diff options
| author | Luca Barbato <lu_zero@gentoo.org> | 2013-07-10 04:35:34 +0200 |
|---|---|---|
| committer | Luca Barbato <lu_zero@gentoo.org> | 2013-08-24 11:49:01 +0200 |
| commit | cbc12124999b633a02f25bc6f6fa895a7cf656da (patch) | |
| tree | b571c596af8a343d392103cf89d2e1ffb991db46 | |
| parent | 64867f3cb507b4f309d9e444ba9ddb66bd6b32e2 (diff) | |
| download | ffmpeg-cbc12124999b633a02f25bc6f6fa895a7cf656da.tar.gz | |
mlpdec: Do not set invalid context in read_restart_header
The faulty values rippled further down the codepath causing a
hard-to-track segfault in the assembly code.
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
(cherry picked from commit e9d394f3fad7e8fd8fc80e3b33cb045bbaceb446)
Signed-off-by: Luca Barbato <lu_zero@gentoo.org>
Conflicts:
libavcodec/mlpdec.c
| -rw-r--r-- | libavcodec/mlpdec.c | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c index 0eaf2e39e5..d999495f40 100644 --- a/libavcodec/mlpdec.c +++ b/libavcodec/mlpdec.c @@ -392,9 +392,10 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp, uint8_t checksum; uint8_t lossless_check; int start_count = get_bits_count(gbp); - const int max_matrix_channel = m->avctx->codec_id == AV_CODEC_ID_MLP - ? MAX_MATRIX_CHANNEL_MLP - : MAX_MATRIX_CHANNEL_TRUEHD; + int min_channel, max_channel, max_matrix_channel; + const int std_max_matrix_channel = m->avctx->codec_id == AV_CODEC_ID_MLP + ? MAX_MATRIX_CHANNEL_MLP + : MAX_MATRIX_CHANNEL_TRUEHD; sync_word = get_bits(gbp, 13); @@ -413,18 +414,18 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp, skip_bits(gbp, 16); /* Output timestamp */ - s->min_channel = get_bits(gbp, 4); - s->max_channel = get_bits(gbp, 4); - s->max_matrix_channel = get_bits(gbp, 4); + min_channel = get_bits(gbp, 4); + max_channel = get_bits(gbp, 4); + max_matrix_channel = get_bits(gbp, 4); - if (s->max_matrix_channel > max_matrix_channel) { + if (max_matrix_channel > std_max_matrix_channel) { av_log(m->avctx, AV_LOG_ERROR, "Max matrix channel cannot be greater than %d.\n", max_matrix_channel); return AVERROR_INVALIDDATA; } - if (s->max_channel != s->max_matrix_channel) { + if (max_channel != max_matrix_channel) { av_log(m->avctx, AV_LOG_ERROR, "Max channel must be equal max matrix channel.\n"); return AVERROR_INVALIDDATA; @@ -439,15 +440,20 @@ static int read_restart_header(MLPDecodeContext *m, GetBitContext *gbp, return AVERROR_PATCHWELCOME; } - if (s->min_channel > s->max_channel) { + if (min_channel > max_channel) { av_log(m->avctx, AV_LOG_ERROR, "Substream min channel cannot be greater than max channel.\n"); return AVERROR_INVALIDDATA; } - if (m->avctx->request_channels > 0 - && s->max_channel + 1 >= m->avctx->request_channels - && substr < m->max_decoded_substream) { + + s->min_channel = min_channel; + s->max_channel = max_channel; + s->max_matrix_channel = max_matrix_channel; + + if (m->avctx->request_channels > 0 && + m->avctx->request_channels <= s->max_channel + 1 && + m->max_decoded_substream > substr) { av_log(m->avctx, AV_LOG_DEBUG, "Extracting %d channel downmix from substream %d. " "Further substreams will be skipped.\n", |