See title and patch.
--
fenrir
>From 2df497d84f122208da6b63625530fb64725ddaec Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fen...@videolan.org>
Date: Wed, 7 Sep 2011 21:43:03 +0200
Subject: [PATCH] Fixed segfault with wavpack decoder on corrupted decorrelation terms sub-blocks.
---
libavcodec/wavpack.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 62f6880..0a70c4c 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -841,12 +841,12 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
}
switch(id & WP_IDF_MASK){
case WP_ID_DECTERMS:
- s->terms = size;
- if(s->terms > MAX_TERMS){
+ if(size > MAX_TERMS){
av_log(avctx, AV_LOG_ERROR, "Too many decorrelation terms\n");
buf += ssize;
continue;
}
+ s->terms = size;
for(i = 0; i < s->terms; i++) {
s->decorr[s->terms - i - 1].value = (*buf & 0x1F) - 5;
s->decorr[s->terms - i - 1].delta = *buf >> 5;
--
1.7.2.5
_______________________________________________
libav-devel mailing list
libav-devel@libav.org
https://lists.libav.org/mailman/listinfo/libav-devel
