[FFmpeg-cvslog] Check mp3 header before calling	avpriv_mpegaudio_decode_header().
    Justin Ruggles 
    git at videolan.org
       
    Mon Jun 23 03:43:16 CEST 2014
    
    
  
ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Sun Jun 22 13:19:36 2014 -0400| [f2f2e7627f0c878d13275af5d166ec5932665e28] | committer: Justin Ruggles
Check mp3 header before calling avpriv_mpegaudio_decode_header().
As indicated in the function documentation, the header MUST be
checked prior to calling it because no consistency check is done
there.
CC:libav-stable at libav.org
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=f2f2e7627f0c878d13275af5d166ec5932665e28
---
 libavcodec/libmp3lame.c |    8 +++++++-
 libavformat/mp3enc.c    |   17 ++++++++++-------
 2 files changed, 17 insertions(+), 8 deletions(-)
diff --git a/libavcodec/libmp3lame.c b/libavcodec/libmp3lame.c
index eebc65c..dee1909 100644
--- a/libavcodec/libmp3lame.c
+++ b/libavcodec/libmp3lame.c
@@ -182,6 +182,7 @@ static int mp3lame_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
     MPADecodeHeader hdr;
     int len, ret, ch;
     int lame_result;
+    uint32_t h;
 
     if (frame) {
         switch (avctx->sample_fmt) {
@@ -237,7 +238,12 @@ static int mp3lame_encode_frame(AVCodecContext *avctx, AVPacket *avpkt,
        determine the frame size. */
     if (s->buffer_index < 4)
         return 0;
-    if (avpriv_mpegaudio_decode_header(&hdr, AV_RB32(s->buffer))) {
+    h = AV_RB32(s->buffer);
+    if (ff_mpa_check_header(h) < 0) {
+        av_log(avctx, AV_LOG_ERROR, "Invalid mp3 header at start of buffer\n");
+        return AVERROR_BUG;
+    }
+    if (avpriv_mpegaudio_decode_header(&hdr, h)) {
         av_log(avctx, AV_LOG_ERROR, "free format output not supported\n");
         return -1;
     }
diff --git a/libavformat/mp3enc.c b/libavformat/mp3enc.c
index 9326258..476d7f7 100644
--- a/libavformat/mp3enc.c
+++ b/libavformat/mp3enc.c
@@ -252,13 +252,16 @@ static int mp3_write_audio_packet(AVFormatContext *s, AVPacket *pkt)
 
     if (mp3->xing_offset && pkt->size >= 4) {
         MPADecodeHeader c;
-
-        avpriv_mpegaudio_decode_header(&c, AV_RB32(pkt->data));
-
-        if (!mp3->initial_bitrate)
-            mp3->initial_bitrate = c.bit_rate;
-        if ((c.bit_rate == 0) || (mp3->initial_bitrate != c.bit_rate))
-            mp3->has_variable_bitrate = 1;
+        uint32_t h;
+
+        h = AV_RB32(pkt->data);
+        if (ff_mpa_check_header(h) == 0) {
+            avpriv_mpegaudio_decode_header(&c, h);
+            if (!mp3->initial_bitrate)
+                mp3->initial_bitrate = c.bit_rate;
+            if ((c.bit_rate == 0) || (mp3->initial_bitrate != c.bit_rate))
+                mp3->has_variable_bitrate = 1;
+        }
 
         mp3_xing_add_frame(mp3, pkt);
     }
    
    
More information about the ffmpeg-cvslog
mailing list