[Ffmpeg-devel] [PATCH] flac crash when pred_order too big
Reimar Döffinger
Reimar.Doeffinger
Tue Jan 16 22:10:43 CET 2007
Hello,
On Tue, Jan 16, 2007 at 04:00:53PM +0100, Reimar Doeffinger wrote:
> Hello,
> attached patch fixes a crash when pred_order > s->blocksize >>
> rice_order, as exposed by http://sam.zoy.org/zzuf/lol-mplayer.flac
> Since I do not know the spec i have no idea if this patch is the correct
> way to fix it though (though it is very simple and looks like it could
> make sense).
Alternative version, aborts with return -1;
Greetings,
Reimar Doeffinger
-------------- next part --------------
Index: libavcodec/flac.c
===================================================================
--- libavcodec/flac.c (revision 7544)
+++ libavcodec/flac.c (working copy)
@@ -225,6 +225,10 @@
rice_order = get_bits(&s->gb, 4);
samples= s->blocksize >> rice_order;
+ if (pred_order > samples) {
+ av_log(s->avctx, AV_LOG_ERROR, "invalid predictor order: %i > %i\n", pred_order, samples);
+ return -1;
+ }
sample=
i= pred_order;
More information about the ffmpeg-devel
mailing list