[FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size

Andreas Cadhalpun andreas.cadhalpun at googlemail.com
Sun Jun 28 11:28:37 CEST 2015


On 27.06.2015 23:01, Michael Niedermayer wrote:
> On Sat, Jun 27, 2015 at 08:36:15PM +0200, Andreas Cadhalpun wrote:
>> Claiming to have decoded more bytes than the packet size is wrong.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>>  libavcodec/wmavoice.c | 4 ++--
>>  1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
>> index ae88d4e..6cd407a 100644
>> --- a/libavcodec/wmavoice.c
>> +++ b/libavcodec/wmavoice.c
>> @@ -1982,7 +1982,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data,
>>                      *got_frame_ptr) {
>>                      cnt += s->spillover_nbits;
>>                      s->skip_bits_next = cnt & 7;
>> -                    return cnt >> 3;
>> +                    return FFMIN(cnt >> 3, avpkt->size);
>>                  } else
>>                      skip_bits_long (gb, s->spillover_nbits - cnt +
>>                                      get_bits_count(gb)); // resync
>> @@ -2001,7 +2001,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data,
>>      } else if (*got_frame_ptr) {
>>          int cnt = get_bits_count(gb);
>>          s->skip_bits_next = cnt & 7;
>> -        return cnt >> 3;
>> +        return FFMIN(cnt >> 3, avpkt->size);
>>      } else if ((s->sframe_cache_size = pos) > 0) {
>>          /* rewind bit reader to start of last (incomplete) superframe... */
>>          init_get_bits(gb, avpkt->data, size << 3);
> 
> am i assuming correct that gb was read beyond its end ?

That only happens in the second case, not in the first.

> if so this maybe should be treated as an error instead of cliping

Treating one like an error, but not the other seems strange as well.
One could add an explode mode for both. Would that be better?

Best regards,
Andreas


More information about the ffmpeg-devel mailing list