diff options
author | Michael Niedermayer <michaelni@gmx.at> | 2008-07-18 12:03:21 +0000 |
---|---|---|
committer | Michael Niedermayer <michaelni@gmx.at> | 2008-07-18 12:03:21 +0000 |
commit | e0168e3b9c4d7366c10ce8a78406b6270b511390 (patch) | |
tree | 9e9b514f30c514e24e4ecd305565f7c96ba5ddfe | |
parent | 1e77df15ddee87c1a46c5521c0e7214e70600cac (diff) | |
download | ffmpeg-e0168e3b9c4d7366c10ce8a78406b6270b511390.tar.gz |
Support reading large metadata.
fixes issue187
Originally committed as revision 14281 to svn://svn.ffmpeg.org/ffmpeg/trunk
-rw-r--r-- | libavcodec/flac.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/libavcodec/flac.c b/libavcodec/flac.c index 2d65c11922..fc1e0ec0e4 100644 --- a/libavcodec/flac.c +++ b/libavcodec/flac.c @@ -181,6 +181,7 @@ void ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s, static int metadata_parse(FLACContext *s) { int i, metadata_last, metadata_type, metadata_size, streaminfo_updated=0; + int initial_pos= get_bits_count(&s->gb); if (show_bits_long(&s->gb, 32) == MKBETAG('f','L','a','C')) { skip_bits(&s->gb, 32); @@ -191,6 +192,11 @@ static int metadata_parse(FLACContext *s) metadata_type = get_bits(&s->gb, 7); metadata_size = get_bits_long(&s->gb, 24); + if(get_bits_count(&s->gb) + 8*metadata_size > s->gb.size_in_bits){ + skip_bits_long(&s->gb, initial_pos - get_bits_count(&s->gb)); + break; + } + av_log(s->avctx, AV_LOG_DEBUG, " metadata block: flag = %d, type = %d, size = %d\n", metadata_last, metadata_type, metadata_size); @@ -612,9 +618,16 @@ static int flac_decode_frame(AVCodecContext *avctx, } if(1 && s->max_framesize){//FIXME truncated - buf_size= FFMAX(FFMIN(buf_size, s->max_framesize - s->bitstream_size), 0); + if(s->bitstream_size < 4 || AV_RL32(s->bitstream) != MKTAG('f','L','a','C')) + buf_size= FFMIN(buf_size, s->max_framesize - FFMIN(s->bitstream_size, s->max_framesize)); input_buf_size= buf_size; + if(s->bitstream_size + buf_size < buf_size || s->bitstream_index + s->bitstream_size + buf_size < s->bitstream_index) + return -1; + + if(s->allocated_bitstream_size < s->bitstream_size + buf_size) + s->bitstream= av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, s->bitstream_size + buf_size); + if(s->bitstream_index + s->bitstream_size + buf_size > s->allocated_bitstream_size){ // printf("memmove\n"); memmove(s->bitstream, &s->bitstream[s->bitstream_index], s->bitstream_size); |