Commit e048a9ca authored by Daniel Kang's avatar Daniel Kang Committed by Carl Eugen Hoyos

Do not crash for illegal sample size, fixes issue 2502.

Patch by Daniel Kang, daniel.d.kang at gmail

Originally committed as revision 26309 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent 440d761e
...@@ -292,6 +292,11 @@ static int pcm_decode_frame(AVCodecContext *avctx, ...@@ -292,6 +292,11 @@ static int pcm_decode_frame(AVCodecContext *avctx,
/* we process 40-bit blocks per channel for LXF */ /* we process 40-bit blocks per channel for LXF */
sample_size = 5; sample_size = 5;
if (sample_size == 0) {
av_log(avctx, AV_LOG_ERROR, "Invalid sample_size\n");
return AVERROR(EINVAL);
}
n = avctx->channels * sample_size; n = avctx->channels * sample_size;
if(n && buf_size % n){ if(n && buf_size % n){
......
...@@ -68,7 +68,7 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size) ...@@ -68,7 +68,7 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size)
AVCodecContext *dec = st->codec; AVCodecContext *dec = st->codec;
ByteIOContext *pb = s->pb; ByteIOContext *pb = s->pb;
VocType type; VocType type;
int size; int size, tmp_codec;
int sample_rate = 0; int sample_rate = 0;
int channels = 1; int channels = 1;
...@@ -90,7 +90,11 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size) ...@@ -90,7 +90,11 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size)
if (sample_rate) if (sample_rate)
dec->sample_rate = sample_rate; dec->sample_rate = sample_rate;
dec->channels = channels; dec->channels = channels;
dec->codec_id = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb)); tmp_codec = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb));
if (dec->codec_id == CODEC_ID_NONE)
dec->codec_id = tmp_codec;
else if (dec->codec_id != tmp_codec)
av_log(s, AV_LOG_WARNING, "Ignoring mid-stream change in audio codec\n");
dec->bits_per_coded_sample = av_get_bits_per_sample(dec->codec_id); dec->bits_per_coded_sample = av_get_bits_per_sample(dec->codec_id);
voc->remaining_size -= 2; voc->remaining_size -= 2;
max_size -= 2; max_size -= 2;
...@@ -113,7 +117,11 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size) ...@@ -113,7 +117,11 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size)
dec->sample_rate = get_le32(pb); dec->sample_rate = get_le32(pb);
dec->bits_per_coded_sample = get_byte(pb); dec->bits_per_coded_sample = get_byte(pb);
dec->channels = get_byte(pb); dec->channels = get_byte(pb);
dec->codec_id = ff_codec_get_id(ff_voc_codec_tags, get_le16(pb)); tmp_codec = ff_codec_get_id(ff_voc_codec_tags, get_byte(pb));
if (dec->codec_id == CODEC_ID_NONE)
dec->codec_id = tmp_codec;
else if (dec->codec_id != tmp_codec)
av_log(s, AV_LOG_WARNING, "Ignoring mid-stream change in audio codec\n");
url_fskip(pb, 4); url_fskip(pb, 4);
voc->remaining_size -= 12; voc->remaining_size -= 12;
max_size -= 12; max_size -= 12;
...@@ -125,6 +133,10 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size) ...@@ -125,6 +133,10 @@ voc_get_packet(AVFormatContext *s, AVPacket *pkt, AVStream *st, int max_size)
voc->remaining_size = 0; voc->remaining_size = 0;
break; break;
} }
if (dec->codec_id == CODEC_ID_NONE) {
av_log(s, AV_LOG_ERROR, "Invalid codec_id\n");
if (s->audio_codec_id == CODEC_ID_NONE) return AVERROR(EINVAL);
}
} }
dec->bit_rate = dec->sample_rate * dec->bits_per_coded_sample; dec->bit_rate = dec->sample_rate * dec->bits_per_coded_sample;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment