On Sat, Jun 27, 2015 at 08:36:15PM +0200, Andreas Cadhalpun wrote: > Claiming to have decoded more bytes than the packet size is wrong. > > Signed-off-by: Andreas Cadhalpun <andreas.cadhal...@googlemail.com> > --- > libavcodec/wmavoice.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c > index ae88d4e..6cd407a 100644 > --- a/libavcodec/wmavoice.c > +++ b/libavcodec/wmavoice.c > @@ -1982,7 +1982,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, > void *data, > *got_frame_ptr) { > cnt += s->spillover_nbits; > s->skip_bits_next = cnt & 7; > - return cnt >> 3; > + return FFMIN(cnt >> 3, avpkt->size); > } else > skip_bits_long (gb, s->spillover_nbits - cnt + > get_bits_count(gb)); // resync > @@ -2001,7 +2001,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, > void *data, > } else if (*got_frame_ptr) { > int cnt = get_bits_count(gb); > s->skip_bits_next = cnt & 7; > - return cnt >> 3; > + return FFMIN(cnt >> 3, avpkt->size); > } else if ((s->sframe_cache_size = pos) > 0) { > /* rewind bit reader to start of last (incomplete) superframe... */ > init_get_bits(gb, avpkt->data, size << 3);
am i assuming correct that gb was read beyond its end ? if so this maybe should be treated as an error instead of cliping [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The educated differ from the uneducated as much as the living from the dead. -- Aristotle
signature.asc
Description: Digital signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel