Skip to content

F
ffmpeg.wasm-core
Commit ce7aee9b authored by Alex Converse's avatar Alex Converse
Browse files
Options

dpcm: ignore extra unpaired bytes in stereo streams. 

Fixes: CVE-2011-3951

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
parent 3e13005c
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 1 deletion
libavcodec/dpcm.c
View file @ ce7aee9b
...@@ -183,6 +183,11 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data, ...@@ -183,6 +183,11 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data,
int stereo = s->channels - 1; int stereo = s->channels - 1;
int16_t *output_samples; int16_t *output_samples;
if (stereo && (buf_size & 1)) {
buf_size--;
buf_end--;
}
/* calculate output size */ /* calculate output size */
switch(avctx->codec->id) { switch(avctx->codec->id) {
case CODEC_ID_ROQ_DPCM: case CODEC_ID_ROQ_DPCM:
...@@ -317,7 +322,7 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data, ...@@ -317,7 +322,7 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data,
*got_frame_ptr = 1; *got_frame_ptr = 1;
*(AVFrame *)data = s->frame; *(AVFrame *)data = s->frame;
return buf_size; return avpkt->size;
} }
#define DPCM_DECODER(id_, name_, long_name_) \ #define DPCM_DECODER(id_, name_, long_name_) \
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment