[MPlayer-cvslog] r27145 - trunk/libmpcodecs/ad_imaadpcm.c
reimar
subversion at mplayerhq.hu
Sun Jun 29 10:08:52 CEST 2008
Author: reimar
Date: Sun Jun 29 10:08:51 2008
New Revision: 27145
Log:
Add a few size checks to IMA decoder. The code is still a mess though,
but bug # 1114 is probably fixed.
Modified:
trunk/libmpcodecs/ad_imaadpcm.c
Modified: trunk/libmpcodecs/ad_imaadpcm.c
==============================================================================
--- trunk/libmpcodecs/ad_imaadpcm.c (original)
+++ trunk/libmpcodecs/ad_imaadpcm.c Sun Jun 29 10:08:51 2008
@@ -190,6 +190,10 @@ static int qt_ima_adpcm_decode_block(uns
int initial_index_r = 0;
int i;
+ if (channels > 1) channels = 2;
+ if (block_size < channels * QT_IMA_ADPCM_BLOCK_SIZE)
+ return -1;
+
initial_predictor_l = BE_16(&input[0]);
initial_index_l = initial_predictor_l;
@@ -255,6 +259,10 @@ static int ms_ima_adpcm_decode_block(uns
int channel_index_l;
int channel_index_r;
+ if (channels > 1) channels = 2;
+ if (block_size < MS_IMA_ADPCM_PREAMBLE_SIZE * channels)
+ return -1;
+
predictor_l = LE_16(&input[0]);
SE_16BIT(predictor_l);
index_l = input[2];
@@ -322,6 +330,10 @@ static int dk4_ima_adpcm_decode_block(un
int index_l = 0;
int index_r = 0;
+ if (channels > 1) channels = 2;
+ if (block_size < MS_IMA_ADPCM_PREAMBLE_SIZE * channels)
+ return -1;
+
// the first predictor value goes straight to the output
predictor_l = output[0] = LE_16(&input[0]);
SE_16BIT(predictor_l);
More information about the MPlayer-cvslog
mailing list