Skip to content

F
ffmpeg
Commit d0f79271 authored by Michael Niedermayer's avatar Michael Niedermayer
Browse files
Options

smacker: Check for overread in smka_decode_frame() 

Fixes a segfault with wetlog_fail.smk
Bug found by: Shitiz Garg
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent ffa1f541
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 0 deletions
libavcodec/smacker.c
View file @ d0f79271
...@@ -663,6 +663,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, ...@@ -663,6 +663,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
for(i = 0; i <= stereo; i++) for(i = 0; i <= stereo; i++)
*samples++ = pred[i]; *samples++ = pred[i];
for(; i < unp_size / 2; i++) { for(; i < unp_size / 2; i++) {
if(get_bits_left(&gb)<0)
return -1;
if(i & stereo) { if(i & stereo) {
if(vlc[2].table) if(vlc[2].table)
res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3); res = get_vlc2(&gb, vlc[2].table, SMKTREE_BITS, 3);
...@@ -697,6 +699,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, ...@@ -697,6 +699,8 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
for(i = 0; i <= stereo; i++) for(i = 0; i <= stereo; i++)
*samples8++ = pred[i]; *samples8++ = pred[i];
for(; i < unp_size; i++) { for(; i < unp_size; i++) {
if(get_bits_left(&gb)<0)
return -1;
if(i & stereo){ if(i & stereo){
if(vlc[1].table) if(vlc[1].table)
res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3); res = get_vlc2(&gb, vlc[1].table, SMKTREE_BITS, 3);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment