Skip to content

F
ffmpeg.wasm-core
Commit 625b582d authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

avcodec/aacsbr_template: Add Check to read_sbr_envelope() 

The limit is a conservative guess, the spec does not seem to specify a limit
Reviewed-by: 's avatarAndreas Cadhalpun <andreas.cadhalpun@googlemail.com>
Signed-off-by: 's avatarMichael Niedermayer <michael@niedermayer.cc>
parent 7c1c453c
Hide whitespace changes
Inline Side-by-side
Showing with 33 additions and 8 deletions
libavcodec/aacsbr_template.c
View file @ 625b582d
...@@ -793,7 +793,7 @@ static void read_sbr_invf(SpectralBandReplication *sbr, GetBitContext *gb, ...@@ -793,7 +793,7 @@ static void read_sbr_invf(SpectralBandReplication *sbr, GetBitContext *gb,
ch_data->bs_invf_mode[0][i] = get_bits(gb, 2); ch_data->bs_invf_mode[0][i] = get_bits(gb, 2);
} }
static void read_sbr_envelope(SpectralBandReplication *sbr, GetBitContext *gb, static int read_sbr_envelope(AACContext *ac, SpectralBandReplication *sbr, GetBitContext *gb,
SBRData *ch_data, int ch) SBRData *ch_data, int ch)
{ {
int bits; int bits;
...@@ -837,29 +837,49 @@ static void read_sbr_envelope(SpectralBandReplication *sbr, GetBitContext *gb, ...@@ -837,29 +837,49 @@ static void read_sbr_envelope(SpectralBandReplication *sbr, GetBitContext *gb,
if (ch_data->bs_df_env[i]) { if (ch_data->bs_df_env[i]) {
// bs_freq_res[0] == bs_freq_res[bs_num_env] from prev frame // bs_freq_res[0] == bs_freq_res[bs_num_env] from prev frame
if (ch_data->bs_freq_res[i + 1] == ch_data->bs_freq_res[i]) { if (ch_data->bs_freq_res[i + 1] == ch_data->bs_freq_res[i]) {
for (j = 0; j < sbr->n[ch_data->bs_freq_res[i + 1]]; j++) for (j = 0; j < sbr->n[ch_data->bs_freq_res[i + 1]]; j++) {
ch_data->env_facs_q[i + 1][j] = ch_data->env_facs_q[i][j] + delta * (get_vlc2(gb, t_huff, 9, 3) - t_lav); ch_data->env_facs_q[i + 1][j] = ch_data->env_facs_q[i][j] + delta * (get_vlc2(gb, t_huff, 9, 3) - t_lav);
if (ch_data->env_facs_q[i + 1][j] > 127U) {
av_log(ac->avctx, AV_LOG_ERROR, "env_facs_q %d is invalid\n", ch_data->env_facs_q[i + 1][j]);
return AVERROR_INVALIDDATA;
}
}
} else if (ch_data->bs_freq_res[i + 1]) { } else if (ch_data->bs_freq_res[i + 1]) {
for (j = 0; j < sbr->n[ch_data->bs_freq_res[i + 1]]; j++) { for (j = 0; j < sbr->n[ch_data->bs_freq_res[i + 1]]; j++) {
k = (j + odd) >> 1; // find k such that f_tablelow[k] <= f_tablehigh[j] < f_tablelow[k + 1] k = (j + odd) >> 1; // find k such that f_tablelow[k] <= f_tablehigh[j] < f_tablelow[k + 1]
ch_data->env_facs_q[i + 1][j] = ch_data->env_facs_q[i][k] + delta * (get_vlc2(gb, t_huff, 9, 3) - t_lav); ch_data->env_facs_q[i + 1][j] = ch_data->env_facs_q[i][k] + delta * (get_vlc2(gb, t_huff, 9, 3) - t_lav);
if (ch_data->env_facs_q[i + 1][j] > 127U) {
av_log(ac->avctx, AV_LOG_ERROR, "env_facs_q %d is invalid\n", ch_data->env_facs_q[i + 1][j]);
return AVERROR_INVALIDDATA;
}
} }
} else { } else {
for (j = 0; j < sbr->n[ch_data->bs_freq_res[i + 1]]; j++) { for (j = 0; j < sbr->n[ch_data->bs_freq_res[i + 1]]; j++) {
k = j ? 2*j - odd : 0; // find k such that f_tablehigh[k] == f_tablelow[j] k = j ? 2*j - odd : 0; // find k such that f_tablehigh[k] == f_tablelow[j]
ch_data->env_facs_q[i + 1][j] = ch_data->env_facs_q[i][k] + delta * (get_vlc2(gb, t_huff, 9, 3) - t_lav); ch_data->env_facs_q[i + 1][j] = ch_data->env_facs_q[i][k] + delta * (get_vlc2(gb, t_huff, 9, 3) - t_lav);
if (ch_data->env_facs_q[i + 1][j] > 127U) {
av_log(ac->avctx, AV_LOG_ERROR, "env_facs_q %d is invalid\n", ch_data->env_facs_q[i + 1][j]);
return AVERROR_INVALIDDATA;
}
} }
} }
} else { } else {
ch_data->env_facs_q[i + 1][0] = delta * get_bits(gb, bits); // bs_env_start_value_balance ch_data->env_facs_q[i + 1][0] = delta * get_bits(gb, bits); // bs_env_start_value_balance
for (j = 1; j < sbr->n[ch_data->bs_freq_res[i + 1]]; j++) for (j = 1; j < sbr->n[ch_data->bs_freq_res[i + 1]]; j++) {
