[FFmpeg-cvslog] Fixed invalid access in wavpack decoder on corrupted extra bits sub-blocks.

Laurent Aimar git at videolan.org
Fri Sep 9 00:16:37 CEST 2011


ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Wed Sep  7 23:12:32 2011 +0200| [90edd5df3d8c7a98372532363a86ffc217b3fa82] | committer: Michael Niedermayer

Fixed invalid access in wavpack decoder on corrupted extra bits sub-blocks.

Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit beefafda639dd53fc59c21d8a7cf8334da9a1062)

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=90edd5df3d8c7a98372532363a86ffc217b3fa82
---

 libavcodec/wavpack.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index d510232..f46f925 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -385,7 +385,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in
     if(s->extra_bits){
         S <<= s->extra_bits;
 
-        if(s->got_extra_bits){
+        if(s->got_extra_bits && get_bits_left(&s->gb_extra_bits) >= s->extra_bits){
             S |= get_bits(&s->gb_extra_bits, s->extra_bits);
             *crc = *crc * 9 + (S&0xffff) * 3 + ((unsigned)S>>16);
         }



More information about the ffmpeg-cvslog mailing list