[FFmpeg-devel] [PATCH 6/8] Reject invalid deinterleaving parameters in the RM demuxer.
fenrir at elivagar.org
fenrir at elivagar.org
Sat Sep 17 16:56:34 CEST 2011
From: Laurent Aimar <fenrir at videolan.org>
---
libavformat/rmdec.c | 38 ++++++++++++++++++++++++++------------
1 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/libavformat/rmdec.c b/libavformat/rmdec.c
index 81f563e..9c10852 100644
--- a/libavformat/rmdec.c
+++ b/libavformat/rmdec.c
@@ -194,18 +194,6 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb,
st->codec->codec_id = ff_codec_get_id(ff_rm_codec_tags,
st->codec->codec_tag);
- switch (ast->deint_id) {
- case DEINT_ID_GENR:
- case DEINT_ID_INT0:
- case DEINT_ID_INT4:
- case DEINT_ID_SIPR:
- case DEINT_ID_VBRS:
- case DEINT_ID_VBRF:
- break;
- default:
- av_log(NULL,0,"Unknown interleaver %X\n", ast->deint_id);
- return AVERROR_INVALIDDATA;
- }
switch (st->codec->codec_id) {
case CODEC_ID_AC3:
st->need_parsing = AVSTREAM_PARSE_FULL;
@@ -279,6 +267,32 @@ static int rm_read_audio_stream_info(AVFormatContext *s, AVIOContext *pb,
default:
av_strlcpy(st->codec->codec_name, buf, sizeof(st->codec->codec_name));
}
+ switch (ast->deint_id) {
+ case DEINT_ID_INT4:
+ if (ast->coded_framesize > ast->audio_framesize ||
+ ast->sub_packet_h * ast->coded_framesize > (2 + (ast->sub_packet_h & 1)) * ast->audio_framesize ||
+ !ast->pkt.data)
+ return AVERROR_INVALIDDATA;
+ break;
+ case DEINT_ID_GENR:
+ if (ast->sub_packet_size <= 0 ||
+ ast->sub_packet_size > ast->audio_framesize ||
+ !ast->pkt.data)
+ return AVERROR_INVALIDDATA;
+ break;
+ case DEINT_ID_SIPR:
+ if (!ast->pkt.data)
+ return AVERROR_INVALIDDATA;
+ break;
+ case DEINT_ID_INT0:
+ case DEINT_ID_VBRS:
+ case DEINT_ID_VBRF:
+ break;
+ default:
+ av_log(NULL,0,"Unknown interleaver %X\n", ast->deint_id);
+ return AVERROR_INVALIDDATA;
+ }
+
if (read_all) {
avio_r8(pb);
avio_r8(pb);
--
1.7.2.5
More information about the ffmpeg-devel
mailing list