ch_data->env_facs_q[i + 1][j] = ch_data->env_facs_q[i + 1][j - 1] + delta * (get_vlc2(gb, f_huff, 9, 3) - f_lav); ch_data->env_facs_q[i + 1][j] = ch_data->env_facs_q[i + 1][j - 1] + delta * (get_vlc2(gb, f_huff, 9, 3) - f_lav);
if (ch_data->env_facs_q[i + 1][j] > 127U) {
av_log(ac->avctx, AV_LOG_ERROR, "env_facs_q %d is invalid\n", ch_data->env_facs_q[i + 1][j]);
return AVERROR_INVALIDDATA;
}
}
} }
} }
//assign 0th elements of env_facs_q from last elements //assign 0th elements of env_facs_q from last elements
memcpy(ch_data->env_facs_q[0], ch_data->env_facs_q[ch_data->bs_num_env], memcpy(ch_data->env_facs_q[0], ch_data->env_facs_q[ch_data->bs_num_env],
sizeof(ch_data->env_facs_q[0])); sizeof(ch_data->env_facs_q[0]));
return 0;
} }
static int read_sbr_noise(AACContext *ac, SpectralBandReplication *sbr, GetBitContext *gb, static int read_sbr_noise(AACContext *ac, SpectralBandReplication *sbr, GetBitContext *gb,
...@@ -953,7 +973,8 @@ static int read_sbr_single_channel_element(AACContext *ac, ...@@ -953,7 +973,8 @@ static int read_sbr_single_channel_element(AACContext *ac,
return -1; return -1;
read_sbr_dtdf(sbr, gb, &sbr->data[0]); read_sbr_dtdf(sbr, gb, &sbr->data[0]);
read_sbr_invf(sbr, gb, &sbr->data[0]); read_sbr_invf(sbr, gb, &sbr->data[0]);
read_sbr_envelope(sbr, gb, &sbr->data[0], 0); if((ret = read_sbr_envelope(ac, sbr, gb, &sbr->data[0], 0)) < 0)
return ret;
if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[0], 0)) < 0) if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[0], 0)) < 0)
return ret; return ret;
...@@ -981,10 +1002,12 @@ static int read_sbr_channel_pair_element(AACContext *ac, ...@@ -981,10 +1002,12 @@ static int read_sbr_channel_pair_element(AACContext *ac,
read_sbr_invf(sbr, gb, &sbr->data[0]); read_sbr_invf(sbr, gb, &sbr->data[0]);
memcpy(sbr->data[1].bs_invf_mode[1], sbr->data[1].bs_invf_mode[0], sizeof(sbr->data[1].bs_invf_mode[0])); memcpy(sbr->data[1].bs_invf_mode[1], sbr->data[1].bs_invf_mode[0], sizeof(sbr->data[1].bs_invf_mode[0]));
memcpy(sbr->data[1].bs_invf_mode[0], sbr->data[0].bs_invf_mode[0], sizeof(sbr->data[1].bs_invf_mode[0])); memcpy(sbr->data[1].bs_invf_mode[0], sbr->data[0].bs_invf_mode[0], sizeof(sbr->data[1].bs_invf_mode[0]));
read_sbr_envelope(sbr, gb, &sbr->data[0], 0); if((ret = read_sbr_envelope(ac, sbr, gb, &sbr->data[0], 0)) < 0)
return ret;
if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[0], 0)) < 0) if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[0], 0)) < 0)
return ret; return ret;
read_sbr_envelope(sbr, gb, &sbr->data[1], 1); if((ret = read_sbr_envelope(ac, sbr, gb, &sbr->data[1], 1)) < 0)
return ret;
if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[1], 1)) < 0) if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[1], 1)) < 0)
return ret; return ret;
} else { } else {
...@@ -995,8 +1018,10 @@ static int read_sbr_channel_pair_element(AACContext *ac, ...@@ -995,8 +1018,10 @@ static int read_sbr_channel_pair_element(AACContext *ac,
read_sbr_dtdf(sbr, gb, &sbr->data[1]); read_sbr_dtdf(sbr, gb, &sbr->data[1]);
read_sbr_invf(sbr, gb, &sbr->data[0]); read_sbr_invf(sbr, gb, &sbr->data[0]);
read_sbr_invf(sbr, gb, &sbr->data[1]); read_sbr_invf(sbr, gb, &sbr->data[1]);
read_sbr_envelope(sbr, gb, &sbr->data[0], 0); if((ret = read_sbr_envelope(ac, sbr, gb, &sbr->data[0], 0)) < 0)
read_sbr_envelope(sbr, gb, &sbr->data[1], 1); return ret;
if((ret = read_sbr_envelope(ac, sbr, gb, &sbr->data[1], 1)) < 0)
return ret;
if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[0], 0)) < 0) if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[0], 0)) < 0)
return ret; return ret;
if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[1], 1)) < 0) if((ret = read_sbr_noise(ac, sbr, gb, &sbr->data[1], 1)) < 0)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment