diff options
author | Mattias Wadman <mattias.wadman@gmail.com> | 2021-10-13 18:15:26 +0200 |
---|---|---|
committer | Paul B Mahol <onemda@gmail.com> | 2021-10-18 22:01:11 +0200 |
commit | 49597300e87c5c4b2ca56c5b93930d92f64cdf5b (patch) | |
tree | bf71ab2587892a8a692552c093f00befbc09f031 /libavcodec | |
parent | 374d6469300f4d5e8b13bef2c87f888cdfdb818f (diff) | |
download | ffmpeg-49597300e87c5c4b2ca56c5b93930d92f64cdf5b.tar.gz |
libavcodec/flac_parser: Validate subframe zero bit and type
Reduces the risk of finding false frames that happens to have valid values and CRC.
Fixes ticket #9185 ffmpeg flac decoder incorrectly finds junk frame
https://trac.ffmpeg.org/ticket/9185
Diffstat (limited to 'libavcodec')
-rw-r--r-- | libavcodec/flac_parser.c | 30 |
1 files changed, 28 insertions, 2 deletions
diff --git a/libavcodec/flac_parser.c b/libavcodec/flac_parser.c index d3d9c889a1..2c550507fc 100644 --- a/libavcodec/flac_parser.c +++ b/libavcodec/flac_parser.c @@ -96,8 +96,34 @@ static int frame_header_is_valid(AVCodecContext *avctx, const uint8_t *buf, FLACFrameInfo *fi) { GetBitContext gb; - init_get_bits(&gb, buf, MAX_FRAME_HEADER_SIZE * 8); - return !ff_flac_decode_frame_header(avctx, &gb, fi, 127); + uint8_t subframe_type; + + // header plus one byte from first subframe + init_get_bits(&gb, buf, MAX_FRAME_HEADER_SIZE * 8 + 8); + if (ff_flac_decode_frame_header(avctx, &gb, fi, 127)) { + return 0; + } + // subframe zero bit + if (get_bits1(&gb) != 0) { + return 0; + } + // subframe type + // 000000 : SUBFRAME_CONSTANT + // 000001 : SUBFRAME_VERBATIM + // 00001x : reserved + // 0001xx : reserved + // 001xxx : if(xxx <= 4) SUBFRAME_FIXED, xxx=order ; else reserved + // 01xxxx : reserved + // 1xxxxx : SUBFRAME_LPC, xxxxx=order-1 + subframe_type = get_bits(&gb, 6); + if (!(subframe_type == 0 || + subframe_type == 1 || + ((subframe_type >= 8) && (subframe_type <= 12)) || + (subframe_type >= 32))) { + return 0; + } + + return 1; } /** |