changeset 7304:ac25a6f7147e libavcodec

Support reading large metadata. fixes issue187
author michael
date Fri, 18 Jul 2008 12:03:21 +0000
parents f0fc58bb9780
children f80042115f20
files flac.c
diffstat 1 files changed, 14 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/flac.c	Fri Jul 18 11:39:41 2008 +0000
+++ b/flac.c	Fri Jul 18 12:03:21 2008 +0000
@@ -181,6 +181,7 @@
 static int metadata_parse(FLACContext *s)
 {
     int i, metadata_last, metadata_type, metadata_size, streaminfo_updated=0;
+    int initial_pos= get_bits_count(&s->gb);
 
     if (show_bits_long(&s->gb, 32) == MKBETAG('f','L','a','C')) {
         skip_bits(&s->gb, 32);
@@ -191,6 +192,11 @@
             metadata_type = get_bits(&s->gb, 7);
             metadata_size = get_bits_long(&s->gb, 24);
 
+            if(get_bits_count(&s->gb) + 8*metadata_size > s->gb.size_in_bits){
+                skip_bits_long(&s->gb, initial_pos - get_bits_count(&s->gb));
+                break;
+            }
+
             av_log(s->avctx, AV_LOG_DEBUG,
                    " metadata block: flag = %d, type = %d, size = %d\n",
                    metadata_last, metadata_type, metadata_size);
@@ -612,9 +618,16 @@
     }
 
     if(1 && s->max_framesize){//FIXME truncated
-            buf_size= FFMAX(FFMIN(buf_size, s->max_framesize - s->bitstream_size), 0);
+            if(s->bitstream_size < 4 || AV_RL32(s->bitstream) != MKTAG('f','L','a','C'))
+                buf_size= FFMIN(buf_size, s->max_framesize - FFMIN(s->bitstream_size, s->max_framesize));
             input_buf_size= buf_size;
 
+            if(s->bitstream_size + buf_size < buf_size || s->bitstream_index + s->bitstream_size + buf_size < s->bitstream_index)
+                return -1;
+
+            if(s->allocated_bitstream_size < s->bitstream_size + buf_size)
+                s->bitstream= av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, s->bitstream_size + buf_size);
+
             if(s->bitstream_index + s->bitstream_size + buf_size > s->allocated_bitstream_size){
 //                printf("memmove\n");
                 memmove(s->bitstream, &s->bitstream[s->bitstream_index], s->bitstream_size);