Mercurial > libavcodec.hg
changeset 11343:2b78e800f630 libavcodec
Fixed overreads in TTA decoder with corrupted bistreams.
| author | fenrir |
|---|---|
| date | Wed, 03 Mar 2010 19:31:46 +0000 |
| parents | 8d23ea397dda |
| children | 65fe07cf9ee4 |
| files | tta.c |
| diffstat | 1 files changed, 9 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/tta.c Wed Mar 03 17:24:32 2010 +0000 +++ b/tta.c Wed Mar 03 19:31:46 2010 +0000 @@ -332,9 +332,14 @@ unary--; } - if (k) + if (get_bits_left(&s->gb) < k) + return -1; + + if (k) { + if (k > MIN_CACHE_BITS) + return -1; value = (unary << k) + get_bits(&s->gb, k); - else + } else value = unary; // FIXME: copy paste from original @@ -404,6 +409,8 @@ } } + if (get_bits_left(&s->gb) < 32) + return -1; skip_bits(&s->gb, 32); // frame crc // convert to output buffer