skip_bits(&gb, 3);//sample rate
c->maxbands = get_bits(&gb, 5) + 1;
+ if (c->maxbands >= BANDS)
+ return AVERROR_INVALIDDATA;
channels = get_bits(&gb, 4) + 1;
if (channels > 2) {
av_log_missing_feature(avctx, "Multichannel MPC SV8", 1);
GetBitContext gb2, *gb = &gb2;
int i, j, k, ch, cnt, res, t;
Band *bands = c->bands;
- int off;
+ int off, out_size;
int maxband, keyframe;
int last[2];
+ out_size = MPC_FRAME_SIZE * 2 * avctx->channels;
+ if (*data_size < out_size) {
+ av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
+
keyframe = c->cur_frame == 0;
if(keyframe){
maxband = c->last_max_band + get_vlc2(gb, band_vlc.table, MPC8_BANDS_BITS, 2);
if(maxband > 32) maxband -= 33;
}
+ if(maxband > c->maxbands)
+ return AVERROR_INVALIDDATA;
c->last_max_band = maxband;
/* read subband indexes */
c->last_bits_used = get_bits_count(gb);
if(c->cur_frame >= c->frames)
c->cur_frame = 0;
- *data_size = MPC_FRAME_SIZE * 2 * avctx->channels;
+ *data_size = out_size;
return c->cur_frame ? c->last_bits_used >> 3 : buf_size;
}
AVCodec ff_mpc8_decoder = {
- "mpc8",
- AVMEDIA_TYPE_AUDIO,
- CODEC_ID_MUSEPACK8,
- sizeof(MPCContext),
- mpc8_decode_init,
- NULL,
- NULL,
- mpc8_decode_frame,
+ .name = "mpc8",
+ .type = AVMEDIA_TYPE_AUDIO,
+ .id = CODEC_ID_MUSEPACK8,
+ .priv_data_size = sizeof(MPCContext),
+ .init = mpc8_decode_init,
+ .decode = mpc8_decode_frame,
.long_name = NULL_IF_CONFIG_SMALL("Musepack SV8"),
};
projects / ffmpeg / blobdiff