[FFmpeg-devel] [PATCH] wavpack: limit extra_bits to 32 and use get_bits_long
Paul B Mahol
onemda at gmail.com
Thu Jul 2 23:20:25 CEST 2015
On 7/2/15, Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> wrote:
> More than 32 bits can't be stored in an integer and get_bits should not
> be used with more than 25 bits.
>
> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
> ---
> libavcodec/wavpack.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
> index d91b66c..554367b 100644
> --- a/libavcodec/wavpack.c
> +++ b/libavcodec/wavpack.c
> @@ -271,7 +271,7 @@ static inline int
> wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc,
>
> if (s->got_extra_bits &&
> get_bits_left(&s->gb_extra_bits) >= s->extra_bits) {
> - S |= get_bits(&s->gb_extra_bits, s->extra_bits);
> + S |= get_bits_long(&s->gb_extra_bits, s->extra_bits);
> *crc = *crc * 9 + (S & 0xffff) * 3 + ((unsigned)S >> 16);
> }
> }
> @@ -835,7 +835,11 @@ static int wavpack_decode_block(AVCodecContext *avctx,
> int block_no,
> continue;
> }
> bytestream2_get_buffer(&gb, val, 4);
> - if (val[0]) {
> + if (val[0] > 32) {
> + av_log(avctx, AV_LOG_ERROR,
> + "Invalid INT32INFO, extra_bits = %d (> 32)\n",
> val[0]);
> + continue;
> + } else if (val[0]) {
> s->extra_bits = val[0];
> } else if (val[1]) {
> s->shift = val[1];
> --
> 2.1.4
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
lgtm
More information about the ffmpeg-devel
mailing list