Better fix attached.
From 8d0a8dee32c2d51c6bf1bcd58e5e96ba92e6341b Mon Sep 17 00:00:00 2001
From: Paul B Mahol <one...@gmail.com>
Date: Tue, 23 Aug 2022 22:39:41 +0200
Subject: [PATCH] avcodec/wavpack: fix regression in decoding
Regression introduced in c6831e2a70f734c71f483d69d46d0635963530.
Fix it by using bitreader that reads 0-32 bits, instead of
0-25 bits and asserting on anything higher.
Signed-off-by: Paul B Mahol <one...@gmail.com>
---
libavcodec/wavpack.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index c12e1d6ec6..a09ce00fe2 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -119,7 +119,7 @@ typedef struct WavpackContext {
#define LEVEL_DECAY(a) (((a) + 0x80) >> 8)
-static av_always_inline unsigned get_tail(GetBitContext *gb, int k)
+static av_always_inline unsigned get_tail(GetBitContext *gb, unsigned k)
{
int p, e, res;
@@ -127,7 +127,7 @@ static av_always_inline unsigned get_tail(GetBitContext *gb, int k)
return 0;
p = av_log2(k);
e = (1 << (p + 1)) - k - 1;
- res = get_bitsz(gb, p);
+ res = get_bits_long(gb, p);
if (res >= e)
res = (res << 1) - e + get_bits1(gb);
return res;
@@ -266,10 +266,6 @@ static int wv_get_value(WavpackFrameContext *ctx, GetBitContext *gb,
INC_MED(2);
}
if (!c->error_limit) {
- if (add >= 0x2000000U) {
- av_log(ctx->avctx, AV_LOG_ERROR, "k %d is too large\n", add);
- goto error;
- }
ret = base + get_tail(gb, add);
if (get_bits_left(gb) <= 0)
goto error;
--
2.37.2
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
