Mercurial > libavcodec.hg

changeset 9532:2aabf1a58f19 libavcodec

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mlpdec: Validate num_primitive_matrices.
author ramiro
date Tue, 21 Apr 2009 22:32:50 +0000
parents 19a70bcc2220
children b724134599eb
files mlp.h mlpdec.c
diffstat 2 files changed, 12 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mlp.h	Tue Apr 21 22:12:30 2009 +0000
+++ b/mlp.h	Tue Apr 21 22:32:50 2009 +0000
@@ -35,6 +35,8 @@
 /** Maximum number of matrices used in decoding; most streams have one matrix
  *  per output channel, but some rematrix a channel (usually 0) more than once.
  */
+#define MAX_MATRICES_MLP            6
+#define MAX_MATRICES_TRUEHD         8
 #define MAX_MATRICES        15
 
 /** Maximum number of substreams that can be decoded.
--- a/mlpdec.c	Tue Apr 21 22:12:30 2009 +0000
+++ b/mlpdec.c	Tue Apr 21 22:32:50 2009 +0000
@@ -527,6 +527,9 @@
 {
     SubStream *s = &m->substream[substr];
     unsigned int mat, ch;
+    const int max_primitive_matrices = m->avctx->codec_id == CODEC_ID_MLP
+                                     ? MAX_MATRICES_MLP
+                                     : MAX_MATRICES_TRUEHD;
 
     if (m->matrix_changed++ > 1) {
         av_log(m->avctx, AV_LOG_ERROR, "Matrices may change only once per access unit.\n");
@@ -535,6 +538,13 @@
 
     s->num_primitive_matrices = get_bits(gbp, 4);
 
+    if (s->num_primitive_matrices > max_primitive_matrices) {
+        av_log(m->avctx, AV_LOG_ERROR,
+               "Number of primitive matrices cannot be greater than %d.\n",
+               max_primitive_matrices);
+        return -1;
+    }
+
     for (mat = 0; mat < s->num_primitive_matrices; mat++) {
         int frac_bits, max_chan;
         s->matrix_out_ch[mat] = get_bits(gbp, 4);