# HG changeset patch
# User ramiro
# Date 1238964413 0
# Node ID 586dca8c04e7f014734207d5d62ca39c90bbb7ea
# Parent  b799c2a836242cebf096b3f3f9178d7a07dc29be
mlpdec: Validate non-restart bit from the substream header.

diff -r b799c2a83624 -r 586dca8c04e7 mlpdec.c
--- a/mlpdec.c	Sun Apr 05 20:11:40 2009 +0000
+++ b/mlpdec.c	Sun Apr 05 20:46:53 2009 +0000
@@ -117,6 +117,9 @@
 typedef struct MLPDecodeContext {
     AVCodecContext *avctx;
 
+    //! Current access unit being read has a major sync.
+    int         is_major_sync_unit;
+
     //! Set if a valid major sync block has been read. Otherwise no decoding is possible.
     uint8_t     params_valid;
 
@@ -917,9 +920,11 @@
 
     init_get_bits(&gb, (buf + 4), (length - 4) * 8);
 
+    m->is_major_sync_unit = 0;
     if (show_bits_long(&gb, 31) == (0xf8726fba >> 1)) {
         if (read_major_sync(m, &gb) < 0)
             goto error;
+        m->is_major_sync_unit = 1;
         header_size += 28;
     }
 
@@ -933,10 +938,10 @@
     substream_start = 0;
 
     for (substr = 0; substr < m->num_substreams; substr++) {
-        int extraword_present, checkdata_present, end;
+        int extraword_present, checkdata_present, end, nonrestart_substr;
 
         extraword_present = get_bits1(&gb);
-        skip_bits1(&gb);
+        nonrestart_substr = get_bits1(&gb);
         checkdata_present = get_bits1(&gb);
         skip_bits1(&gb);
 
@@ -949,6 +954,11 @@
             substr_header_size += 2;
         }
 
+        if (!(nonrestart_substr ^ m->is_major_sync_unit)) {
+            av_log(m->avctx, AV_LOG_ERROR, "Invalid nonrestart_substr.\n");
+            goto error;
+        }
+
         if (end + header_size + substr_header_size > length) {
             av_log(m->avctx, AV_LOG_ERROR,
                    "Indicated length of substream %d data goes off end of "