[FFmpeg-cvslog] wavpack: limit extra_bits to 32 and use get_bits_long
Andreas Cadhalpun
git at videolan.org
Thu Jul 23 02:17:06 CEST 2015
ffmpeg | branch: release/2.6 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Thu Jul 2 23:05:05 2015 +0200| [e812220a304de49abe2a9553692dfd487ec9a888] | committer: Michael Niedermayer
wavpack: limit extra_bits to 32 and use get_bits_long
More than 32 bits can't be stored in an integer and get_bits should not
be used with more than 25 bits.
Reviewed-by: Paul B Mahol <onemda at gmail.com>
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit d0eff8857ceff2601f85037c930cbe61a88b611e)
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
(cherry picked from commit f0af6e705f3b30f7f5afa3c24db27433af6b1bfc)
Signed-off-by: Michael Niedermayer <michael at niedermayer.cc>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e812220a304de49abe2a9553692dfd487ec9a888
---
libavcodec/wavpack.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index d91b66c..554367b 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -271,7 +271,7 @@ static inline int wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc,
if (s->got_extra_bits &&
get_bits_left(&s->gb_extra_bits) >= s->extra_bits) {
- S |= get_bits(&s->gb_extra_bits, s->extra_bits);
+ S |= get_bits_long(&s->gb_extra_bits, s->extra_bits);
*crc = *crc * 9 + (S & 0xffff) * 3 + ((unsigned)S >> 16);
}
}
@@ -835,7 +835,11 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
continue;
}
bytestream2_get_buffer(&gb, val, 4);
- if (val[0]) {
+ if (val[0] > 32) {
+ av_log(avctx, AV_LOG_ERROR,
+ "Invalid INT32INFO, extra_bits = %d (> 32)\n", val[0]);
+ continue;
+ } else if (val[0]) {
s->extra_bits = val[0];
} else if (val[1]) {
s->shift = val[1];
More information about the ffmpeg-cvslog
mailing list