[FFmpeg-cvslog] Fixed invalid access in wavpack decoder on corrupted extra bits sub-blocks.

Laurent Aimar git at videolan.org
Thu Sep 22 01:17:26 CEST 2011


ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Wed Sep  7 23:12:32 2011 +0200| [a652bb2857a753a18181fb2e1373f4bf7cf04a46] | committer: Anton Khirnov

Fixed invalid access in wavpack decoder on corrupted extra bits sub-blocks.

Signed-off-by: Martin Storsjö <martin at martin.st>
(cherry picked from commit beefafda639dd53fc59c21d8a7cf8334da9a1062)

Signed-off-by: Anton Khirnov <anton at khirnov.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=a652bb2857a753a18181fb2e1373f4bf7cf04a46
---

 libavcodec/wavpack.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index e4fe217..64725c7 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -385,7 +385,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc, in
     if(s->extra_bits){
         S <<= s->extra_bits;
 
-        if(s->got_extra_bits){
+        if(s->got_extra_bits && get_bits_left(&s->gb_extra_bits) >= s->extra_bits){
             S |= get_bits(&s->gb_extra_bits, s->extra_bits);
             *crc = *crc * 9 + (S&0xffff) * 3 + ((unsigned)S>>16);
         }



More information about the ffmpeg-cvslog mailing list