[FFmpeg-devel] [PATCH]libavcodec/dca: Make decoding xll the default
Michael Niedermayer
michael at niedermayer.cc
Sun Jan 3 20:22:54 CET 2016
On Sun, Jan 03, 2016 at 03:58:04PM +0100, Carl Eugen Hoyos wrote:
> Hi!
>
> Is there still something important missing?
the code below or a change to bits_long
also there are segfaults
try with a fuzzer
diff --git a/libavcodec/dca_xll.c b/libavcodec/dca_xll.c
index 98fd4c8..60efa16 100644
--- a/libavcodec/dca_xll.c
+++ b/libavcodec/dca_xll.c
@@ -487,6 +487,11 @@ int ff_dca_xll_decode_audio(DCAContext *s, AVFrame *frame)
params->pancAuxABIT[i] = get_bits(gb, bits4ABIT) + 1;
else
params->pancAuxABIT[i] = 0;
+
+ if (params->pancAuxABIT[i] > 25) {
+ av_log(s->avctx, AV_LOG_WARNING, "XLL: pancAuxABIT too large\n");
+ params->pancAuxABIT[i] = 0;
+ }
}
for (i = 0; i < num_param_sets; i++) {
@@ -510,6 +515,10 @@ int ff_dca_xll_decode_audio(DCAContext *s, AVFrame *frame)
if (params->rice_code_flag[i] == 0 && params->pancABIT[i] > 0)
/* For linear code */
params->pancABIT[i]++;
+ if (params->pancABIT[i] > 25 || params->pancABIT0[i] > 25) {
+ av_log(AV_LOG_WARNING, "XLL: pancABIT too large\n");
+ goto next_chset;
+ }
}
}
for (i = 0; i < chset->channels; i++) {
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Many that live deserve death. And some that die deserve life. Can you give
it to them? Then do not be too eager to deal out death in judgement. For
even the very wise cannot see all ends. -- Gandalf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20160103/6110a38a/attachment.sig>
More information about the ffmpeg-devel
mailing list