On Sun, Jan 03, 2016 at 03:58:04PM +0100, Carl Eugen Hoyos wrote: > Hi! > > Is there still something important missing?
the code below or a change to bits_long
also there are segfaults
try with a fuzzer
diff --git a/libavcodec/dca_xll.c b/libavcodec/dca_xll.c
index 98fd4c8..60efa16 100644
--- a/libavcodec/dca_xll.c
+++ b/libavcodec/dca_xll.c
@@ -487,6 +487,11 @@ int ff_dca_xll_decode_audio(DCAContext *s, AVFrame *frame)
params->pancAuxABIT[i] = get_bits(gb, bits4ABIT) + 1;
else
params->pancAuxABIT[i] = 0;
+
+ if (params->pancAuxABIT[i] > 25) {
+ av_log(s->avctx, AV_LOG_WARNING, "XLL: pancAuxABIT too
large\n");
+ params->pancAuxABIT[i] = 0;
+ }
}
for (i = 0; i < num_param_sets; i++) {
@@ -510,6 +515,10 @@ int ff_dca_xll_decode_audio(DCAContext *s, AVFrame *frame)
if (params->rice_code_flag[i] == 0 && params->pancABIT[i]
> 0)
/* For linear code */
params->pancABIT[i]++;
+ if (params->pancABIT[i] > 25 || params->pancABIT0[i] > 25)
{
+ av_log(AV_LOG_WARNING, "XLL: pancABIT too large\n");
+ goto next_chset;
+ }
}
}
for (i = 0; i < chset->channels; i++) {
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Many that live deserve death. And some that die deserve life. Can you give
it to them? Then do not be too eager to deal out death in judgement. For
even the very wise cannot see all ends. -- Gandalf
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
