[FFmpeg-cvslog] avcodec: fix aac/ac3 parser bitstream buffer size

Sat, 20 Sep 2014 09:43:11 -0700 

ffmpeg | branch: release/2.2 | Michael Niedermayer <michae...@gmx.at> | Fri Aug 
22 01:15:57 2014 +0200| [014dee89d00fdf474740fbb5cbcdf07cca8aaa9c] | committer: 
Michael Niedermayer

avcodec: fix aac/ac3 parser bitstream buffer size

Buffers containing copies of the AAC and AC3 header bits were not padded
before parsing, violating init_get_bits() buffer padding requirement,
leading to potential buffer read overflows.
This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer
for parsing the header in each of aac_parser.c and ac3_parser.c.

Based on patch by: Matt Wolenetz <wolen...@chromium.org>
Signed-off-by: Michael Niedermayer <michae...@gmx.at>
(cherry picked from commit fccd85b9f30525f88692f53134eba41f1f2d90db)

Signed-off-by: Michael Niedermayer <michae...@gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=014dee89d00fdf474740fbb5cbcdf07cca8aaa9c
---

 libavcodec/aac_parser.c |    2 +-
 libavcodec/ac3_parser.c |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/aac_parser.c b/libavcodec/aac_parser.c
index ab6ca4e..cb93ba9 100644
--- a/libavcodec/aac_parser.c
+++ b/libavcodec/aac_parser.c
@@ -34,7 +34,7 @@ static int aac_sync(uint64_t state, AACAC3ParseContext 
*hdr_info,
     int size;
     union {
         uint64_t u64;
-        uint8_t  u8[8];
+        uint8_t  u8[8 + FF_INPUT_BUFFER_PADDING_SIZE];
     } tmp;
 
     tmp.u64 = av_be2ne64(state);
diff --git a/libavcodec/ac3_parser.c b/libavcodec/ac3_parser.c
index dd6d77c..131e180 100644
--- a/libavcodec/ac3_parser.c
+++ b/libavcodec/ac3_parser.c
@@ -166,7 +166,7 @@ static int ac3_sync(uint64_t state, AACAC3ParseContext 
*hdr_info,
     int err;
     union {
         uint64_t u64;
-        uint8_t  u8[8];
+        uint8_t  u8[8 + FF_INPUT_BUFFER_PADDING_SIZE];
     } tmp = { av_be2ne64(state) };
     AC3HeaderInfo hdr, *phdr = &hdr;
     GetBitContext gbc;

_______________________________________________
ffmpeg-cvslog mailing list
ffmpeg-cvslog@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-cvslog

Reply via email to