[FFmpeg-cvslog] avcodec/flacdec: check rice_order against blocksize
Michael Niedermayer
git at videolan.org
Tue Jan 7 14:15:29 CET 2014
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jan 7 13:57:47 2014 +0100| [8ca9a68f1905ff871690be38348d62a25aef2a8f] | committer: Michael Niedermayer
avcodec/flacdec: check rice_order against blocksize
Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f6e13c220d0_8489_short.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8ca9a68f1905ff871690be38348d62a25aef2a8f
---
libavcodec/flacdec.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c
index 596b24d..f63a918 100644
--- a/libavcodec/flacdec.c
+++ b/libavcodec/flacdec.c
@@ -221,6 +221,12 @@ static int decode_residuals(FLACContext *s, int32_t *decoded, int pred_order)
rice_order = get_bits(&s->gb, 4);
samples= s->blocksize >> rice_order;
+ if (samples << rice_order != s->blocksize) {
+ av_log(s->avctx, AV_LOG_ERROR, "invalid rice order: %i blocksize %i\n",
+ rice_order, s->blocksize);
+ return AVERROR_INVALIDDATA;
+ }
+
if (pred_order > samples) {
av_log(s->avctx, AV_LOG_ERROR, "invalid predictor order: %i > %i\n",
pred_order, samples);
More information about the ffmpeg-cvslog
mailing list