pos = avio_tell(pb);
*tag = avio_rl16(pb);
*size = ffio_read_varlen(pb);
- *size -= avio_tell(pb) - pos;
+ pos -= avio_tell(pb);
+ if (av_sat_add64(*size, pos) != (uint64_t)*size + pos) {
+ *size = -1;
+ } else
+ *size += pos;
}
static void mpc8_parse_seektable(AVFormatContext *s, int64_t off)
av_add_index_entry(s->streams[0], pos, i, 0, 0, AVINDEX_KEYFRAME);
}
for(; i < size; i++){
+ if (get_bits_left(&gb) < 13) {
+ av_free(buf);
+ return;
+ }
t = get_unary(&gb, 1, 33) << 12;
t += get_bits(&gb, 12);
if(t & 1)
t = -(t & ~1);
- pos = (t >> 1) + ppos[0]*2 - ppos[1];
- av_add_index_entry(s->streams[0], pos, i << seekd, 0, 0, AVINDEX_KEYFRAME);
+ pos = (t >> 1) + (uint64_t)ppos[0]*2 - ppos[1];
+ av_add_index_entry(s->streams[0], pos, (int64_t)i << seekd, 0, 0, AVINDEX_KEYFRAME);
ppos[1] = ppos[0];
ppos[0] = pos;
}
st->codecpar->channels = (st->codecpar->extradata[1] >> 4) + 1;
st->codecpar->sample_rate = mpc8_rate[st->codecpar->extradata[0] >> 5];
- avpriv_set_pts_info(st, 32, 1152 << (st->codecpar->extradata[1]&3)*2, st->codecpar->sample_rate);
+ avpriv_set_pts_info(st, 64, 1152 << (st->codecpar->extradata[1]&3)*2, st->codecpar->sample_rate);
st->start_time = 0;
st->duration = c->samples / (1152 << (st->codecpar->extradata[1]&3)*2);
size -= avio_tell(pb) - pos;
return AVERROR_EOF;
mpc8_get_chunk_header(s->pb, &tag, &size);
- if (size < 0)
+ if (size < 0 || size > INT_MAX)
return -1;
if(tag == TAG_AUDIOPACKET){
if ((ret = av_get_packet(s->pb, pkt, size)) < 0)
int index = av_index_search_timestamp(st, timestamp, flags);
if(index < 0) return -1;
- if (avio_seek(s->pb, st->index_entries[index].pos, SEEK_SET) < 0)
+ if (avio_seek(s->pb, st->internal->index_entries[index].pos, SEEK_SET) < 0)
return -1;
- ff_update_cur_dts(s, st, st->index_entries[index].timestamp);
+ ff_update_cur_dts(s, st, st->internal->index_entries[index].timestamp);
return 0;
}
projects / ffmpeg / blobdiff