ffmpeg | branch: release/2.2 | Justin Ruggles <justin.rugg...@gmail.com> | Sun Jun 22 13:19:36 2014 -0400| [46c477c2a14b04a63ab11d31003b48fab6146a96] | committer: Luca Barbato
Check mp3 header before calling avpriv_mpegaudio_decode_header(). As indicated in the function documentation, the header MUST be checked prior to calling it because no consistency check is done there. CC:libav-sta...@libav.org (cherry picked from commit f2f2e7627f0c878d13275af5d166ec5932665e28) Signed-off-by: Luca Barbato <lu_z...@gentoo.org> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=46c477c2a14b04a63ab11d31003b48fab6146a96 --- libavcodec/libmp3lame.c | 8 +++++++- libavformat/mp3enc.c | 17 ++++++++++------- 2 files changed, 17 insertions(+), 8 deletions(-) diff --git a/libavcodec/libmp3lame.c b/libavcodec/libmp3lame.c index ee76ff8..2fc080f 100644 --- a/libavcodec/libmp3lame.c +++ b/libavcodec/libmp3lame.c @@ -175,6 +175,7 @@ static int mp3lame_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, MPADecodeHeader hdr; int len, ret, ch; int lame_result; + uint32_t h; if (frame) { switch (avctx->sample_fmt) { @@ -230,7 +231,12 @@ static int mp3lame_encode_frame(AVCodecContext *avctx, AVPacket *avpkt, determine the frame size. */ if (s->buffer_index < 4) return 0; - if (avpriv_mpegaudio_decode_header(&hdr, AV_RB32(s->buffer))) { + h = AV_RB32(s->buffer); + if (ff_mpa_check_header(h) < 0) { + av_log(avctx, AV_LOG_ERROR, "Invalid mp3 header at start of buffer\n"); + return AVERROR_BUG; + } + if (avpriv_mpegaudio_decode_header(&hdr, h)) { av_log(avctx, AV_LOG_ERROR, "free format output not supported\n"); return -1; } diff --git a/libavformat/mp3enc.c b/libavformat/mp3enc.c index 9326258..476d7f7 100644 --- a/libavformat/mp3enc.c +++ b/libavformat/mp3enc.c @@ -252,13 +252,16 @@ static int mp3_write_audio_packet(AVFormatContext *s, AVPacket *pkt) if (mp3->xing_offset && pkt->size >= 4) { MPADecodeHeader c; - - avpriv_mpegaudio_decode_header(&c, AV_RB32(pkt->data)); - - if (!mp3->initial_bitrate) - mp3->initial_bitrate = c.bit_rate; - if ((c.bit_rate == 0) || (mp3->initial_bitrate != c.bit_rate)) - mp3->has_variable_bitrate = 1; + uint32_t h; + + h = AV_RB32(pkt->data); + if (ff_mpa_check_header(h) == 0) { + avpriv_mpegaudio_decode_header(&c, h); + if (!mp3->initial_bitrate) + mp3->initial_bitrate = c.bit_rate; + if ((c.bit_rate == 0) || (mp3->initial_bitrate != c.bit_rate)) + mp3->has_variable_bitrate = 1; + } mp3_xing_add_frame(mp3, pkt); } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
