[FFmpeg-devel] [PATCH] Bink file demuxer and audio decoder

[Daniel Verkamp]

On Mon, Jan 19, 2009 at 7:34 AM, Michael Niedermayer <michaelni at gmx.at> wrote:
>> +
>> +    *outdata_size = frame_size;
>> +    while (get_bits_count(gb) / 8 < buf_size) {
>> +        samples += decode_block(s, samples);
>> +        get_bits_align32(gb);
>> +    }
>
> exploitable

I'm actually not convinced this loop (from the original patch) makes
sense at all; I don't think it ever executes more than once given
valid input.  I'll take a look at this in more detail...

> in what way is a file invalid that has more frames?
[...]
> similarly, how is a file invalid when it has a larger w/h?

These limits are the ones the official player uses; I can change or
remove them if desired.

>> +            audio_flags = get_le16(pb);
>> +            ast->codec->channels = audio_flags & BINK_AUD_STEREO ? 2 : 1;
>> +            if (audio_flags & BINK_AUD_USEDCT) {
>> +                ast->codec->extradata = av_malloc(BINK_EXTRADATA_SIZE);
>> +                ast->codec->extradata_size = BINK_EXTRADATA_SIZE;
>> +                *ast->codec->extradata = 1;
>> +            }
>
> why dont you read the flags into extradata ?

Smacker files use a different flag for this, so this wouldn't work for
Bink audio in Smacker files.

Thanks,
-- Daniel Verkamp