[FFmpeg-cvslog] avcodec/aacdec: Fix pulse position checks in decode_pulses()
Michael Niedermayer
git at videolan.org
Sun Feb 23 17:46:56 CET 2014
ffmpeg | branch: release/2.1 | Michael Niedermayer <michaelni at gmx.at> | Mon Feb 3 05:04:42 2014 +0100| [9fb364babdc7788bf955100958ef596448e5c1b1] | committer: Michael Niedermayer
avcodec/aacdec: Fix pulse position checks in decode_pulses()
Fixes out of array read
Fixes: asan_static-oob_1efed25_1887_cov_2013541199_HeyYa_RA10_AAC_192K_30s.rm
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 6e42ccb9dbc13836cd52cda594f819d17af9afa2)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=9fb364babdc7788bf955100958ef596448e5c1b1
---
libavcodec/aacdec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index 396aa44..4071257 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -1405,12 +1405,12 @@ static int decode_pulses(Pulse *pulse, GetBitContext *gb,
return -1;
pulse->pos[0] = swb_offset[pulse_swb];
pulse->pos[0] += get_bits(gb, 5);
- if (pulse->pos[0] > 1023)
+ if (pulse->pos[0] >= swb_offset[num_swb])
return -1;
pulse->amp[0] = get_bits(gb, 4);
for (i = 1; i < pulse->num_pulse; i++) {
pulse->pos[i] = get_bits(gb, 5) + pulse->pos[i - 1];
- if (pulse->pos[i] > 1023)
+ if (pulse->pos[i] >= swb_offset[num_swb])
return -1;
pulse->amp[i] = get_bits(gb, 4);
}
More information about the ffmpeg-cvslog
mailing list