mp3dec: Fix possibly exploitable crash

I was sadly unable to find a non fuzzed mp3 that uses the feature that contained the bug (and i searched hard ...), thus while this fixes the security issue. It may or may not fix mixed blocks in 8khz mp3s, i cant say due to lack of samples to test. Security issue exists since: b37d945dReported-by: Dale Curtis <dalecurtis@google.com> (Probably) Found-by: inferno@chromium.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

mp3dec: Fix possibly exploitable crash
I was sadly unable to find a non fuzzed mp3 that uses the feature that contained the bug (and i searched hard ...), thus while this fixes the security issue. It may or may not fix mixed blocks in 8khz mp3s, i cant say due to lack of samples to test. Security issue exists since: b37d945dReported-by: Dale Curtis <dalecurtis@google.com> (Probably) Found-by: inferno@chromium.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
94041feb · Michael Niedermayer · 13f0cd68 · 94041feb
Commit 94041feb authored Sep 27, 2012 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

mpegaudiodec.c libavcodec/mpegaudiodec.c +1 -1

No files found.
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -213,7 +213,7 @@ static void ff_compute_band_indexes(MPADecodeContext *s, GranuleDef *g)
            else
                g->long_end = 6;

-            g->short_start = 2 + (s->sample_rate_index != 8);
+            g->short_start = 3;
        } else {
            g->long_end    = 0;
            g->short_start = 0;