[FFmpeg-cvslog] aac: fix infinite loop on end-of-frame with sequence of 1-bits.
Alex Converse
git at videolan.org
Thu Feb 23 05:03:04 CET 2012
ffmpeg | branch: master | Alex Converse <alex.converse at gmail.com> | Wed Feb 22 11:05:42 2012 -0800| [1cd9a6154bc1ac1193c703cea980ed21c3e53792] | committer: Alex Converse
aac: fix infinite loop on end-of-frame with sequence of 1-bits.
Based-on-work-by: Ronald S. Bultje <rsbultje at gmail.com>
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=1cd9a6154bc1ac1193c703cea980ed21c3e53792
---
libavcodec/aacdec.c | 25 +++++++++++++------------
1 files changed, 13 insertions(+), 12 deletions(-)
diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index dd9eefc..f491a09 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -973,19 +973,20 @@ static int decode_band_types(AACContext *ac, enum BandType band_type[120],
av_log(ac->avctx, AV_LOG_ERROR, "invalid band type\n");
return -1;
}
- while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - 1)
+ do {
+ sect_len_incr = get_bits(gb, bits);
sect_end += sect_len_incr;
- sect_end += sect_len_incr;
- if (get_bits_left(gb) < 0) {
- av_log(ac->avctx, AV_LOG_ERROR, overread_err);
- return -1;
- }
- if (sect_end > ics->max_sfb) {
- av_log(ac->avctx, AV_LOG_ERROR,
- "Number of bands (%d) exceeds limit (%d).\n",
- sect_end, ics->max_sfb);
- return -1;
- }
+ if (get_bits_left(gb) < 0) {
+ av_log(ac->avctx, AV_LOG_ERROR, overread_err);
+ return -1;
+ }
+ if (sect_end > ics->max_sfb) {
+ av_log(ac->avctx, AV_LOG_ERROR,
+ "Number of bands (%d) exceeds limit (%d).\n",
+ sect_end, ics->max_sfb);
+ return -1;
+ }
+ } while (sect_len_incr == (1 << bits) - 1);
for (; k < sect_end; k++) {
band_type [idx] = sect_band_type;
band_type_run_end[idx++] = sect_end;
More information about the ffmpeg-cvslog
mailing list