proresdec: Fix read via negative index in a global array.

[ffmpeg] / libavcodec / adxdec.c

diff --git a/libavcodec/adxdec.c b/libavcodec/adxdec.c
index cf494c12d4d8cc3e097b7cb9173a4da40cff4029..ec4b1041af080dfa2f953c932e92a7d39047e54d 100644 (file)
--- a/libavcodec/adxdec.c
+++ b/libavcodec/adxdec.c
@@ -45,7 +45,8 @@ static av_cold int adx_decode_init(AVCodecContext *avctx)
             av_log(avctx, AV_LOG_ERROR, "error parsing ADX header\n");
             return AVERROR_INVALIDDATA;
         }
-        c->channels = avctx->channels;
+        c->channels      = avctx->channels;
+        c->header_parsed = 1;
     }
 
     avctx->sample_fmt = AV_SAMPLE_FMT_S16;
@@ -106,21 +107,21 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data,
         return buf_size;
     }
 
-    if(AV_RB16(buf) == 0x8000){
+    if (!c->header_parsed && buf_size >= 2 && AV_RB16(buf) == 0x8000) {
         int header_size;
-        if ((ret = avpriv_adx_decode_header(avctx, buf,
-                                            buf_size, &header_size,
+        if ((ret = avpriv_adx_decode_header(avctx, buf, buf_size, &header_size,
                                             c->coeff)) < 0) {
             av_log(avctx, AV_LOG_ERROR, "error parsing ADX header\n");
             return AVERROR_INVALIDDATA;
         }
-        c->channels = avctx->channels;
-        if(buf_size < header_size)
+        c->channels      = avctx->channels;
+        c->header_parsed = 1;
+        if (buf_size < header_size)
             return AVERROR_INVALIDDATA;
-        buf += header_size;
+        buf      += header_size;
         buf_size -= header_size;
     }
-    if(c->channels <= 0)
+    if (!c->header_parsed)
         return AVERROR_INVALIDDATA;
 
     /* calculate number of blocks in the packet */
@@ -164,6 +165,13 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data,
     return buf - avpkt->data;
 }
 
+static void adx_decode_flush(AVCodecContext *avctx)
+{
+    ADXContext *c = avctx->priv_data;
+    memset(c->prev, 0, sizeof(c->prev));
+    c->eof = 0;
+}
+
 AVCodec ff_adpcm_adx_decoder = {
     .name           = "adpcm_adx",
     .type           = AVMEDIA_TYPE_AUDIO,
@@ -171,6 +179,7 @@ AVCodec ff_adpcm_adx_decoder = {
     .priv_data_size = sizeof(ADXContext),
     .init           = adx_decode_init,
     .decode         = adx_decode_frame,
+    .flush          = adx_decode_flush,
     .capabilities   = CODEC_CAP_DR1,
     .long_name      = NULL_IF_CONFIG_SMALL("SEGA CRI ADX ADPCM"),
 };