Mercurial > libavcodec.hg

comparison aacsbr.c @ 11433:d8c2170062ce libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
aacsbr: Check for illegal values of bs_pointer in sbr_read_grid().
author alexc
date Tue, 09 Mar 2010 09:27:11 +0000
parents 4eee52db3c4c
children c969ceeffb36
comparison
equal deleted inserted replaced
11432:1a7d902e33ac 11433:d8c2170062ce
626 case FIXFIX: 626 case FIXFIX:
627 ch_data->bs_num_env[1] = 1 << get_bits(gb, 2); 627 ch_data->bs_num_env[1] = 1 << get_bits(gb, 2);
628 if (ch_data->bs_num_env[1] == 1) 628 if (ch_data->bs_num_env[1] == 1)
629 ch_data->bs_amp_res = 0; 629 ch_data->bs_amp_res = 0;
630 630
631 ch_data->bs_pointer = 0;
632
631 ch_data->bs_freq_res[1] = get_bits1(gb); 633 ch_data->bs_freq_res[1] = get_bits1(gb);
632 for (i = 1; i < ch_data->bs_num_env[1]; i++) 634 for (i = 1; i < ch_data->bs_num_env[1]; i++)
633 ch_data->bs_freq_res[i + 1] = ch_data->bs_freq_res[1]; 635 ch_data->bs_freq_res[i + 1] = ch_data->bs_freq_res[1];
634 break; 636 break;
635 case FIXVAR: 637 case FIXVAR:
673 675
674 get_bits1_vector(gb, ch_data->bs_freq_res + 1, ch_data->bs_num_env[1]); 676 get_bits1_vector(gb, ch_data->bs_freq_res + 1, ch_data->bs_num_env[1]);
675 break; 677 break;
676 } 678 }
677 679
680 if (ch_data->bs_pointer > ch_data->bs_num_env[1] + 1) {
681 av_log(ac->avccontext, AV_LOG_ERROR,
682 "Invalid bitstream, bs_pointer points to a middle noise border outside the time borders table: %d\n",
683 ch_data->bs_pointer);
684 return -1;
685 }
678 if (ch_data->bs_frame_class == FIXFIX && ch_data->bs_num_env[1] > 4) { 686 if (ch_data->bs_frame_class == FIXFIX && ch_data->bs_num_env[1] > 4) {
679 av_log(ac->avccontext, AV_LOG_ERROR, 687 av_log(ac->avccontext, AV_LOG_ERROR,
680 "Invalid bitstream, too many SBR envelopes in FIXFIX type SBR frame: %d\n", 688 "Invalid bitstream, too many SBR envelopes in FIXFIX type SBR frame: %d\n",
681 ch_data->bs_num_env[1]); 689 ch_data->bs_num_env[1]);
682 return -1; 690 return -1;