Mercurial > libavcodec.hg
comparison aacsbr.c @ 11428:6b0d65c8c13d libavcodec
aacsbr: Propagate errors from read_sbr_grid to prevent crashes in malformatted streams.
| author | alexc |
|---|---|
| date | Tue, 09 Mar 2010 06:13:48 +0000 |
| parents | 32504af93342 |
| children | 4eee52db3c4c |
comparison
equal
deleted
inserted
replaced
| 11427:32504af93342 | 11428:6b0d65c8c13d |
|---|---|
| 855 *num_bits_left = 0; | 855 *num_bits_left = 0; |
| 856 break; | 856 break; |
| 857 } | 857 } |
| 858 } | 858 } |
| 859 | 859 |
| 860 static void read_sbr_single_channel_element(AACContext *ac, | 860 static int read_sbr_single_channel_element(AACContext *ac, |
| 861 SpectralBandReplication *sbr, | 861 SpectralBandReplication *sbr, |
| 862 GetBitContext *gb) | 862 GetBitContext *gb) |
| 863 { | 863 { |
| 864 if (get_bits1(gb)) // bs_data_extra | 864 if (get_bits1(gb)) // bs_data_extra |
| 865 skip_bits(gb, 4); // bs_reserved | 865 skip_bits(gb, 4); // bs_reserved |
| 866 | 866 |
| 867 read_sbr_grid(ac, sbr, gb, &sbr->data[0]); | 867 if (read_sbr_grid(ac, sbr, gb, &sbr->data[0])) |
| 868 return -1; | |
| 868 read_sbr_dtdf(sbr, gb, &sbr->data[0]); | 869 read_sbr_dtdf(sbr, gb, &sbr->data[0]); |
| 869 read_sbr_invf(sbr, gb, &sbr->data[0]); | 870 read_sbr_invf(sbr, gb, &sbr->data[0]); |
| 870 read_sbr_envelope(sbr, gb, &sbr->data[0], 0); | 871 read_sbr_envelope(sbr, gb, &sbr->data[0], 0); |
| 871 read_sbr_noise(sbr, gb, &sbr->data[0], 0); | 872 read_sbr_noise(sbr, gb, &sbr->data[0], 0); |
| 872 | 873 |
| 873 if ((sbr->data[0].bs_add_harmonic_flag = get_bits1(gb))) | 874 if ((sbr->data[0].bs_add_harmonic_flag = get_bits1(gb))) |
| 874 get_bits1_vector(gb, sbr->data[0].bs_add_harmonic, sbr->n[1]); | 875 get_bits1_vector(gb, sbr->data[0].bs_add_harmonic, sbr->n[1]); |
| 875 } | 876 } |
| 876 | 877 |
| 877 static void read_sbr_channel_pair_element(AACContext *ac, | 878 static int read_sbr_channel_pair_element(AACContext *ac, |
| 878 SpectralBandReplication *sbr, | 879 SpectralBandReplication *sbr, |
| 879 GetBitContext *gb) | 880 GetBitContext *gb) |
| 880 { | 881 { |
| 881 if (get_bits1(gb)) // bs_data_extra | 882 if (get_bits1(gb)) // bs_data_extra |
| 882 skip_bits(gb, 8); // bs_reserved | 883 skip_bits(gb, 8); // bs_reserved |
| 883 | 884 |
| 884 if ((sbr->bs_coupling = get_bits1(gb))) { | 885 if ((sbr->bs_coupling = get_bits1(gb))) { |
| 885 read_sbr_grid(ac, sbr, gb, &sbr->data[0]); | 886 if (read_sbr_grid(ac, sbr, gb, &sbr->data[0])) |
| 887 return -1; | |
| 886 copy_sbr_grid(&sbr->data[1], &sbr->data[0]); | 888 copy_sbr_grid(&sbr->data[1], &sbr->data[0]); |
| 887 read_sbr_dtdf(sbr, gb, &sbr->data[0]); | 889 read_sbr_dtdf(sbr, gb, &sbr->data[0]); |
