[FFmpeg-cvslog] r12593 - trunk/libavcodec/ac3dec.c
jbr
subversion
Wed Mar 26 00:34:01 CET 2008
Author: jbr
Date: Wed Mar 26 00:34:00 2008
New Revision: 12593
Log:
additional protection from segmentation faults and memory access errors by
copying the input buffer to a local context buffer which is large enough to
hold the largest possible AC3 frame.
Modified:
trunk/libavcodec/ac3dec.c
Modified: trunk/libavcodec/ac3dec.c
==============================================================================
--- trunk/libavcodec/ac3dec.c (original)
+++ trunk/libavcodec/ac3dec.c Wed Mar 26 00:34:00 2008
@@ -39,6 +39,9 @@
#include "dsputil.h"
#include "random.h"
+/** Maximum possible frame size when the specification limit is ignored */
+#define AC3_MAX_FRAME_SIZE 21695
+
/**
* Table of bin locations for rematrixing bands
* reference: Section 7.5.2 Rematrixing : Frequency Band Definitions
@@ -191,6 +194,7 @@ typedef struct {
GetBitContext gbc; ///< bitstream reader
AVRandomState dith_state; ///< for dither generation
AVCodecContext *avctx; ///< parent context
+ uint8_t input_buffer[AC3_MAX_FRAME_SIZE]; ///< temp buffer to prevent overread
} AC3DecodeContext;
/**
@@ -1133,7 +1137,14 @@ static int ac3_decode_frame(AVCodecConte
int i, blk, ch, err;
/* initialize the GetBitContext with the start of valid AC-3 Frame */
+ if(avctx->error_resilience >= FF_ER_CAREFUL) {
+ /* copy input buffer to decoder context to avoid reading past the end
+ of the buffer, which can be caused by a damaged input stream. */
+ memcpy(s->input_buffer, buf, FFMIN(buf_size, AC3_MAX_FRAME_SIZE));
+ init_get_bits(&s->gbc, s->input_buffer, buf_size * 8);
+ } else {
init_get_bits(&s->gbc, buf, buf_size * 8);
+ }
/* parse the syncinfo */
err = ac3_parse_header(s);
More information about the ffmpeg-cvslog
mailing list