[FFmpeg-soc] [soc]: r2079 - aac/aac.c
andoma
subversion at mplayerhq.hu
Thu Apr 3 09:49:01 CEST 2008
Author: andoma
Date: Thu Apr 3 09:49:01 2008
New Revision: 2079
Log:
Bail out if escape "codebook" overflows.
Modified:
aac/aac.c
Modified: aac/aac.c
==============================================================================
--- aac/aac.c (original)
+++ aac/aac.c Thu Apr 3 09:49:01 2008
@@ -1268,7 +1268,13 @@ static int decode_spectral_data(AACConte
for (j = 0; j < 2; j++) {
if (ptr[j] == 16) {
int n = 4;
- while (get_bits1(gb)) n++;
+ /* Total length of escape_sequence must be < 22 bits according to spec. */
+ /* ie. max is 11111111110xxxxxxxxxx */
+ while (get_bits1(gb) && n < 15) n++;
+ if(n == 15) {
+ av_log(ac->avccontext, AV_LOG_ERROR, "Error in spectral data, ESC overflow\n");
+ return -1;
+ }
ptr[j] = (1<<n) + get_bits(gb, n);
}
}
More information about the FFmpeg-soc
mailing list