[FFmpeg-cvslog] r26291 - trunk/libavcodec/dca.c

cehoyos subversion
Mon Jan 10 00:01:02 CET 2011


Author: cehoyos
Date: Mon Jan 10 00:01:01 2011
New Revision: 26291

Log:
Fix reading over the end of the allocated buffer.

Patch by Anssi Hannula, anssi d hannula a iki d fi

Modified:
   trunk/libavcodec/dca.c

Modified: trunk/libavcodec/dca.c
==============================================================================
--- trunk/libavcodec/dca.c	Sun Jan  9 20:57:11 2011	(r26290)
+++ trunk/libavcodec/dca.c	Mon Jan 10 00:01:01 2011	(r26291)
@@ -219,6 +219,8 @@ static const int8_t dca_channel_reorder_
 #define DCA_MAX_FRAME_SIZE 16384
 #define DCA_MAX_EXSS_HEADER_SIZE 4096
 
+#define DCA_BUFFER_PADDING_SIZE 1024
+
 /** Bit allocation */
 typedef struct {
     int offset;                 ///< code values offset
@@ -315,7 +317,7 @@ typedef struct {
     DECLARE_ALIGNED(16, float, samples)[(DCA_PRIM_CHANNELS_MAX+1)*256];
     const float *samples_chanptr[DCA_PRIM_CHANNELS_MAX+1];
 
-    uint8_t dca_buffer[DCA_MAX_FRAME_SIZE + DCA_MAX_EXSS_HEADER_SIZE];
+    uint8_t dca_buffer[DCA_MAX_FRAME_SIZE + DCA_MAX_EXSS_HEADER_SIZE + DCA_BUFFER_PADDING_SIZE];
     int dca_buffer_size;        ///< how much data is in the dca_buffer
 
     const int8_t* channel_order_tab;                             ///< channel reordering table, lfe and non lfe
@@ -605,6 +607,9 @@ static int dca_subframe_header(DCAContex
     /* Primary audio coding side information */
     int j, k;
 
+    if (get_bits_left(&s->gb) < 0)
+        return -1;
+
     if (!base_channel) {
         s->subsubframes[s->current_subframe] = get_bits(&s->gb, 2) + 1;
         s->partial_samples[s->current_subframe] = get_bits(&s->gb, 3);
@@ -661,6 +666,9 @@ static int dca_subframe_header(DCAContex
         }
     }
 
+    if (get_bits_left(&s->gb) < 0)
+        return -1;
+
     for (j = base_channel; j < s->prim_channels; j++) {
         const uint32_t *scale_table;
         int scale_sum;
@@ -696,6 +704,9 @@ static int dca_subframe_header(DCAContex
             s->joint_huff[j] = get_bits(&s->gb, 3);
     }
 
+    if (get_bits_left(&s->gb) < 0)
+        return -1;
+
     /* Scale factors for joint subband coding */
     for (j = base_channel; j < s->prim_channels; j++) {
         int source_channel;
@@ -1053,6 +1064,9 @@ static int dca_subsubframe(DCAContext * 
         quant_step_table = lossy_quant_d;
 
     for (k = base_channel; k < s->prim_channels; k++) {
+        if (get_bits_left(&s->gb) < 0)
+            return -1;
+
         for (l = 0; l < s->vq_start_subband[k]; l++) {
             int m;
 



More information about the ffmpeg-cvslog mailing list