[FFmpeg-cvslog] alsdec: validate time diff index
Andreas Cadhalpun
git at videolan.org
Sun Apr 19 01:27:01 CEST 2015
ffmpeg | branch: master | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Sat Apr 18 20:09:28 2015 +0200| [faf9fe2c224ea81a98afd53e2f0be0a2e13aeca9] | committer: Michael Niedermayer
alsdec: validate time diff index
If begin is smaller than t, the subtraction 'begin -= t' wraps around,
because begin is unsigned. The same applies for end < t.
This causes segmentation faults.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=faf9fe2c224ea81a98afd53e2f0be0a2e13aeca9
---
libavcodec/alsdec.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index 787792f..7c652af 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -1290,8 +1290,16 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
if (ch[dep].time_diff_sign) {
t = -t;
+ if (t > 0 && begin < t) {
+ av_log(ctx->avctx, AV_LOG_ERROR, "begin %u smaller than time diff index %d.\n", begin, t);
+ return AVERROR_INVALIDDATA;
+ }
begin -= t;
} else {
+ if (t > 0 && end < t) {
+ av_log(ctx->avctx, AV_LOG_ERROR, "end %u smaller than time diff index %d.\n", end, t);
+ return AVERROR_INVALIDDATA;
+ }
end -= t;
}
More information about the ffmpeg-cvslog
mailing list