[FFmpeg-devel] [PATCH 7/7] atrac3plus: Prevent array out-of-bounds

Timothy Gu timothygu99 at gmail.com
Fri Feb 6 08:06:45 CET 2015


(num_quant_units - 1) is later used as an index to atrac3p_qu_to_subband,
which only has 32 elements (i.e. maximum of num_quant_units is 32).
---
 libavcodec/atrac3plus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libavcodec/atrac3plus.c b/libavcodec/atrac3plus.c
index 575a493..b215b02 100644
--- a/libavcodec/atrac3plus.c
+++ b/libavcodec/atrac3plus.c
@@ -1768,7 +1768,7 @@ int ff_atrac3p_decode_channel_unit(GetBitContext *gb, Atrac3pChanUnitCtx *ctx,
 
     /* parse sound header */
     ctx->num_quant_units = get_bits(gb, 5) + 1;
-    if (ctx->num_quant_units > 28 && ctx->num_quant_units < 32) {
+    if (ctx->num_quant_units > 28 && ctx->num_quant_units != 32) {
         av_log(avctx, AV_LOG_ERROR,
                "Invalid number of quantization units: %d!\n",
                ctx->num_quant_units);
-- 
1.9.1



More information about the ffmpeg-devel mailing list