Mercurial > libavcodec.hg
changeset 8268:4dd63fc58a87 libavcodec
ac3dec: detect out-of-range exponents
| author | jbr |
|---|---|
| date | Sat, 06 Dec 2008 15:36:23 +0000 |
| parents | ebbdbb35a0cf |
| children | e7949e116f56 |
| files | ac3dec.c |
| diffstat | 1 files changed, 10 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/ac3dec.c Sat Dec 06 13:42:00 2008 +0000 +++ b/ac3dec.c Sat Dec 06 15:36:23 2008 +0000 @@ -372,7 +372,7 @@ * Decode the grouped exponents according to exponent strategy. * reference: Section 7.1.3 Exponent Decoding */ -static void decode_exponents(GetBitContext *gbc, int exp_strategy, int ngrps, +static int decode_exponents(GetBitContext *gbc, int exp_strategy, int ngrps, uint8_t absexp, int8_t *dexps) { int i, j, grp, group_size; @@ -391,11 +391,14 @@ /* convert to absolute exps and expand groups */ prevexp = absexp; for(i=0; i<ngrps*3; i++) { - prevexp = av_clip(prevexp + dexp[i]-2, 0, 24); + prevexp += dexp[i] - 2; + if (prevexp < 0 || prevexp > 24) + return -1; for(j=0; j<group_size; j++) { dexps[(i*group_size)+j] = prevexp; } } + return 0; } /** @@ -989,9 +992,12 @@ for (ch = !cpl_in_use; ch <= s->channels; ch++) { if (s->exp_strategy[blk][ch] != EXP_REUSE) { s->dexps[ch][0] = get_bits(gbc, 4) << !ch; - decode_exponents(gbc, s->exp_strategy[blk][ch], + if (decode_exponents(gbc, s->exp_strategy[blk][ch], s->num_exp_groups[ch], s->dexps[ch][0], - &s->dexps[ch][s->start_freq[ch]+!!ch]); + &s->dexps[ch][s->start_freq[ch]+!!ch])) { + av_log(s->avctx, AV_LOG_ERROR, "exponent out-of-range\n"); + return -1; + } if(ch != CPL_CH && ch != s->lfe_ch) skip_bits(gbc, 2); /* skip gainrng */ }