[FFmpeg-devel] [PATCH] alsdec: Fix out of ltp_gain_values read.
Michael Niedermayer
michaelni at gmx.at
Sat Mar 10 20:13:07 CET 2012
On Sat, Mar 10, 2012 at 08:02:20PM +0100, Michael Niedermayer wrote:
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> ---
> libavcodec/alsdec.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
> index 1c6e259..e1cec9b 100644
> --- a/libavcodec/alsdec.c
> +++ b/libavcodec/alsdec.c
> @@ -732,6 +732,10 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
> bd->ltp_gain[1] = decode_rice(gb, 2) << 3;
>
> r = get_unary(gb, 0, 4);
> + if (r >= 4U) {
> + av_log(avctx, AV_LOG_ERROR, "ltp_gain_values index out of range\n");
> + return AVERROR_INVALIDDATA;
> + }
thilo, can you confirm this is ok and its not the 4 in get_unary()
thats wrong ?
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
I do not agree with what you have to say, but I'll defend to the death your
right to say it. -- Voltaire
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120310/4655c15d/attachment.asc>
More information about the ffmpeg-devel
mailing list