aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2015-01-12 01:51:06 +0100
committerMichael Niedermayer <michaelni@gmx.at>2015-01-12 03:33:16 +0100
commite2db9a736fd9506d194854ee448c7830d486b125 (patch)
tree340c1f4d46ccd6139b509d32b33849bc230754a3 /libavcodec
parenta8bc901033e85963f909660629e14190cc538ffe (diff)
downloadffmpeg-e2db9a736fd9506d194854ee448c7830d486b125.tar.gz
avcodec/wmadec: fix 0 frame bit_reservoir
Fixes Ticket968 partly fixes Ticket691 Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/wma.h2
-rw-r--r--libavcodec/wmadec.c24
2 files changed, 23 insertions, 3 deletions
diff --git a/libavcodec/wma.h b/libavcodec/wma.h
index a232b8a4c6..8d337df1dd 100644
--- a/libavcodec/wma.h
+++ b/libavcodec/wma.h
@@ -42,7 +42,7 @@
#define NB_LSP_COEFS 10
/* XXX: is it a suitable value ? */
-#define MAX_CODED_SUPERFRAME_SIZE 16384
+#define MAX_CODED_SUPERFRAME_SIZE 32768
#define MAX_CHANNELS 2
diff --git a/libavcodec/wmadec.c b/libavcodec/wmadec.c
index b7fa07010e..79e7b0c8a9 100644
--- a/libavcodec/wmadec.c
+++ b/libavcodec/wmadec.c
@@ -840,9 +840,29 @@ static int wma_decode_superframe(AVCodecContext *avctx, void *data,
skip_bits(&s->gb, 4); /* super frame index */
nb_frames = get_bits(&s->gb, 4) - (s->last_superframe_len <= 0);
if (nb_frames <= 0) {
- av_log(avctx, AV_LOG_ERROR, "nb_frames is %d bits left %d\n",
+ int is_error = nb_frames < 0 || get_bits_left(&s->gb) <= 8;
+ av_log(avctx, is_error ? AV_LOG_ERROR : AV_LOG_WARNING,
+ "nb_frames is %d bits left %d\n",
nb_frames, get_bits_left(&s->gb));
- return AVERROR_INVALIDDATA;
+ if (is_error)
+ return AVERROR_INVALIDDATA;
+
+ if ((s->last_superframe_len + buf_size - 1) >
+ MAX_CODED_SUPERFRAME_SIZE)
+ goto fail;
+
+ q = s->last_superframe + s->last_superframe_len;
+ len = buf_size - 1;
+ while (len > 0) {
+ *q++ = get_bits (&s->gb, 8);
+ len --;
+ }
+ memset(q, 0, FF_INPUT_BUFFER_PADDING_SIZE);
+
+ s->last_superframe_len += 8*buf_size - 8;
+// s->reset_block_lengths = 1; //XXX is this needed ?
+ *got_frame_ptr = 0;
+ return buf_size;
}
} else
nb_frames = 1;