* WavPack lossless audio decoder
* Copyright (c) 2006,2011 Konstantin Shishkov
*
- * This file is part of Libav.
+ * This file is part of FFmpeg.
*
- * Libav is free software; you can redistribute it and/or
+ * FFmpeg is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
- * Libav is distributed in the hope that it will be useful,
+ * FFmpeg is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
- * License along with Libav; if not, write to the Free Software
+ * License along with FFmpeg; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
#define WV_FLT_ZERO_SENT 0x08
#define WV_FLT_ZERO_SIGN 0x10
+#define WV_MAX_SAMPLES 131072
+
enum WP_ID_Flags {
WP_IDF_MASK = 0x1F,
WP_IDF_IGNORE = 0x20,
INC_MED(2);
}
if (!c->error_limit) {
+ if (add >= 0x2000000U) {
+ av_log(ctx->avctx, AV_LOG_ERROR, "k %d is too large\n", add);
+ goto error;
+ }
ret = base + get_tail(gb, add);
if (get_bits_left(gb) <= 0)
goto error;
return AVERROR_INVALIDDATA;
}
+ if (wc->ch_offset >= avctx->channels) {
+ av_log(avctx, AV_LOG_ERROR, "too many channels\n");
+ return -1;
+ }
+
memset(s->decorr, 0, MAX_TERMS * sizeof(Decorr));
memset(s->ch, 0, sizeof(s->ch));
s->extra_bits = 0;
*got_frame_ptr = 0;
return 0;
}
+ if (s->samples > wc->samples) {
+ av_log(avctx, AV_LOG_ERROR, "too many samples in block");
+ return -1;
+ }
} else {
s->samples = wc->samples;
}
continue;
}
t = 0;
- for (i = s->terms - 1; (i >= 0) && (t < size); i--) {
+ for (i = s->terms - 1; (i >= 0) && (t < size) && buf <= buf_end; i--) {
if (s->decorr[i].value > 8) {
s->decorr[i].samplesA[0] = wp_exp2(AV_RL16(buf));
buf += 2;
buf += 2;
t += 4;
} else {
- for (j = 0; j < s->decorr[i].value; j++) {
+ for (j = 0; j < s->decorr[i].value && buf+1<buf_end; j++) {
s->decorr[i].samplesA[j] = wp_exp2(AV_RL16(buf));
buf += 2;
if (s->stereo_in) {
frame_flags = AV_RL32(buf + 4);
}
}
- if (s->samples <= 0) {
+ if (s->samples <= 0 || s->samples > WV_MAX_SAMPLES) {
av_log(avctx, AV_LOG_ERROR, "Invalid number of samples: %d\n",
s->samples);
return AVERROR_INVALIDDATA;
}
/* get output buffer */
- frame->nb_samples = s->samples;
- if ((ret = ff_get_buffer(avctx, frame, 0)) < 0) {
- av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
+ frame->nb_samples = s->samples + 1;
+ if ((ret = ff_get_buffer(avctx, frame, 0)) < 0)
return ret;
- }
+ frame->nb_samples = s->samples;
while (buf_size > 0) {
if (!s->multichannel) {
projects / ffmpeg / blobdiff