projects
/
platform
/
upstream
/
libav.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
19c8c4e
)
Fixed overreads in TTA decoder with corrupted bistreams.
author
Laurent Aimar
<fenrir@videolan.org>
Wed, 3 Mar 2010 19:31:46 +0000
(19:31 +0000)
committer
Laurent Aimar
<fenrir@videolan.org>
Wed, 3 Mar 2010 19:31:46 +0000
(19:31 +0000)
Originally committed as revision 22176 to svn://svn.ffmpeg.org/ffmpeg/trunk
libavcodec/tta.c
patch
|
blob
|
history
diff --git
a/libavcodec/tta.c
b/libavcodec/tta.c
index
b26724b
..
7dd4cc5
100644
(file)
--- a/
libavcodec/tta.c
+++ b/
libavcodec/tta.c
@@
-332,9
+332,14
@@
static int tta_decode_frame(AVCodecContext *avctx,
unary--;
}
- if (k)
+ if (get_bits_left(&s->gb) < k)
+ return -1;
+
+ if (k) {
+ if (k > MIN_CACHE_BITS)
+ return -1;
value = (unary << k) + get_bits(&s->gb, k);
- else
+
}
else
value = unary;
// FIXME: copy paste from original
@@
-404,6
+409,8
@@
static int tta_decode_frame(AVCodecContext *avctx,
}
}
+ if (get_bits_left(&s->gb) < 32)
+ return -1;
skip_bits(&s->gb, 32); // frame crc
// convert to output buffer