[FFmpeg-cvslog] dv: Fix small overread in audio frequency table.
Alex Converse
git at videolan.org
Sat Feb 11 01:35:36 CET 2012
ffmpeg | branch: master | Alex Converse <alex.converse at gmail.com> | Thu Feb 9 17:11:55 2012 -0800| [0ab3687924457cb4fd81897bd39ab3cc5b699588] | committer: Alex Converse
dv: Fix small overread in audio frequency table.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0ab3687924457cb4fd81897bd39ab3cc5b699588
---
libavformat/dv.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/libavformat/dv.c b/libavformat/dv.c
index 5be6118..0201a80 100644
--- a/libavformat/dv.c
+++ b/libavformat/dv.c
@@ -121,6 +121,9 @@ static int dv_extract_audio(uint8_t* frame, uint8_t* ppcm[4],
if (quant > 1)
return -1; /* unsupported quantization */
+ if (freq >= FF_ARRAY_ELEMS(dv_audio_frequency))
+ return AVERROR_INVALIDDATA;
+
size = (sys->audio_min_samples[freq] + smpls) * 4; /* 2ch, 2bytes */
half_ch = sys->difseg_size / 2;
@@ -203,6 +206,12 @@ static int dv_extract_audio_info(DVDemuxContext* c, uint8_t* frame)
stype = (as_pack[3] & 0x1f); /* 0 - 2CH, 2 - 4CH, 3 - 8CH */
quant = as_pack[4] & 0x07; /* 0 - 16bit linear, 1 - 12bit nonlinear */
+ if (freq >= FF_ARRAY_ELEMS(dv_audio_frequency)) {
+ av_log(c->fctx, AV_LOG_ERROR,
+ "Unrecognized audio sample rate index (%d)\n", freq);
+ return 0;
+ }
+
if (stype > 3) {
av_log(c->fctx, AV_LOG_ERROR, "stype %d is invalid\n", stype);
c->ach = 0;
More information about the ffmpeg-cvslog
mailing list