ffmpeg | branch: release/1.0 | Michael Niedermayer <michae...@gmx.at> | Fri Jan 11 00:54:12 2013 +0100| [0916d0f9d1b94b4bb88382edae45b9276746574d] | committer: Michael Niedermayer
vorbisdec: Check bark_map_size. This fixes potential divisions by zero and out of array accesses. Reported-by: Dale Curtis <dalecur...@chromium.org> Found-by: infe...@chromium.org Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit 2c16bf2de07c68513072bf3cc96401d2c6291a3e) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0916d0f9d1b94b4bb88382edae45b9276746574d --- libavcodec/vorbisdec.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/libavcodec/vorbisdec.c b/libavcodec/vorbisdec.c index 8ce0fc7..0ea73d5 100644 --- a/libavcodec/vorbisdec.c +++ b/libavcodec/vorbisdec.c @@ -599,6 +599,10 @@ static int vorbis_parse_setup_hdr_floors(vorbis_context *vc) "Floor 0 amplitude bits is 0.\n"); return AVERROR_INVALIDDATA; } + if (floor_setup->data.t0.bark_map_size == 0) { + av_log(vc->avccontext, AV_LOG_ERROR, "Floor 0 bark map size is 0.\n"); + return AVERROR_INVALIDDATA; + } floor_setup->data.t0.amplitude_offset = get_bits(gb, 8); floor_setup->data.t0.num_books = get_bits(gb, 4) + 1; _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
