[FFmpeg-cvslog] avcodec/dcadec: Check scale table index
Michael Niedermayer
git at videolan.org
Sat May 16 00:16:26 CEST 2015
ffmpeg | branch: release/2.6 | Michael Niedermayer <michaelni at gmx.at> | Fri May 15 18:04:12 2015 +0200| [001cc6d27acc832bfd32393eb66916ee627a8157] | committer: Michael Niedermayer
avcodec/dcadec: Check scale table index
Fixes CID1297594 part 1
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 0f3e6959bfa67d12cd5a173b86eb15abd7d9e4d5)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=001cc6d27acc832bfd32393eb66916ee627a8157
---
libavcodec/dcadec.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/libavcodec/dcadec.c b/libavcodec/dcadec.c
index 7b48e04..1f9528a 100644
--- a/libavcodec/dcadec.c
+++ b/libavcodec/dcadec.c
@@ -1175,23 +1175,34 @@ int ff_dca_xbr_parse_frame(DCAContext *s)
for(i = 0; i < n_xbr_ch[chset]; i++) {
const uint32_t *scale_table;
int nbits;
+ int scale_table_size;
if (s->scalefactor_huffman[chan_base+i] == 6) {
scale_table = ff_dca_scale_factor_quant7;
+ scale_table_size = FF_ARRAY_ELEMS(ff_dca_scale_factor_quant7);
} else {
scale_table = ff_dca_scale_factor_quant6;
+ scale_table_size = FF_ARRAY_ELEMS(ff_dca_scale_factor_quant6);
}
nbits = anctemp[i];
for(j = 0; j < active_bands[chset][i]; j++) {
if(abits_high[i][j] > 0) {
- scale_table_high[i][j][0] =
- scale_table[get_bits(&s->gb, nbits)];
+ int index = get_bits(&s->gb, nbits);
+ if (index >= scale_table_size) {
+ av_log(s->avctx, AV_LOG_ERROR, "scale table index %d invalid\n", index);
+ return AVERROR_INVALIDDATA;
+ }
+ scale_table_high[i][j][0] = scale_table[index];
if(xbr_tmode && s->transition_mode[i][j]) {
- scale_table_high[i][j][1] =
- scale_table[get_bits(&s->gb, nbits)];
+ int index = get_bits(&s->gb, nbits);
+ if (index >= scale_table_size) {
+ av_log(s->avctx, AV_LOG_ERROR, "scale table index %d invalid\n", index);
+ return AVERROR_INVALIDDATA;
+ }
+ scale_table_high[i][j][1] = scale_table[index];
}
}
}
More information about the ffmpeg-cvslog
mailing list