[FFmpeg-cvslog] r22380 - trunk/libavcodec/aacsbr.c
alexc
subversion
Tue Mar 9 10:27:11 CET 2010
Author: alexc
Date: Tue Mar 9 10:27:11 2010
New Revision: 22380
Log:
aacsbr: Check for illegal values of bs_pointer in sbr_read_grid().
Modified:
trunk/libavcodec/aacsbr.c
Modified: trunk/libavcodec/aacsbr.c
==============================================================================
--- trunk/libavcodec/aacsbr.c Tue Mar 9 09:20:11 2010 (r22379)
+++ trunk/libavcodec/aacsbr.c Tue Mar 9 10:27:11 2010 (r22380)
@@ -628,6 +628,8 @@ static int read_sbr_grid(AACContext *ac,
if (ch_data->bs_num_env[1] == 1)
ch_data->bs_amp_res = 0;
+ ch_data->bs_pointer = 0;
+
ch_data->bs_freq_res[1] = get_bits1(gb);
for (i = 1; i < ch_data->bs_num_env[1]; i++)
ch_data->bs_freq_res[i + 1] = ch_data->bs_freq_res[1];
@@ -675,6 +677,12 @@ static int read_sbr_grid(AACContext *ac,
break;
}
+ if (ch_data->bs_pointer > ch_data->bs_num_env[1] + 1) {
+ av_log(ac->avccontext, AV_LOG_ERROR,
+ "Invalid bitstream, bs_pointer points to a middle noise border outside the time borders table: %d\n",
+ ch_data->bs_pointer);
+ return -1;
+ }
if (ch_data->bs_frame_class == FIXFIX && ch_data->bs_num_env[1] > 4) {
av_log(ac->avccontext, AV_LOG_ERROR,
"Invalid bitstream, too many SBR envelopes in FIXFIX type SBR frame: %d\n",
More information about the ffmpeg-cvslog
mailing list