[FFmpeg-cvslog] alsdec: check sample pointer range in revert_channel_correlation
Andreas Cadhalpun
git at videolan.org
Wed May 6 17:26:13 CEST 2015
ffmpeg | branch: release/2.2 | Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com> | Tue Apr 21 19:28:30 2015 +0200| [d36d3ae02ca7d535de2b26fa0b3ab44387d19b6a] | committer: Anton Khirnov
alsdec: check sample pointer range in revert_channel_correlation
Also change the type of begin, end and smp to ptrdiff_t to make the
comparison well-defined.
CC: libav-stable at libav.org
Signed-off-by: Andreas Cadhalpun <Andreas.Cadhalpun at googlemail.com>
Signed-off-by: Anton Khirnov <anton at khirnov.net>
(cherry picked from commit 94bb1ce882a12b6d7a1fa32715a68121b39ee838)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
(cherry picked from commit 41a89cba6086de2bd24f9ec7e21200fa162505e9)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d36d3ae02ca7d535de2b26fa0b3ab44387d19b6a
---
libavcodec/alsdec.c | 26 +++++++++++++++++++++++---
1 file changed, 23 insertions(+), 3 deletions(-)
diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c
index 31636df..6b0eb22 100644
--- a/libavcodec/alsdec.c
+++ b/libavcodec/alsdec.c
@@ -1219,6 +1219,7 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
ALSChannelData *ch = cd[c];
unsigned int dep = 0;
unsigned int channels = ctx->avctx->channels;
+ unsigned int channel_size = ctx->sconf.frame_length + ctx->sconf.max_order;
if (reverted[c])
return 0;
@@ -1250,9 +1251,9 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
dep = 0;
while (!ch[dep].stop_flag) {
- unsigned int smp;
- unsigned int begin = 1;
- unsigned int end = bd->block_length - 1;
+ ptrdiff_t smp;
+ ptrdiff_t begin = 1;
+ ptrdiff_t end = bd->block_length - 1;
int64_t y;
int32_t *master = ctx->raw_samples[ch[dep].master_channel] + offset;
@@ -1266,6 +1267,15 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
end -= t;
}
+ if (FFMIN(begin - 1, begin - 1 + t) < ctx->raw_buffer - master ||
+ FFMAX(end + 1, end + 1 + t) > ctx->raw_buffer + channels * channel_size - master) {
+ av_log(ctx->avctx, AV_LOG_ERROR,
+ "sample pointer range [%p, %p] not contained in raw_buffer [%p, %p].\n",
+ master + FFMIN(begin - 1, begin - 1 + t), master + FFMAX(end + 1, end + 1 + t),
+ ctx->raw_buffer, ctx->raw_buffer + channels * channel_size);
+ return AVERROR_INVALIDDATA;
+ }
+
for (smp = begin; smp < end; smp++) {
y = (1 << 6) +
MUL64(ch[dep].weighting[0], master[smp - 1 ]) +
@@ -1278,6 +1288,16 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd,
bd->raw_samples[smp] += y >> 7;
}
} else {
+
+ if (begin - 1 < ctx->raw_buffer - master ||
+ end + 1 > ctx->raw_buffer + channels * channel_size - master) {
+ av_log(ctx->avctx, AV_LOG_ERROR,
+ "sample pointer range [%p, %p] not contained in raw_buffer [%p, %p].\n",
+ master + begin - 1, master + end + 1,
+ ctx->raw_buffer, ctx->raw_buffer + channels * channel_size);
+ return AVERROR_INVALIDDATA;
+ }
+
for (smp = begin; smp < end; smp++) {
y = (1 << 6) +
MUL64(ch[dep].weighting[0], master[smp - 1]) +
More information about the ffmpeg-cvslog
mailing list