]> git.sesse.net Git - ffmpeg/blobdiff - libavcodec/shorten.c
projects / ffmpeg / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge commit '708e84cda1bdbffb92847f3d6ccf6fbeb26d9948'
[ffmpeg] / libavcodec / shorten.c
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 90569bdb1feeebbeddaa3f2a30517efb3a92a9ce..49af6beec6af66ac756fd74e043d7a14d28452ed 100644 (file)
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -160,8 +160,11 @@ static int allocate_buffers(ShortenContext *s)
 
 static inline unsigned int get_uint(ShortenContext *s, int k)
 {
-    if (s->version != 0)
+    if (s->version != 0) {
         k = get_ur_golomb_shorten(&s->gb, ULONGSIZE);
+        if (k > 31U)
+            return AVERROR_INVALIDDATA;
+    }
     return get_ur_golomb_shorten(&s->gb, k);
 }
 
@@ -442,6 +445,10 @@ static int read_header(ShortenContext *s)
         s->blocksize = blocksize;
 
         maxnlpc  = get_uint(s, LPCQSIZE);
+        if (maxnlpc > 1024U) {
+            av_log(s->avctx, AV_LOG_ERROR, "maxnlpc is: %d\n", maxnlpc);
+            return AVERROR_INVALIDDATA;
+        }
         s->nmean = get_uint(s, 0);
 
         skip_bytes = get_uint(s, NSKIPSIZE);
@@ -455,12 +462,6 @@ static int read_header(ShortenContext *s)
     }
     s->nwrap = FFMAX(NWRAP, maxnlpc);
 
-    if ((ret = allocate_buffers(s)) < 0)
-        return ret;
-
-    if ((ret = init_offset(s)) < 0)
-        return ret;
-
     if (s->version > 1)
         s->lpcqoffset = V2LPCQOFFSET;
 
@@ -497,6 +498,13 @@ static int read_header(ShortenContext *s)
     }
 
 end:
+
+    if ((ret = allocate_buffers(s)) < 0)
+        return ret;
+
+    if ((ret = init_offset(s)) < 0)
+        return ret;
+
     s->cur_chan = 0;
     s->bitshift = 0;
 
@@ -658,6 +666,10 @@ static int shorten_decode_frame(AVCodecContext *avctx, void *data,
                  * of get_sr_golomb_shorten(). */
                 if (s->version == 0)
                     residual_size--;
+                if (residual_size > 30U) {
+                    av_log(avctx, AV_LOG_ERROR, "residual size unsupportd: %d\n", residual_size);
+                    return AVERROR_INVALIDDATA;
+                }
             }
 
             /* calculate sample offset using means from previous blocks */
Unnamed repository; edit this file 'description' to name the repository.