[FFmpeg-cvslog] Fix a possible endless loop when decoding aac.

Carl Eugen Hoyos git at videolan.org
Fri Dec 23 11:57:42 CET 2011


ffmpeg | branch: master | Carl Eugen Hoyos <cehoyos at ag.or.at> | Fri Dec 23 11:38:37 2011 +0100| [e5de9289232c5b14572fa13e2435f9adb0b0f1ec] | committer: Carl Eugen Hoyos

Fix a possible endless loop when decoding aac.

Fixes ticket #789.

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e5de9289232c5b14572fa13e2435f9adb0b0f1ec
---

 libavcodec/aacdec.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c
index c9ca0a6..8fd7f08 100644
--- a/libavcodec/aacdec.c
+++ b/libavcodec/aacdec.c
@@ -809,10 +809,10 @@ static int decode_band_types(AACContext *ac, enum BandType band_type[120],
                 av_log(ac->avctx, AV_LOG_ERROR, "invalid band type\n");
                 return -1;
             }
-            while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - 1)
+            while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - 1 && get_bits_left(gb) >= bits)
                 sect_end += sect_len_incr;
             sect_end += sect_len_incr;
-            if (get_bits_left(gb) < 0) {
+            if (get_bits_left(gb) < 0 || sect_len_incr == (1 << bits) - 1) {
                 av_log(ac->avctx, AV_LOG_ERROR, overread_err);
                 return -1;
             }



More information about the ffmpeg-cvslog mailing list