Mercurial > libavcodec.hg
comparison alac.c @ 3303:68721b62a528 libavcodec
sanity checks, some might have been exploitable ...
author | michael |
---|---|
date | Sat, 13 May 2006 10:45:26 +0000 |
parents | 32e634e0d5cc |
children | 82277c821113 |
comparison
equal
deleted
inserted
replaced
3302:cb356bfc7e22 | 3303:68721b62a528 |
---|---|
98 | 98 |
99 alac->outputsamples_buffer_a = av_malloc(alac->setinfo_max_samples_per_frame * 4); | 99 alac->outputsamples_buffer_a = av_malloc(alac->setinfo_max_samples_per_frame * 4); |
100 alac->outputsamples_buffer_b = av_malloc(alac->setinfo_max_samples_per_frame * 4); | 100 alac->outputsamples_buffer_b = av_malloc(alac->setinfo_max_samples_per_frame * 4); |
101 } | 101 } |
102 | 102 |
103 static void alac_set_info(ALACContext *alac) | 103 static int alac_set_info(ALACContext *alac) |
104 { | 104 { |
105 unsigned char *ptr = alac->avctx->extradata; | 105 unsigned char *ptr = alac->avctx->extradata; |
106 | 106 |
107 ptr += 4; /* size */ | 107 ptr += 4; /* size */ |
108 ptr += 4; /* alac */ | 108 ptr += 4; /* alac */ |
109 ptr += 4; /* 0 ? */ | 109 ptr += 4; /* 0 ? */ |
110 | 110 |
111 if(BE_32(ptr) >= UINT_MAX/4){ | |
112 av_log(alac->avctx, AV_LOG_ERROR, "setinfo_max_samples_per_frame too large\n"); | |
113 return -1; | |
114 } | |
111 alac->setinfo_max_samples_per_frame = BE_32(ptr); /* buffer size / 2 ? */ | 115 alac->setinfo_max_samples_per_frame = BE_32(ptr); /* buffer size / 2 ? */ |
112 ptr += 4; | 116 ptr += 4; |
113 alac->setinfo_7a = *ptr++; | 117 alac->setinfo_7a = *ptr++; |
114 alac->setinfo_sample_size = *ptr++; | 118 alac->setinfo_sample_size = *ptr++; |
115 alac->setinfo_rice_historymult = *ptr++; | 119 alac->setinfo_rice_historymult = *ptr++; |
124 ptr += 4; | 128 ptr += 4; |
125 alac->setinfo_8a_rate = BE_32(ptr); // samplerate | 129 alac->setinfo_8a_rate = BE_32(ptr); // samplerate |
126 ptr += 4; | 130 ptr += 4; |
127 | 131 |
128 allocate_buffers(alac); | 132 allocate_buffers(alac); |
133 | |
134 return 0; | |
129 } | 135 } |
130 | 136 |
131 /* hideously inefficient. could use a bitmask search, | 137 /* hideously inefficient. could use a bitmask search, |
132 * alternatively bsr on x86, | 138 * alternatively bsr on x86, |
133 */ | 139 */ |