[FFmpeg-cvslog] dv: Fix small overread in audio frequency table.
Alex Converse
git at videolan.org
Mon Apr 2 01:45:27 CEST 2012
ffmpeg | branch: release/0.8 | Alex Converse <alex.converse at gmail.com> | Thu Feb 9 17:11:55 2012 -0800| [b0888b8a48dbc4a5aa0aaed016b72fbbb7c30261] | committer: Reinhard Tartler
dv: Fix small overread in audio frequency table.
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
(cherry picked from commit 0ab3687924457cb4fd81897bd39ab3cc5b699588)
Signed-off-by: Reinhard Tartler <siretart at tauware.de>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b0888b8a48dbc4a5aa0aaed016b72fbbb7c30261
---
libavformat/dv.c | 9 +++++++++
1 files changed, 9 insertions(+), 0 deletions(-)
diff --git a/libavformat/dv.c b/libavformat/dv.c
index 389cf06..9383db2 100644
--- a/libavformat/dv.c
+++ b/libavformat/dv.c
@@ -119,6 +119,9 @@ static int dv_extract_audio(uint8_t* frame, uint8_t* ppcm[4],
if (quant > 1)
return -1; /* unsupported quantization */
+ if (freq >= FF_ARRAY_ELEMS(dv_audio_frequency))
+ return AVERROR_INVALIDDATA;
+
size = (sys->audio_min_samples[freq] + smpls) * 4; /* 2ch, 2bytes */
half_ch = sys->difseg_size / 2;
@@ -201,6 +204,12 @@ static int dv_extract_audio_info(DVDemuxContext* c, uint8_t* frame)
stype = (as_pack[3] & 0x1f); /* 0 - 2CH, 2 - 4CH, 3 - 8CH */
quant = as_pack[4] & 0x07; /* 0 - 16bit linear, 1 - 12bit nonlinear */
+ if (freq >= FF_ARRAY_ELEMS(dv_audio_frequency)) {
+ av_log(c->fctx, AV_LOG_ERROR,
+ "Unrecognized audio sample rate index (%d)\n", freq);
+ return 0;
+ }
+
if (stype > 3) {
av_log(c->fctx, AV_LOG_ERROR, "stype %d is invalid\n", stype);
c->ach = 0;
More information about the ffmpeg-cvslog
mailing list