| 888 read_sbr_dtdf(sbr, gb, &sbr->data[1]); | 890 read_sbr_dtdf(sbr, gb, &sbr->data[1]); |
| 889 read_sbr_invf(sbr, gb, &sbr->data[0]); | 891 read_sbr_invf(sbr, gb, &sbr->data[0]); |
| 890 memcpy(sbr->data[1].bs_invf_mode[1], sbr->data[1].bs_invf_mode[0], sizeof(sbr->data[1].bs_invf_mode[0])); | 892 memcpy(sbr->data[1].bs_invf_mode[1], sbr->data[1].bs_invf_mode[0], sizeof(sbr->data[1].bs_invf_mode[0])); |
| 892 read_sbr_envelope(sbr, gb, &sbr->data[0], 0); | 894 read_sbr_envelope(sbr, gb, &sbr->data[0], 0); |
| 893 read_sbr_noise(sbr, gb, &sbr->data[0], 0); | 895 read_sbr_noise(sbr, gb, &sbr->data[0], 0); |
| 894 read_sbr_envelope(sbr, gb, &sbr->data[1], 1); | 896 read_sbr_envelope(sbr, gb, &sbr->data[1], 1); |
| 895 read_sbr_noise(sbr, gb, &sbr->data[1], 1); | 897 read_sbr_noise(sbr, gb, &sbr->data[1], 1); |
| 896 } else { | 898 } else { |
| 897 read_sbr_grid(ac, sbr, gb, &sbr->data[0]); | 899 if (read_sbr_grid(ac, sbr, gb, &sbr->data[0]) || |
| 898 read_sbr_grid(ac, sbr, gb, &sbr->data[1]); | 900 read_sbr_grid(ac, sbr, gb, &sbr->data[1])) |
| 901 return -1; | |
| 899 read_sbr_dtdf(sbr, gb, &sbr->data[0]); | 902 read_sbr_dtdf(sbr, gb, &sbr->data[0]); |
| 900 read_sbr_dtdf(sbr, gb, &sbr->data[1]); | 903 read_sbr_dtdf(sbr, gb, &sbr->data[1]); |
| 901 read_sbr_invf(sbr, gb, &sbr->data[0]); | 904 read_sbr_invf(sbr, gb, &sbr->data[0]); |
| 902 read_sbr_invf(sbr, gb, &sbr->data[1]); | 905 read_sbr_invf(sbr, gb, &sbr->data[1]); |
| 903 read_sbr_envelope(sbr, gb, &sbr->data[0], 0); | 906 read_sbr_envelope(sbr, gb, &sbr->data[0], 0); |
| 916 GetBitContext *gb, int id_aac) | 919 GetBitContext *gb, int id_aac) |
| 917 { | 920 { |
| 918 unsigned int cnt = get_bits_count(gb); | 921 unsigned int cnt = get_bits_count(gb); |
| 919 | 922 |
| 920 if (id_aac == TYPE_SCE || id_aac == TYPE_CCE) { | 923 if (id_aac == TYPE_SCE || id_aac == TYPE_CCE) { |
| 921 read_sbr_single_channel_element(ac, sbr, gb); | 924 if (read_sbr_single_channel_element(ac, sbr, gb)) { |
| 925 sbr->start = 0; | |
| 926 return get_bits_count(gb) - cnt; | |
| 927 } | |
| 922 } else if (id_aac == TYPE_CPE) { | 928 } else if (id_aac == TYPE_CPE) { |
| 923 read_sbr_channel_pair_element(ac, sbr, gb); | 929 if (read_sbr_channel_pair_element(ac, sbr, gb)) { |
| 930 sbr->start = 0; | |
| 931 return get_bits_count(gb) - cnt; | |
| 932 } | |
| 924 } else { | 933 } else { |
| 925 av_log(ac->avccontext, AV_LOG_ERROR, | 934 av_log(ac->avccontext, AV_LOG_ERROR, |
| 926 "Invalid bitstream - cannot apply SBR to element type %d\n", id_aac); | 935 "Invalid bitstream - cannot apply SBR to element type %d\n", id_aac); |
| 927 sbr->start = 0; | 936 sbr->start = 0; |
| 928 return get_bits_count(gb) - cnt; | 937 return get_bits_count(gb) - cnt; |