Mercurial > libavcodec.hg
comparison ac3dec.c @ 6536:8f2186d5daca libavcodec
additional protection from segmentation faults and memory access errors by
copying the input buffer to a local context buffer which is large enough to
hold the largest possible AC3 frame.
| author | jbr |
|---|---|
| date | Tue, 25 Mar 2008 23:34:00 +0000 |
| parents | 5542d0c04a55 |
| children | ea2f7235c3e1 |
comparison
equal
deleted
inserted
replaced
| 6535:34717463c154 | 6536:8f2186d5daca |
|---|---|
| 37 #include "bitstream.h" | 37 #include "bitstream.h" |
| 38 #include "crc.h" | 38 #include "crc.h" |
| 39 #include "dsputil.h" | 39 #include "dsputil.h" |
| 40 #include "random.h" | 40 #include "random.h" |
| 41 | 41 |
| 42 /** Maximum possible frame size when the specification limit is ignored */ | |
| 43 #define AC3_MAX_FRAME_SIZE 21695 | |
| 44 | |
| 42 /** | 45 /** |
| 43 * Table of bin locations for rematrixing bands | 46 * Table of bin locations for rematrixing bands |
| 44 * reference: Section 7.5.2 Rematrixing : Frequency Band Definitions | 47 * reference: Section 7.5.2 Rematrixing : Frequency Band Definitions |
| 45 */ | 48 */ |
| 46 static const uint8_t rematrix_band_tab[5] = { 13, 25, 37, 61, 253 }; | 49 static const uint8_t rematrix_band_tab[5] = { 13, 25, 37, 61, 253 }; |
| 189 | 192 |
| 190 /* Miscellaneous. */ | 193 /* Miscellaneous. */ |
| 191 GetBitContext gbc; ///< bitstream reader | 194 GetBitContext gbc; ///< bitstream reader |
| 192 AVRandomState dith_state; ///< for dither generation | 195 AVRandomState dith_state; ///< for dither generation |
| 193 AVCodecContext *avctx; ///< parent context | 196 AVCodecContext *avctx; ///< parent context |
| 197 uint8_t input_buffer[AC3_MAX_FRAME_SIZE]; ///< temp buffer to prevent overread | |
| 194 } AC3DecodeContext; | 198 } AC3DecodeContext; |
| 195 | 199 |
| 196 /** | 200 /** |
| 197 * Symmetrical Dequantization | 201 * Symmetrical Dequantization |
| 198 * reference: Section 7.3.3 Expansion of Mantissas for Symmetrical Quantization | 202 * reference: Section 7.3.3 Expansion of Mantissas for Symmetrical Quantization |
| 1131 AC3DecodeContext *s = avctx->priv_data; | 1135 AC3DecodeContext *s = avctx->priv_data; |
| 1132 int16_t *out_samples = (int16_t *)data; | 1136 int16_t *out_samples = (int16_t *)data; |
| 1133 int i, blk, ch, err; | 1137 int i, blk, ch, err; |
| 1134 | 1138 |
| 1135 /* initialize the GetBitContext with the start of valid AC-3 Frame */ | 1139 /* initialize the GetBitContext with the start of valid AC-3 Frame */ |
| 1140 if(avctx->error_resilience >= FF_ER_CAREFUL) { | |
| 1141 /* copy input buffer to decoder context to avoid reading past the end | |
| 1142 of the buffer, which can be caused by a damaged input stream. */ | |
| 1143 memcpy(s->input_buffer, buf, FFMIN(buf_size, AC3_MAX_FRAME_SIZE)); | |
| 1144 init_get_bits(&s->gbc, s->input_buffer, buf_size * 8); | |
| 1145 } else { | |
| 1136 init_get_bits(&s->gbc, buf, buf_size * 8); | 1146 init_get_bits(&s->gbc, buf, buf_size * 8); |
| 1147 } | |
| 1137 | 1148 |
| 1138 /* parse the syncinfo */ | 1149 /* parse the syncinfo */ |
| 1139 err = ac3_parse_header(s); | 1150 err = ac3_parse_header(s); |
| 1140 if(err) { | 1151 if(err) { |
| 1141 switch(err) { | 1152 switch(err) { |