[FFmpeg-devel] [PATCH 7/7] atrac3plus: Prevent array out-of-bounds

Timothy Gu timothygu99 at gmail.com
Fri Feb 6 08:32:56 CET 2015


On Thu Feb 05 2015 at 11:07:01 PM Timothy Gu <timothygu99 at gmail.com> wrote:

> (num_quant_units - 1) is later used as an index to atrac3p_qu_to_subband,
> which only has 32 elements (i.e. maximum of num_quant_units is 32).
> ---
>  libavcodec/atrac3plus.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>

Note that this doesn't actually fix any problem else than a GCC warning.


>
> diff --git a/libavcodec/atrac3plus.c b/libavcodec/atrac3plus.c
> index 575a493..b215b02 100644
> --- a/libavcodec/atrac3plus.c
> +++ b/libavcodec/atrac3plus.c
> @@ -1768,7 +1768,7 @@ int ff_atrac3p_decode_channel_unit(GetBitContext
> *gb, Atrac3pChanUnitCtx *ctx,
>
>      /* parse sound header */
>      ctx->num_quant_units = get_bits(gb, 5) + 1;
>

num_quant_units can only be <= (2^5 - 1) + 1, which is <= 32.

This just makes it easier for GCC to see that.


> -    if (ctx->num_quant_units > 28 && ctx->num_quant_units < 32) {
> +    if (ctx->num_quant_units > 28 && ctx->num_quant_units != 32) {
>          av_log(avctx, AV_LOG_ERROR,
>                 "Invalid number of quantization units: %d!\n",
>                 ctx->num_quant_units);
>

Timothy


More information about the ffmpeg-devel mailing list