[FFmpeg-devel] [PATCH] alsdec: Fix out of ltp_gain_values read.
Thilo Borgmann
thilo.borgmann at googlemail.com
Sun Mar 11 13:56:05 CET 2012
Am 10.03.12 20:13, schrieb Michael Niedermayer:
> On Sat, Mar 10, 2012 at 08:02:20PM +0100, Michael Niedermayer wrote:
>> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
>> Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
>> ---
>> libavcodec/alsdec.c | 4 ++++
>> 1 files changed, 4 insertions(+), 0 deletions(-)
>>
>> diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
>> index 1c6e259..e1cec9b 100644
>> --- a/libavcodec/alsdec.c
>> +++ b/libavcodec/alsdec.c
>> @@ -732,6 +732,10 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd)
>> bd->ltp_gain[1] = decode_rice(gb, 2) << 3;
>>
>> r = get_unary(gb, 0, 4);
>> + if (r >= 4U) {
>> + av_log(avctx, AV_LOG_ERROR, "ltp_gain_values index out of range\n");
>> + return AVERROR_INVALIDDATA;
>> + }
>
> thilo, can you confirm this is ok and its not the 4 in get_unary()
> thats wrong ?
You're right it's the unary that may not be bigger than 3.
Two patches attached, one for the reading of the unary and while I'm on it a
pretty print for another log message.
Thanks!
-Thilo
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: pretty_print_log_message.patch
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120311/8f4d194e/attachment.ksh>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: read_correct_ltp_gain.patch
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20120311/8f4d194e/attachment-0001.ksh>
More information about the ffmpeg-devel
mailing list