aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Larsson <banan@ludd.ltu.se>2008-03-06 14:22:02 +0000
committerBenjamin Larsson <banan@ludd.ltu.se>2008-03-06 14:22:02 +0000
commitebf71dbda52801f40d4e9313058bef6b792cf6cd (patch)
tree723af2ef4f6e6d083c7b9e40da59e441150decdb
parent72d334cab448864de018aa569c1b82c212362085 (diff)
downloadffmpeg-ebf71dbda52801f40d4e9313058bef6b792cf6cd.tar.gz
Don't use unchecked data from the bitstream.
Originally committed as revision 12351 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r--libavcodec/dca.c12
1 files changed, 10 insertions, 2 deletions
diff --git a/libavcodec/dca.c b/libavcodec/dca.c
index 2a449a2030..14aa9816a3 100644
--- a/libavcodec/dca.c
+++ b/libavcodec/dca.c
@@ -125,6 +125,7 @@ typedef struct {
/* Primary audio coding header */
int subframes; ///< number of subframes
+ int total_channels; ///< number of channels including extensions
int prim_channels; ///< number of primary audio channels
int subband_activity[DCA_PRIM_CHANNELS_MAX]; ///< subband activity count
int vq_start_subband[DCA_PRIM_CHANNELS_MAX]; ///< high frequency vq start subband
@@ -320,7 +321,10 @@ static int dca_parse_frame_header(DCAContext * s)
/* Primary audio coding header */
s->subframes = get_bits(&s->gb, 4) + 1;
- s->prim_channels = get_bits(&s->gb, 3) + 1;
+ s->total_channels = get_bits(&s->gb, 3) + 1;
+ s->prim_channels = s->total_channels;
+ if (s->prim_channels > DCA_PRIM_CHANNELS_MAX)
+ s->prim_channels = DCA_PRIM_CHANNELS_MAX; /* We only support DTS core */
for (i = 0; i < s->prim_channels; i++) {
@@ -427,7 +431,11 @@ static int dca_subframe_header(DCAContext * s)
s->bitalloc[j][k] = get_bits(&s->gb, 5);
else if (s->bitalloc_huffman[j] == 5)
s->bitalloc[j][k] = get_bits(&s->gb, 4);
- else {
+ else if (s->bitalloc_huffman[j] == 7) {
+ av_log(s->avctx, AV_LOG_ERROR,
+ "Invalid bit allocation index\n");
+ return -1;
+ } else {
s->bitalloc[j][k] =
get_bitalloc(&s->gb, &dca_bitalloc_index, s->bitalloc_huffman[j]);
}