[FFmpeg-cvslog] avcodec/flacdec: check rice_order against blocksize

Michael Niedermayer git at videolan.org
Tue Jan 7 14:15:29 CET 2014


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Tue Jan  7 13:57:47 2014 +0100| [8ca9a68f1905ff871690be38348d62a25aef2a8f] | committer: Michael Niedermayer

avcodec/flacdec: check rice_order against blocksize

Fixes use of uninitialized memory
Fixes: msan_uninit-mem_7f6e13c220d0_8489_short.flac
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8ca9a68f1905ff871690be38348d62a25aef2a8f
---

 libavcodec/flacdec.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/libavcodec/flacdec.c b/libavcodec/flacdec.c
index 596b24d..f63a918 100644
--- a/libavcodec/flacdec.c
+++ b/libavcodec/flacdec.c
@@ -221,6 +221,12 @@ static int decode_residuals(FLACContext *s, int32_t *decoded, int pred_order)
     rice_order = get_bits(&s->gb, 4);
 
     samples= s->blocksize >> rice_order;
+    if (samples << rice_order != s->blocksize) {
+        av_log(s->avctx, AV_LOG_ERROR, "invalid rice order: %i blocksize %i\n",
+               rice_order, s->blocksize);
+        return AVERROR_INVALIDDATA;
+    }
+
     if (pred_order > samples) {
         av_log(s->avctx, AV_LOG_ERROR, "invalid predictor order: %i > %i\n",
                pred_order, samples);



More information about the ffmpeg-cvslog mailing list