aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec
diff options
context:
space:
mode:
authorAnton Khirnov <anton@khirnov.net>2016-08-14 10:18:39 +0200
committerAnton Khirnov <anton@khirnov.net>2016-08-18 17:06:46 +0200
commit409d1cd2c955485798f8b0b0147c2b899b9144ec (patch)
tree45b78bc0947fcc5fc4c09a297d7fe511184bfc1d /libavcodec
parentbba9d8bdfb208b0ec2ccf182530347151ee3528b (diff)
downloadffmpeg-409d1cd2c955485798f8b0b0147c2b899b9144ec.tar.gz
cook: use the bytestream2 API for reading extradata
Fixes possible invalid reads in corrupted files. CC: libav-stable@libav.org Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Diffstat (limited to 'libavcodec')
-rw-r--r--libavcodec/cook.c31
1 files changed, 12 insertions, 19 deletions
diff --git a/libavcodec/cook.c b/libavcodec/cook.c
index f487db6a97..016b1d01bb 100644
--- a/libavcodec/cook.c
+++ b/libavcodec/cook.c
@@ -1041,9 +1041,7 @@ static void dump_cook_context(COOKContext *q)
static av_cold int cook_decode_init(AVCodecContext *avctx)
{
COOKContext *q = avctx->priv_data;
- const uint8_t *edata_ptr = avctx->extradata;
- const uint8_t *edata_ptr_end = edata_ptr + avctx->extradata_size;
- int extradata_size = avctx->extradata_size;
+ GetByteContext gb;
int s = 0;
unsigned int channel_mask = 0;
int samples_per_frame;
@@ -1051,12 +1049,14 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
q->avctx = avctx;
/* Take care of the codec specific extradata. */
- if (extradata_size < 8) {
+ if (avctx->extradata_size < 8) {
av_log(avctx, AV_LOG_ERROR, "Necessary extradata missing!\n");
return AVERROR_INVALIDDATA;
}
av_log(avctx, AV_LOG_DEBUG, "codecdata_length=%d\n", avctx->extradata_size);
+ bytestream2_init(&gb, avctx->extradata, avctx->extradata_size);
+
/* Take data from the AVCodecContext (RM container). */
if (!avctx->channels) {
av_log(avctx, AV_LOG_ERROR, "Invalid number of channels\n");
@@ -1068,21 +1068,15 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
ff_audiodsp_init(&q->adsp);
- while (edata_ptr < edata_ptr_end) {
+ while (bytestream2_get_bytes_left(&gb)) {
/* 8 for mono, 16 for stereo, ? for multichannel
Swap to right endianness so we don't need to care later on. */
- if (extradata_size >= 8) {
- q->subpacket[s].cookversion = bytestream_get_be32(&edata_ptr);
- samples_per_frame = bytestream_get_be16(&edata_ptr);
- q->subpacket[s].subbands = bytestream_get_be16(&edata_ptr);
- extradata_size -= 8;
- }
- if (extradata_size >= 8) {
- bytestream_get_be32(&edata_ptr); // Unknown unused
- q->subpacket[s].js_subband_start = bytestream_get_be16(&edata_ptr);
- q->subpacket[s].js_vlc_bits = bytestream_get_be16(&edata_ptr);
- extradata_size -= 8;
- }
+ q->subpacket[s].cookversion = bytestream2_get_be32(&gb);
+ samples_per_frame = bytestream2_get_be16(&gb);
+ q->subpacket[s].subbands = bytestream2_get_be16(&gb);
+ bytestream2_get_be32(&gb); // Unknown unused
+ q->subpacket[s].js_subband_start = bytestream2_get_be16(&gb);
+ q->subpacket[s].js_vlc_bits = bytestream2_get_be16(&gb);
/* Initialize extradata related variables. */
q->subpacket[s].samples_per_channel = samples_per_frame / avctx->channels;
@@ -1134,8 +1128,7 @@ static av_cold int cook_decode_init(AVCodecContext *avctx)
break;
case MC_COOK:
av_log(avctx, AV_LOG_DEBUG, "MULTI_CHANNEL\n");
- if (extradata_size >= 4)
- channel_mask |= q->subpacket[s].channel_mask = bytestream_get_be32(&edata_ptr);
+ channel_mask |= q->subpacket[s].channel_mask = bytestream2_get_be32(&gb);
if (av_get_channel_layout_nb_channels(q->subpacket[s].channel_mask) > 1) {
q->subpacket[s].total_subbands = q->subpacket[s].subbands +