[FFmpeg-cvslog] avcodec/aacsbr: check that the element type matches before applying SBR

Michael Niedermayer git at videolan.org
Mon Jul 20 10:48:26 CEST 2015


ffmpeg | branch: release/2.6 | Michael Niedermayer <michaelni at gmx.at> | Wed Jul  1 02:05:43 2015 +0200| [1674c5beafc4004587a0c7d84e7c94d665cd71e0] | committer: Michael Niedermayer

avcodec/aacsbr: check that the element type matches before applying SBR

Fixes out of array access
Fixes: signal_sigsegv_3670fc0_2818_cov_2307326154_moon.mux

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 79a98294da6cd85f8c86b34764c5e0c43b09eea3)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1674c5beafc4004587a0c7d84e7c94d665cd71e0
---

 libavcodec/aacsbr.c |    8 ++++++++
 libavcodec/sbr.h    |    1 +
 2 files changed, 9 insertions(+)

diff --git a/libavcodec/aacsbr.c b/libavcodec/aacsbr.c
index 29ec2d5..eb00f88 100644
--- a/libavcodec/aacsbr.c
+++ b/libavcodec/aacsbr.c
@@ -1018,6 +1018,8 @@ static unsigned int read_sbr_data(AACContext *ac, SpectralBandReplication *sbr,
 {
     unsigned int cnt = get_bits_count(gb);
 
+    sbr->id_aac = id_aac;
+
     if (id_aac == TYPE_SCE || id_aac == TYPE_CCE) {
         if (read_sbr_single_channel_element(ac, sbr, gb)) {
             sbr_turnoff(sbr);
@@ -1694,6 +1696,12 @@ void ff_sbr_apply(AACContext *ac, SpectralBandReplication *sbr, int id_aac,
     int nch = (id_aac == TYPE_CPE) ? 2 : 1;
     int err;
 
+    if (id_aac != sbr->id_aac) {
+        av_log(ac->avctx, AV_LOG_ERROR,
+            "element type mismatch %d != %d\n", id_aac, sbr->id_aac);
+        sbr_turnoff(sbr);
+    }
+
     if (!sbr->kx_and_m_pushed) {
         sbr->kx[0] = sbr->kx[1];
         sbr->m[0] = sbr->m[1];
diff --git a/libavcodec/sbr.h b/libavcodec/sbr.h
index e28fccd..ff00acb 100644
--- a/libavcodec/sbr.h
+++ b/libavcodec/sbr.h
@@ -137,6 +137,7 @@ typedef struct AACSBRContext {
 struct SpectralBandReplication {
     int                sample_rate;
     int                start;
+    int                id_aac;
     int                reset;
     SpectrumParameters spectrum_params;
     int                bs_amp_res_header;



More information about the ffmpeg-cvslog mailing list