ffmpeg | branch: release/2.4 | Michael Niedermayer <michae...@gmx.at> | Fri May
15 18:04:12 2015 +0200| [0719b1849c9f495a6a51c12b22106f5424693487] | committer:
Michael Niedermayer
avcodec/dcadec: Check scale table index
Fixes CID1297594 part 1
Signed-off-by: Michael Niedermayer <michae...@gmx.at>
(cherry picked from commit 0f3e6959bfa67d12cd5a173b86eb15abd7d9e4d5)
Conflicts:
libavcodec/dcadec.c
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=0719b1849c9f495a6a51c12b22106f5424693487
---
libavcodec/dcadec.c | 19 +++++++++++++++----
1 file changed, 15 insertions(+), 4 deletions(-)
diff --git a/libavcodec/dcadec.c b/libavcodec/dcadec.c
index a32b17b..cf41246 100644
--- a/libavcodec/dcadec.c
+++ b/libavcodec/dcadec.c
@@ -1865,23 +1865,34 @@ static int dca_xbr_parse_frame(DCAContext *s)
for(i = 0; i < n_xbr_ch[chset]; i++) {
const uint32_t *scale_table;
int nbits;
+ int scale_table_size;
if (s->scalefactor_huffman[chan_base+i] == 6) {
scale_table = scale_factor_quant7;
+ scale_table_size = FF_ARRAY_ELEMS(scale_factor_quant7);
} else {
scale_table = scale_factor_quant6;
+ scale_table_size = FF_ARRAY_ELEMS(scale_factor_quant6);
}
nbits = anctemp[i];
for(j = 0; j < active_bands[chset][i]; j++) {
if(abits_high[i][j] > 0) {
- scale_table_high[i][j][0] =
- scale_table[get_bits(&s->gb, nbits)];
+ int index = get_bits(&s->gb, nbits);
+ if (index >= scale_table_size) {
+ av_log(s->avctx, AV_LOG_ERROR, "scale table
index %d invalid\n", index);
+ return AVERROR_INVALIDDATA;
+ }
+ scale_table_high[i][j][0] = scale_table[index];
if(xbr_tmode && s->transition_mode[i][j]) {
- scale_table_high[i][j][1] =
- scale_table[get_bits(&s->gb, nbits)];
+ int index = get_bits(&s->gb, nbits);
+ if (index >= scale_table_size) {
+ av_log(s->avctx, AV_LOG_ERROR, "scale
table index %d invalid\n", index);
+ return AVERROR_INVALIDDATA;
+ }
+ scale_table_high[i][j][1] = scale_table[index];
}
}
}
_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog
