[FFmpeg-cvslog] r22176 - trunk/libavcodec/tta.c
fenrir
subversion
Wed Mar 3 20:31:46 CET 2010
Author: fenrir
Date: Wed Mar 3 20:31:46 2010
New Revision: 22176
Log:
Fixed overreads in TTA decoder with corrupted bistreams.
Modified:
trunk/libavcodec/tta.c
Modified: trunk/libavcodec/tta.c
==============================================================================
--- trunk/libavcodec/tta.c Wed Mar 3 19:41:50 2010 (r22175)
+++ trunk/libavcodec/tta.c Wed Mar 3 20:31:46 2010 (r22176)
@@ -332,9 +332,14 @@ static int tta_decode_frame(AVCodecConte
unary--;
}
- if (k)
+ if (get_bits_left(&s->gb) < k)
+ return -1;
+
+ if (k) {
+ if (k > MIN_CACHE_BITS)
+ return -1;
value = (unary << k) + get_bits(&s->gb, k);
- else
+ } else
value = unary;
// FIXME: copy paste from original
@@ -404,6 +409,8 @@ static int tta_decode_frame(AVCodecConte
}
}
+ if (get_bits_left(&s->gb) < 32)
+ return -1;
skip_bits(&s->gb, 32); // frame crc
// convert to output buffer
More information about the ffmpeg-cvslog
mailing list