[FFmpeg-devel] [PATCH] alsdec: Fix out of ltp_gain_values read.
Michael Niedermayer
michaelni at gmx.at
Sun Mar 11 16:59:32 CET 2012
On Sun, Mar 11, 2012 at 01:56:05PM +0100, Thilo Borgmann wrote:
> Am 10.03.12 20:13, schrieb Michael Niedermayer:
> > On Sat, Mar 10, 2012 at 08:02:20PM +0100, Michael Niedermayer wrote:
> >> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> >> Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> >> ---
> >> libavcodec/alsdec.c | 4 ++++
> >> 1 files changed, 4 insertions(+), 0 deletions(-)
> >>
> >> diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
> >> index 1c6e259..e1cec9b 100644
> >> --- a/libavcodec/alsdec.c
> >> +++ b/libavcodec/alsdec.c
> >> @@ -732,6 +732,10 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
> >> bd->ltp_gain[1] = decode_rice(gb, 2) << 3;
> >>
> >> r = get_unary(gb, 0, 4);
> >> + if (r >= 4U) {
> >> + av_log(avctx, AV_LOG_ERROR, "ltp_gain_values index out of range\n");
> >> + return AVERROR_INVALIDDATA;
> >> + }
> >
> > thilo, can you confirm this is ok and its not the 4 in get_unary()
> > thats wrong ?
>
> You're right it's the unary that may not be bigger than 3.
>
> Two patches attached, one for the reading of the unary and while I'm on it a
> pretty print for another log message.
both applied
Thanks
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
No human being will ever know the Truth, for even if they happen to say it
by chance, they would not even known they had done so. -- Xenophanes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120311/63d72b6c/attachment.asc>
More information about the ffmpeg-devel
mailing list