On Wed, Feb 22, 2012 at 9:45 AM, Ronald S. Bultje <[email protected]>wrote:
> From: "Ronald S. Bultje" <[email protected]> > > Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind > CC: [email protected] > --- > libavcodec/aacdec.c | 11 ++++++----- > 1 files changed, 6 insertions(+), 5 deletions(-) > > diff --git a/libavcodec/aacdec.c b/libavcodec/aacdec.c > index dd9eefc..6cbb637 100644 > --- a/libavcodec/aacdec.c > +++ b/libavcodec/aacdec.c > @@ -973,13 +973,14 @@ static int decode_band_types(AACContext *ac, enum > BandType band_type[120], > av_log(ac->avctx, AV_LOG_ERROR, "invalid band type\n"); > return -1; > } > - while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - > 1) > + while ((sect_len_incr = get_bits(gb, bits)) == (1 << bits) - > 1) { > + if (get_bits_left(gb) < 0) { > + av_log(ac->avctx, AV_LOG_ERROR, overread_err); > + return -1; > + } > sect_end += sect_len_incr; > - sect_end += sect_len_incr; > - if (get_bits_left(gb) < 0) { > - av_log(ac->avctx, AV_LOG_ERROR, overread_err); > - return -1; > } > + sect_end += sect_len_incr; > if (sect_end > ics->max_sfb) { > av_log(ac->avctx, AV_LOG_ERROR, > "Number of bands (%d) exceeds limit (%d).\n", > -- > 1.7.7.4 > > How can the EOF be all high bits? Our 6 bytes of padding are required to be zeroes.
_______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
