[FFmpeg-devel] [PATCH] cook: avoid out of global array read.
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Tue Feb 28 20:41:43 CET 2012
On Tue, Feb 28, 2012 at 08:10:21PM +0100, Michael Niedermayer wrote:
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> ---
> libavcodec/cook.c | 41 +++++++++++++++++++++++++++++------------
> 1 files changed, 29 insertions(+), 12 deletions(-)
>
> diff --git a/libavcodec/cook.c b/libavcodec/cook.c
> index 08b51d8..920f527 100644
> --- a/libavcodec/cook.c
> +++ b/libavcodec/cook.c
> @@ -366,7 +366,7 @@ static void decode_gain_info(GetBitContext *gb, int *gaininfo)
> * @param q pointer to the COOKContext
> * @param quant_index_table pointer to the array
> */
> -static void decode_envelope(COOKContext *q, COOKSubpacket *p,
> +static int decode_envelope(COOKContext *q, COOKSubpacket *p,
> int *quant_index_table)
> {
> int i, j, vlc_index;
> @@ -388,7 +388,14 @@ static void decode_envelope(COOKContext *q, COOKSubpacket *p,
> j = get_vlc2(&q->gb, q->envelope_quant_index[vlc_index - 1].table,
> q->envelope_quant_index[vlc_index - 1].bits, 2);
> quant_index_table[i] = quant_index_table[i - 1] + j - 12; // differential encoding
> +
> + if (quant_index_table[i] < -63 || quant_index_table[i] > 64) {
> + av_log_ask_for_sample(NULL, "quant_index_table value out of bounds\n");
> + return AVERROR_PATCHWELCOME;
Is there a reason to believe this indicates an unimplemented feature
and not a broken file?
If yes, that should be documented.
If not, I think this should return AVERROR_INVALIDDATA.
Though I'd actually consider just clamping it to the valid range,
that also has the advantage of not needing all the other changes
(though in principle it might not hurt to have a way to properly
return errors).
More information about the ffmpeg-devel
mailing list