[FFmpeg-devel] [PATCH] cook: check that category is smaller than 8

Benjamin Larsson benjamin at southpole.se
Sat Mar 3 16:36:24 CET 2012


On 03/01/2012 07:05 PM, Michael Niedermayer wrote:
> This fixes some out of global array accesses.
> I do not know if such category values are invalid or mean
> something that we do not support.
>
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer<michaelni at gmx.at>
> ---
>   libavcodec/cook.c |    8 +++++++-
>   1 files changed, 7 insertions(+), 1 deletions(-)
>
> diff --git a/libavcodec/cook.c b/libavcodec/cook.c
> index 4e3c920..c9b2cd4 100644
> --- a/libavcodec/cook.c
> +++ b/libavcodec/cook.c
> @@ -647,7 +647,7 @@ static int mono_decode(COOKContext *q, COOKSubpacket *p, float *mlt_buffer)
>       int category_index[128];
>       int quant_index_table[102];
>       int category[128];
> -    int ret;
> +    int ret, i;
>
>       memset(&category,       0, sizeof(category));
>       memset(&category_index, 0, sizeof(category_index));
> @@ -657,6 +657,12 @@ static int mono_decode(COOKContext *q, COOKSubpacket *p, float *mlt_buffer)
>       q->num_vectors = get_bits(&q->gb, p->log2_numvector_size);
>       categorize(q, p, quant_index_table, category, category_index);
>       expand_category(q, category, category_index);
> +    for (i=0; i<p->total_subbands; i++) {
> +        if (category[i]>  7) {
> +            av_log_ask_for_sample(q->avctx, "category greater than 7\n");

Remove this and use a proper return define.

> +            return -1;
> +        }
> +    }
>       decode_vectors(q, p, category, quant_index_table, mlt_buffer);
>
>       return 0;
MvH
Benjamin Larsson


More information about the ffmpeg-devel mailing list