[FFmpeg-devel] [PATCH] cook: check that category is smaller than 8
Benjamin Larsson
benjamin at southpole.se
Sat Mar 3 16:36:24 CET 2012
On 03/01/2012 07:05 PM, Michael Niedermayer wrote:
> This fixes some out of global array accesses.
> I do not know if such category values are invalid or mean
> something that we do not support.
>
> Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
> Signed-off-by: Michael Niedermayer<michaelni at gmx.at>
> ---
> libavcodec/cook.c | 8 +++++++-
> 1 files changed, 7 insertions(+), 1 deletions(-)
>
> diff --git a/libavcodec/cook.c b/libavcodec/cook.c
> index 4e3c920..c9b2cd4 100644
> --- a/libavcodec/cook.c
> +++ b/libavcodec/cook.c
> @@ -647,7 +647,7 @@ static int mono_decode(COOKContext *q, COOKSubpacket *p, float *mlt_buffer)
> int category_index[128];
> int quant_index_table[102];
> int category[128];
> - int ret;
> + int ret, i;
>
> memset(&category, 0, sizeof(category));
> memset(&category_index, 0, sizeof(category_index));
> @@ -657,6 +657,12 @@ static int mono_decode(COOKContext *q, COOKSubpacket *p, float *mlt_buffer)
> q->num_vectors = get_bits(&q->gb, p->log2_numvector_size);
> categorize(q, p, quant_index_table, category, category_index);
> expand_category(q, category, category_index);
> + for (i=0; i<p->total_subbands; i++) {
> + if (category[i]> 7) {
> + av_log_ask_for_sample(q->avctx, "category greater than 7\n");
Remove this and use a proper return define.
> + return -1;
> + }
> + }
> decode_vectors(q, p, category, quant_index_table, mlt_buffer);
>
> return 0;
MvH
Benjamin Larsson
More information about the ffmpeg-devel
mailing list