[FFmpeg-cvslog] avcodec: fix aac/ac3 parser bitstream buffer size
Michael Niedermayer
git at videolan.org
Thu Mar 12 18:05:25 CET 2015
ffmpeg | branch: release/0.10 | Michael Niedermayer <michaelni at gmx.at> | Fri Aug 22 01:15:57 2014 +0200| [7248e735599bad765e1ef39c3ea9a6d469d74049] | committer: Michael Niedermayer
avcodec: fix aac/ac3 parser bitstream buffer size
Buffers containing copies of the AAC and AC3 header bits were not padded
before parsing, violating init_get_bits() buffer padding requirement,
leading to potential buffer read overflows.
This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer
for parsing the header in each of aac_parser.c and ac3_parser.c.
Based on patch by: Matt Wolenetz <wolenetz at chromium.org>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit fccd85b9f30525f88692f53134eba41f1f2d90db)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7248e735599bad765e1ef39c3ea9a6d469d74049
---
libavcodec/aac_parser.c | 2 +-
libavcodec/ac3_parser.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/aac_parser.c b/libavcodec/aac_parser.c
index a8ef2f3..a6c9ad1 100644
--- a/libavcodec/aac_parser.c
+++ b/libavcodec/aac_parser.c
@@ -34,7 +34,7 @@ static int aac_sync(uint64_t state, AACAC3ParseContext *hdr_info,
int size;
union {
uint64_t u64;
- uint8_t u8[8];
+ uint8_t u8[8 + FF_INPUT_BUFFER_PADDING_SIZE];
} tmp;
tmp.u64 = av_be2ne64(state);
diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c
index 83cc4e0..773f4c2 100644
--- a/libavcodec/ac3_parser.c
+++ b/libavcodec/ac3_parser.c
@@ -147,7 +147,7 @@ static int ac3_sync(uint64_t state, AACAC3ParseContext *hdr_info,
int err;
union {
uint64_t u64;
- uint8_t u8[8];
+ uint8_t u8[8 + FF_INPUT_BUFFER_PADDING_SIZE];
} tmp = { av_be2ne64(state) };
AC3HeaderInfo hdr;
GetBitContext gbc;
More information about the ffmpeg-cvslog
mailing list