[FFmpeg-cvslog] mlpdec: Do not set invalid context in read_restart_header
Luca Barbato
git at videolan.org
Tue Aug 27 18:02:16 CEST 2013
ffmpeg | branch: release/1.1 | Luca Barbato <lu_zero at gentoo.org> | Wed Jul 10 04:35:34 2013 +0200| [cbc12124999b633a02f25bc6f6fa895a7cf656da] | committer: Luca Barbato
mlpdec: Do not set invalid context in read_restart_header
The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
(cherry picked from commit e9d394f3fad7e8fd8fc80e3b33cb045bbaceb446)
Signed-off-by: Luca Barbato <lu_zero at gentoo.org>
Conflicts:
libavcodec/mlpdec.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=cbc12124999b633a02f25bc6f6fa895a7cf656da
---
libavcodec/mlpdec.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c
index 0eaf2e3..d999495 100644
--- a/libavcodec/mlpdec.c
+++ b/libavcodec/mlpdec.c
@@ -392,9 +392,10 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,
uint8_t checksum;
uint8_t lossless_check;
int start_count = get_bits_count(gbp);
- const int max_matrix_channel = m->avctx->codec_id == AV_CODEC_ID_MLP
- ? MAX_MATRIX_CHANNEL_MLP
- : MAX_MATRIX_CHANNEL_TRUEHD;
+ int min_channel, max_channel, max_matrix_channel;
+ const int std_max_matrix_channel = m->avctx->codec_id == AV_CODEC_ID_MLP
+ ? MAX_MATRIX_CHANNEL_MLP
+ : MAX_MATRIX_CHANNEL_TRUEHD;
sync_word = get_bits(gbp, 13);
@@ -413,18 +414,18 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,
skip_bits(gbp, 16); /* Output timestamp */
- s->min_channel = get_bits(gbp, 4);
- s->max_channel = get_bits(gbp, 4);
- s->max_matrix_channel = get_bits(gbp, 4);
+ min_channel = get_bits(gbp, 4);
+ max_channel = get_bits(gbp, 4);
+ max_matrix_channel = get_bits(gbp, 4);
- if (s->max_matrix_channel > max_matrix_channel) {
+ if (max_matrix_channel > std_max_matrix_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Max matrix channel cannot be greater than %d.\n",
max_matrix_channel);
return AVERROR_INVALIDDATA;
}
- if (s->max_channel != s->max_matrix_channel) {
+ if (max_channel != max_matrix_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Max channel must be equal max matrix channel.\n");
return AVERROR_INVALIDDATA;
@@ -439,15 +440,20 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp,
return AVERROR_PATCHWELCOME;
}
- if (s->min_channel > s->max_channel) {
+ if (min_channel > max_channel) {
av_log(m->avctx, AV_LOG_ERROR,
"Substream min channel cannot be greater than max channel.\n");
return AVERROR_INVALIDDATA;
}
- if (m->avctx->request_channels > 0
- && s->max_channel + 1 >= m->avctx->request_channels
- && substr < m->max_decoded_substream) {
+
+ s->min_channel = min_channel;
+ s->max_channel = max_channel;
+ s->max_matrix_channel = max_matrix_channel;
+
+ if (m->avctx->request_channels > 0 &&
+ m->avctx->request_channels <= s->max_channel + 1 &&
+ m->max_decoded_substream > substr) {
av_log(m->avctx, AV_LOG_DEBUG,
"Extracting %d channel downmix from substream %d. "
"Further substreams will be skipped.\n",
More information about the ffmpeg-cvslog
mailing list