From 4db9cc9984a92226e0d6ea5456035ec12000130c Mon Sep 17 00:00:00 2001 From: hj kim Date: Tue, 2 Feb 2021 13:22:33 +0900 Subject: [PATCH] check block length patch from ffmpeg to fix CVE-2013-0845 Change-Id: I5d228ff84c1ff9fd2c34b731eb71b76c5560c89c --- libavcodec/alsdec.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index f356a70..2746725 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -551,12 +551,15 @@ static void get_block_sizes(ALSDecContext *ctx, unsigned int *div_blocks, /** Read the block data for a constant block */ -static void read_const_block_data(ALSDecContext *ctx, ALSBlockData *bd) +static int read_const_block_data(ALSDecContext *ctx, ALSBlockData *bd) { ALSSpecificConfig *sconf = &ctx->sconf; AVCodecContext *avctx = ctx->avctx; GetBitContext *gb = &ctx->gb; + if (bd->block_length <= 0) + return AVERROR_INVALIDDATA; + *bd->raw_samples = 0; *bd->const_block = get_bits1(gb); // 1 = constant value, 0 = zero block (silence) bd->js_blocks = get_bits1(gb); @@ -571,6 +574,8 @@ static void read_const_block_data(ALSDecContext *ctx, ALSBlockData *bd) // ensure constant block decoding by reusing this field *bd->const_block = 1; + + return 0; } @@ -972,7 +977,7 @@ static int read_block(ALSDecContext *ctx, ALSBlockData *bd) if (get_bits1(gb)) { ret = read_var_block_data(ctx, bd); } else { - read_const_block_data(ctx, bd); + ret = read_const_block_data(ctx, bd); } return ret; -- 2.7.4