Mercurial > libavcodec.hg
annotate aac_parser.c @ 5817:ced30500e2b1 libavcodec
prevent infinite loop and memcpy of negative amounts
fixes issue194
author | michael |
---|---|
date | Sat, 13 Oct 2007 12:25:31 +0000 |
parents | b42e963c8149 |
children | 48759bfbd073 |
rev | line source |
---|---|
4941 | 1 /* |
2 * Audio and Video frame extraction | |
3 * Copyright (c) 2003 Fabrice Bellard. | |
4 * Copyright (c) 2003 Michael Niedermayer. | |
5 * | |
6 * This file is part of FFmpeg. | |
7 * | |
8 * FFmpeg is free software; you can redistribute it and/or | |
9 * modify it under the terms of the GNU Lesser General Public | |
10 * License as published by the Free Software Foundation; either | |
11 * version 2.1 of the License, or (at your option) any later version. | |
12 * | |
13 * FFmpeg is distributed in the hope that it will be useful, | |
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 * Lesser General Public License for more details. | |
17 * | |
18 * You should have received a copy of the GNU Lesser General Public | |
19 * License along with FFmpeg; if not, write to the Free Software | |
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
21 */ | |
22 | |
23 #include "parser.h" | |
24 #include "aac_ac3_parser.h" | |
25 #include "bitstream.h" | |
26 | |
27 | |
28 #define AAC_HEADER_SIZE 7 | |
29 | |
30 | |
31 static const int aac_sample_rates[16] = { | |
32 96000, 88200, 64000, 48000, 44100, 32000, | |
33 24000, 22050, 16000, 12000, 11025, 8000, 7350 | |
34 }; | |
35 | |
36 static const int aac_channels[8] = { | |
37 0, 1, 2, 3, 4, 5, 6, 8 | |
38 }; | |
39 | |
40 | |
41 static int aac_sync(const uint8_t *buf, int *channels, int *sample_rate, | |
42 int *bit_rate, int *samples) | |
43 { | |
44 GetBitContext bits; | |
45 int size, rdb, ch, sr; | |
46 | |
47 init_get_bits(&bits, buf, AAC_HEADER_SIZE * 8); | |
48 | |
49 if(get_bits(&bits, 12) != 0xfff) | |
50 return 0; | |
51 | |
52 skip_bits1(&bits); /* id */ | |
53 skip_bits(&bits, 2); /* layer */ | |
54 skip_bits1(&bits); /* protection_absent */ | |
55 skip_bits(&bits, 2); /* profile_objecttype */ | |
56 sr = get_bits(&bits, 4); /* sample_frequency_index */ | |
57 if(!aac_sample_rates[sr]) | |
58 return 0; | |
59 skip_bits1(&bits); /* private_bit */ | |
60 ch = get_bits(&bits, 3); /* channel_configuration */ | |
61 if(!aac_channels[ch]) | |
62 return 0; | |
63 skip_bits1(&bits); /* original/copy */ | |
64 skip_bits1(&bits); /* home */ | |
65 | |
66 /* adts_variable_header */ | |
67 skip_bits1(&bits); /* copyright_identification_bit */ | |
68 skip_bits1(&bits); /* copyright_identification_start */ | |
69 size = get_bits(&bits, 13); /* aac_frame_length */ | |
5817
ced30500e2b1
prevent infinite loop and memcpy of negative amounts
michael
parents:
4942
diff
changeset
|
70 if(size < AAC_HEADER_SIZE) |
ced30500e2b1
prevent infinite loop and memcpy of negative amounts
michael
parents:
4942
diff
changeset
|
71 return 0; |
ced30500e2b1
prevent infinite loop and memcpy of negative amounts
michael
parents:
4942
diff
changeset
|
72 |
4941 | 73 skip_bits(&bits, 11); /* adts_buffer_fullness */ |
74 rdb = get_bits(&bits, 2); /* number_of_raw_data_blocks_in_frame */ | |
75 | |
76 *channels = aac_channels[ch]; | |
77 *sample_rate = aac_sample_rates[sr]; | |
78 *samples = (rdb + 1) * 1024; | |
79 *bit_rate = size * 8 * *sample_rate / *samples; | |
80 | |
81 return size; | |
82 } | |
83 | |
84 static int aac_parse_init(AVCodecParserContext *s1) | |
85 { | |
4942
b42e963c8149
cosmetics: rename for consistency after previous aac and ac3 parsers move
aurel
parents:
4941
diff
changeset
|
86 AACAC3ParseContext *s = s1->priv_data; |
4941 | 87 s->inbuf_ptr = s->inbuf; |
88 s->header_size = AAC_HEADER_SIZE; | |
89 s->sync = aac_sync; | |
90 return 0; | |
91 } | |
92 | |
93 | |
94 AVCodecParser aac_parser = { | |
95 { CODEC_ID_AAC }, | |
4942
b42e963c8149
cosmetics: rename for consistency after previous aac and ac3 parsers move
aurel
parents:
4941
diff
changeset
|
96 sizeof(AACAC3ParseContext), |
4941 | 97 aac_parse_init, |
4942
b42e963c8149
cosmetics: rename for consistency after previous aac and ac3 parsers move
aurel
parents:
4941
diff
changeset
|
98 ff_aac_ac3_parse, |
4941 | 99 NULL, |
100 }; |