ffmpeg | branch: release/2.5 | Andreas Cadhalpun <andreas.cadhal...@googlemail.com> | Sat Apr 18 20:09:28 2015 +0200| [faac8e43315dae5818816bcebe52d11777b064b2] | committer: Michael Niedermayer
alsdec: validate time diff index If begin is smaller than t, the subtraction 'begin -= t' wraps around, because begin is unsigned. The same applies for end < t. This causes segmentation faults. Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> Signed-off-by: Michael Niedermayer <michae...@gmx.at> (cherry picked from commit faf9fe2c224ea81a98afd53e2f0be0a2e13aeca9) Signed-off-by: Michael Niedermayer <michae...@gmx.at> > http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=faac8e43315dae5818816bcebe52d11777b064b2 --- libavcodec/alsdec.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index 8a8bff1..0a6be7b 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -1290,8 +1290,16 @@ static int revert_channel_correlation(ALSDecContext *ctx, ALSBlockData *bd, if (ch[dep].time_diff_sign) { t = -t; + if (t > 0 && begin < t) { + av_log(ctx->avctx, AV_LOG_ERROR, "begin %u smaller than time diff index %d.\n", begin, t); + return AVERROR_INVALIDDATA; + } begin -= t; } else { + if (t > 0 && end < t) { + av_log(ctx->avctx, AV_LOG_ERROR, "end %u smaller than time diff index %d.\n", end, t); + return AVERROR_INVALIDDATA; + } end -= t; } _______________________________________________ ffmpeg-cvslog mailing list ffmpeg-cvslog@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
