[FFmpeg-devel] [PATCH 1/2] wmavoice: truncate spillover_nbits if too large
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Mon Jan 2 00:18:49 EET 2017
This fixes triggering the av_assert0(ret <= tmp.size).
The problem was reintroduced by commit
7b27dd5c16de785297ce4de4b88afa0b6685f61d and originally fixed by
2a4700a4f03280fa8ba4fc0f8a9987bb550f0d1e.
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
---
libavcodec/wmavoice.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
index cd5958c7bc..1bfad46b2e 100644
--- a/libavcodec/wmavoice.c
+++ b/libavcodec/wmavoice.c
@@ -1923,6 +1923,11 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data,
* continuing to parse new superframes in the current packet. */
if (s->sframe_cache_size > 0) {
int cnt = get_bits_count(gb);
+ if (cnt + s->spillover_nbits > avpkt->size * 8) {
+ av_log(ctx, AV_LOG_WARNING, "Number of spillover bits %d larger than remaining packet size %d, truncating.\n",
+ s->spillover_nbits, avpkt->size * 8 - cnt);
+ s->spillover_nbits = avpkt->size * 8 - cnt;
+ }
copy_bits(&s->pb, avpkt->data, size, gb, s->spillover_nbits);
flush_put_bits(&s->pb);
s->sframe_cache_size += s->spillover_nbits;
--
2.11.0
More information about the ffmpeg-devel
mailing list