Mercurial > libavcodec.hg
comparison adpcm.c @ 8734:bb969c77ad18 libavcodec
check validity of pointer srcC
| author | stefang |
|---|---|
| date | Tue, 03 Feb 2009 17:56:24 +0000 |
| parents | e9d9d946f213 |
| children | 043574c5c153 |
comparison
equal
deleted
inserted
replaced
| 8733:91007f70b81a | 8734:bb969c77ad18 |
|---|---|
| 1283 int32_t coeff1, coeff2; | 1283 int32_t coeff1, coeff2; |
| 1284 uint8_t shift; | 1284 uint8_t shift; |
| 1285 unsigned int channel; | 1285 unsigned int channel; |
| 1286 uint16_t *samplesC; | 1286 uint16_t *samplesC; |
| 1287 const uint8_t *srcC; | 1287 const uint8_t *srcC; |
| 1288 const uint8_t *src_end = buf + buf_size; | |
| 1288 | 1289 |
| 1289 samples_in_chunk = (big_endian ? bytestream_get_be32(&src) | 1290 samples_in_chunk = (big_endian ? bytestream_get_be32(&src) |
| 1290 : bytestream_get_le32(&src)) / 28; | 1291 : bytestream_get_le32(&src)) / 28; |
| 1291 if (samples_in_chunk > UINT32_MAX/(28*avctx->channels) || | 1292 if (samples_in_chunk > UINT32_MAX/(28*avctx->channels) || |
| 1292 28*samples_in_chunk*avctx->channels > samples_end-samples) { | 1293 28*samples_in_chunk*avctx->channels > samples_end-samples) { |
| 1293 src += buf_size - 4; | 1294 src += buf_size - 4; |
| 1294 break; | 1295 break; |
| 1295 } | 1296 } |
| 1296 | 1297 |
| 1297 for (channel=0; channel<avctx->channels; channel++) { | 1298 for (channel=0; channel<avctx->channels; channel++) { |
| 1298 srcC = src + (avctx->channels-channel) * 4; | 1299 int32_t offset = (big_endian ? bytestream_get_be32(&src) |
| 1299 srcC += (big_endian ? bytestream_get_be32(&src) | 1300 : bytestream_get_le32(&src)) |
| 1300 : bytestream_get_le32(&src)); | 1301 + (avctx->channels-channel-1) * 4; |
| 1302 | |
| 1303 if ((offset < 0) || (offset >= src_end - src - 4)) break; | |
| 1304 srcC = src + offset; | |
| 1301 samplesC = samples + channel; | 1305 samplesC = samples + channel; |
| 1302 | 1306 |
| 1303 if (avctx->codec->id == CODEC_ID_ADPCM_EA_R1) { | 1307 if (avctx->codec->id == CODEC_ID_ADPCM_EA_R1) { |
| 1304 current_sample = (int16_t)bytestream_get_le16(&srcC); | 1308 current_sample = (int16_t)bytestream_get_le16(&srcC); |
| 1305 previous_sample = (int16_t)bytestream_get_le16(&srcC); | 1309 previous_sample = (int16_t)bytestream_get_le16(&srcC); |
| 1309 } | 1313 } |
| 1310 | 1314 |
| 1311 for (count1=0; count1<samples_in_chunk; count1++) { | 1315 for (count1=0; count1<samples_in_chunk; count1++) { |
| 1312 if (*srcC == 0xEE) { /* only seen in R2 and R3 */ | 1316 if (*srcC == 0xEE) { /* only seen in R2 and R3 */ |
| 1313 srcC++; | 1317 srcC++; |
| 1318 if (srcC > src_end - 30*2) break; | |
| 1314 current_sample = (int16_t)bytestream_get_be16(&srcC); | 1319 current_sample = (int16_t)bytestream_get_be16(&srcC); |
| 1315 previous_sample = (int16_t)bytestream_get_be16(&srcC); | 1320 previous_sample = (int16_t)bytestream_get_be16(&srcC); |
| 1316 | 1321 |
| 1317 for (count2=0; count2<28; count2++) { | 1322 for (count2=0; count2<28; count2++) { |
| 1318 *samplesC = (int16_t)bytestream_get_be16(&srcC); | 1323 *samplesC = (int16_t)bytestream_get_be16(&srcC); |
| 1321 } else { | 1326 } else { |
| 1322 coeff1 = ea_adpcm_table[ *srcC>>4 ]; | 1327 coeff1 = ea_adpcm_table[ *srcC>>4 ]; |
| 1323 coeff2 = ea_adpcm_table[(*srcC>>4) + 4]; | 1328 coeff2 = ea_adpcm_table[(*srcC>>4) + 4]; |
| 1324 shift = (*srcC++ & 0x0F) + 8; | 1329 shift = (*srcC++ & 0x0F) + 8; |
| 1325 | 1330 |
| 1331 if (srcC > src_end - 14) break; | |
| 1326 for (count2=0; count2<28; count2++) { | 1332 for (count2=0; count2<28; count2++) { |
| 1327 if (count2 & 1) | 1333 if (count2 & 1) |
| 1328 next_sample = (int32_t)((*srcC++ & 0x0F) << 28) >> shift; | 1334 next_sample = (int32_t)((*srcC++ & 0x0F) << 28) >> shift; |
| 1329 else | 1335 else |
| 1330 next_sample = (int32_t)((*srcC & 0xF0) << 24) >> shift; | 1336 next_sample = (int32_t)((*srcC & 0xF0) << 24) >> shift; |