[FFmpeg-devel] [PATCH] wavpack: limit extra_bits to 32 and use get_bits_long
Andreas Cadhalpun
andreas.cadhalpun at googlemail.com
Thu Jul 2 23:34:01 CEST 2015
On 02.07.2015 23:20, Paul B Mahol wrote:
> On 7/2/15, Andreas Cadhalpun <andreas.cadhalpun at googlemail.com> wrote:
>> More than 32 bits can't be stored in an integer and get_bits should not
>> be used with more than 25 bits.
>>
>> Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
>> ---
>> libavcodec/wavpack.c | 8 ++++++--
>> 1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
>> index d91b66c..554367b 100644
>> --- a/libavcodec/wavpack.c
>> +++ b/libavcodec/wavpack.c
>> @@ -271,7 +271,7 @@ static inline int
>> wv_get_value_integer(WavpackFrameContext *s, uint32_t *crc,
>>
>> if (s->got_extra_bits &&
>> get_bits_left(&s->gb_extra_bits) >= s->extra_bits) {
>> - S |= get_bits(&s->gb_extra_bits, s->extra_bits);
>> + S |= get_bits_long(&s->gb_extra_bits, s->extra_bits);
>> *crc = *crc * 9 + (S & 0xffff) * 3 + ((unsigned)S >> 16);
>> }
>> }
>> @@ -835,7 +835,11 @@ static int wavpack_decode_block(AVCodecContext *avctx,
>> int block_no,
>> continue;
>> }
>> bytestream2_get_buffer(&gb, val, 4);
>> - if (val[0]) {
>> + if (val[0] > 32) {
>> + av_log(avctx, AV_LOG_ERROR,
>> + "Invalid INT32INFO, extra_bits = %d (> 32)\n",
>> val[0]);
>> + continue;
>> + } else if (val[0]) {
>> s->extra_bits = val[0];
>> } else if (val[1]) {
>> s->shift = val[1];
>> --
>> 2.1.4
>> _______________________________________________
>> ffmpeg-devel mailing list
>> ffmpeg-devel at ffmpeg.org
>> http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>>
>
> lgtm
Pushed.
Best regards,
Andreas
More information about the ffmpeg-devel
mailing list