAX_MATRIX_CHANNEL_TRUEHD;
int min_channel, max_channel, max_matrix_channel;
const int std_max_matrix_channel = m->avctx->codec_id == AV_CODEC_ID_MLP
? MAX_MATRIX_CHANNEL_MLP
: MAX_MATRIX_CHANNEL_TRUEHD;
sync_word = get_bits(gbp, 13);
@ -410,18 +411,18 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,
skip_bits(gbp, 16); /* Output timestamp */
s->min_channel = get_bits(gbp, 4);
s->max_channel = get_bits(gbp, 4);
s->max_matrix_channel = get_bits(gbp, 4);
min_channel = get_bits(gbp, 4);
max_channel = get_bits(gbp, 4);
max_matrix_channel = get_bits(gbp, 4);
if (s->max_matrix_channel > max_matrix_channel) {
if (max_matrix_channel > std_max_matrix_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Max matrix channel cannot be greater than %d.\n",
max_matrix_channel);
return AVERROR_INVALIDDATA;
}
if (s->max_channel != s->max_matrix_channel) {
if (max_channel != max_matrix_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Max channel must be equal max matrix channel.\n");
return AVERROR_INVALIDDATA;
@ -437,12 +438,16 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,
return AVERROR_PATCHWELCOME;
}
if (s->min_channel > s->max_channel) {
if (min_channel > max_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Substream min channel cannot be greater than max channel.\n");
return AVERROR_INVALIDDATA;
}
s->min_channel = min_channel;
s->max_channel = max_channel;
s->max_matrix_channel = max_matrix_channel;
#if FF_API_REQUEST_CHANNELS
if (m->avctx->request_channels > 0 &&
m->avctx->request_channels <= s->max_channel + 1 &&