[FFmpeg-devel] [PATCH] alsdec: Fix out of ltp_gain_values read.

Thilo Borgmann thilo.borgmann at googlemail.com
Sun Mar 11 13:56:05 CET 2012


Am 10.03.12 20:13, schrieb Michael Niedermayer:
> On Sat, Mar 10, 2012 at 08:02:20PM +0100, Michael Niedermayer wrote:
>> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
>> Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
>> ---
>>  libavcodec/alsdec.c |    4 ++++
>>  1 files changed, 4 insertions(+), 0 deletions(-)
>>
>> diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
>> index 1c6e259..e1cec9b 100644
>> --- a/libavcodec/alsdec.c
>> +++ b/libavcodec/alsdec.c
>> @@ -732,6 +732,10 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
>>              bd->ltp_gain[1]   = decode_rice(gb, 2) << 3;
>>  
>>              r                 = get_unary(gb, 0, 4);
>> +            if (r >= 4U) {
>> +                av_log(avctx, AV_LOG_ERROR, "ltp_gain_values index out of range\n");
>> +                return AVERROR_INVALIDDATA;
>> +            }
> 
> thilo, can you confirm this is ok and its not the 4 in get_unary()
> thats wrong ?

You're right it's the unary that may not be bigger than 3.

Two patches attached, one for the reading of the unary and while I'm on it a
pretty print for another log message.

Thanks!

-Thilo
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pretty_print_log_message.patch
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120311/8f4d194e/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: read_correct_ltp_gain.patch
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120311/8f4d194e/attachment-0001.ksh>


More information about the ffmpeg-devel mailing list