[FFmpeg-devel] [PATCH] latmenc: Fix ALS in LATM.

Reimar Döffinger Reimar.Doeffinger at gmx.de
Tue Apr 10 21:00:29 CEST 2012


"Fix" in so far as at least it will no longer overread and possibly
crash and makes somewhat sense, but no idea whether there is anything
that can play the resulting files (FFmpeg can't).

Signed-off-by: Reimar Döffinger <Reimar.Doeffinger at gmx.de>
---
 libavformat/latmenc.c |    9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/libavformat/latmenc.c b/libavformat/latmenc.c
index c3bb6da..8dd265d 100644
--- a/libavformat/latmenc.c
+++ b/libavformat/latmenc.c
@@ -57,6 +57,11 @@ static int latm_decode_extradata(LATMContext *ctx, uint8_t *buf, int size)
     if (ctx->off < 0)
         return ctx->off;
 
+    if (ctx->object_type == AOT_ALS && (ctx->off & 7)) {
+        // as long as avpriv_mpeg4audio_get_config works correctly this is impossible
+        av_log(ctx, AV_LOG_ERROR, "BUG: ALS offset is not byte-aligned\n");
+        return AVERROR_INVALIDDATA;
+    }
     /* FIXME: are any formats not allowed in LATM? */
 
     if (m4ac.object_type > AOT_SBR && m4ac.object_type != AOT_ALS) {
@@ -103,8 +108,8 @@ static int latm_write_frame_header(AVFormatContext *s, PutBitContext *bs)
 
         /* AudioSpecificConfig */
         if (ctx->object_type == AOT_ALS) {
-            header_size = avctx->extradata_size-(ctx->off + 7) >> 3;
-            avpriv_copy_bits(bs, &avctx->extradata[ctx->off], header_size);
+            header_size = avctx->extradata_size-(ctx->off >> 3);
+            avpriv_copy_bits(bs, &avctx->extradata[ctx->off >> 3], header_size);
         } else {
             // + 3 assumes not scalable and dependsOnCoreCoder == 0,
             // see decode_ga_specific_config in libavcodec/aacdec.c
-- 
1.7.9.5



More information about the ffmpeg-devel mailing list