[FFmpeg-cvslog] avcodec/snow: check coeffs for validity

Michael Niedermayer git at videolan.org
Fri Oct 3 03:47:44 CEST 2014


ffmpeg | branch: release/2.3 | Michael Niedermayer <michaelni at gmx.at> | Sat Aug 30 02:12:10 2014 +0200| [e13e928baa6b92ca3e967651550b11dc0bfaad27] | committer: Michael Niedermayer

avcodec/snow: check coeffs for validity

Fixes deadlock
Fixes integer overflow
Fixes Ticket 3892

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 596636a474ab201badaae269f3a2cef4824b8c1f)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e13e928baa6b92ca3e967651550b11dc0bfaad27
---

 libavcodec/snow.h |    9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/libavcodec/snow.h b/libavcodec/snow.h
index 2cda5b3..b890d3f 100644
--- a/libavcodec/snow.h
+++ b/libavcodec/snow.h
@@ -659,7 +659,10 @@ static inline void unpack_coeffs(SnowContext *s, SubBand *b, SubBand * parent, i
                 if(v){
                     v= 2*(get_symbol2(&s->c, b->state[context + 2], context-4) + 1);
                     v+=get_rac(&s->c, &b->state[0][16 + 1 + 3 + ff_quant3bA[l&0xFF] + 3*ff_quant3bA[t&0xFF]]);
-
+                    if ((uint16_t)v != v) {
+                        av_log(s->avctx, AV_LOG_ERROR, "Coefficient damaged\n");
+                        v = 1;
+                    }
                     xc->x=x;
                     (xc++)->coeff= v;
                 }
@@ -669,6 +672,10 @@ static inline void unpack_coeffs(SnowContext *s, SubBand *b, SubBand * parent, i
                     else           run= INT_MAX;
                     v= 2*(get_symbol2(&s->c, b->state[0 + 2], 0-4) + 1);
                     v+=get_rac(&s->c, &b->state[0][16 + 1 + 3]);
+                    if ((uint16_t)v != v) {
+                        av_log(s->avctx, AV_LOG_ERROR, "Coefficient damaged\n");
+                        v = 1;
+                    }
 
                     xc->x=x;
                     (xc++)->coeff= v;



More information about the ffmpeg-cvslog mailing list