[FFmpeg-cvslog] Fix a possible endless loop when decoding aac.
Carl Eugen Hoyos
git at videolan.org
Fri Dec 23 11:57:42 CET 2011
ffmpeg | branch: master | Carl Eugen Hoyos <cehoyos at ag.or.at> | Fri Dec 23 11:38:37 2011 +0100| [e5de9289232c5b14572fa13e2435f9adb0b0f1ec] | committer: Carl Eugen Hoyos
Fix a possible endless loop when decoding aac.
Fixes ticket #789.
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5de9289232c5b14572fa13e2435f9adb0b0f1ec
---
libavcodec/aacdec.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index c9ca0a6..8fd7f08 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -809,10 +809,10 @@ static int decode_band_types(AACContext *ac, enum BandType band_type[120],
av_log(ac->avctx, AV_LOG_ERROR, "invalid band type\n");
return -1;
}
- while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - 1)
+ while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - 1 && get_bits_left(gb) >= bits)
sect_end += sect_len_incr;
sect_end += sect_len_incr;
- if (get_bits_left(gb) < 0) {
+ if (get_bits_left(gb) < 0 || sect_len_incr == (1 << bits) - 1) {
av_log(ac->avctx, AV_LOG_ERROR, overread_err);
return -1;
}
More information about the ffmpeg-cvslog
mailing list