[libav-devel] [PATCH] adpcm: Clip step_index values read from the bitstream at the beginning of each frame.

Tue, 28 Feb 2012 11:51:24 -0800 

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
---
 libavcodec/adpcm.c |   16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index bd86ab0..480910c 100644
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -696,7 +696,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void 
*data,
         for (channel = 0; channel < avctx->channels; channel++) {
             cs = &c->status[channel];
             cs->predictor  = (int16_t)bytestream_get_le16(&src);
-            cs->step_index = *src++;
+            cs->step_index = av_clip(*src++, 0, 88);
             src++;
             *samples++ = cs->predictor;
         }
@@ -719,8 +719,8 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void 
*data,
 
         c->status[0].predictor  = (int16_t)AV_RL16(src + 10);
         c->status[1].predictor  = (int16_t)AV_RL16(src + 12);
-        c->status[0].step_index = src[14];
-        c->status[1].step_index = src[15];
+        c->status[0].step_index = av_clip(src[14], 0, 88);
+        c->status[1].step_index = av_ckip(src[15], 0, 88);
         /* sign extend the predictors */
         src += 16;
         diff_channel = c->status[1].predictor;
@@ -760,7 +760,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void 
*data,
         for (channel = 0; channel < avctx->channels; channel++) {
             cs = &c->status[channel];
             cs->predictor  = (int16_t)bytestream_get_le16(&src);
-            cs->step_index = *src++;
+            cs->step_index = av_clip(*src++, 0, 88);
             src++;
         }
 
@@ -823,7 +823,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void 
*data,
         src += 4; // skip sample count (already read)
 
         for (i=0; i<=st; i++)
-            c->status[i].step_index = bytestream_get_le32(&src);
+            c->status[i].step_index = av_clip(bytestream_get_le32(&src), 0, 
88);
         for (i=0; i<=st; i++)
             c->status[i].predictor  = bytestream_get_le32(&src);
 
@@ -1037,11 +1037,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx, 
void *data,
     case CODEC_ID_ADPCM_IMA_SMJPEG:
         if (avctx->codec->id == CODEC_ID_ADPCM_IMA_AMV) {
             c->status[0].predictor = sign_extend(bytestream_get_le16(&src), 
16);
-            c->status[0].step_index = bytestream_get_le16(&src);
+            c->status[0].step_index = av_clip(bytestream_get_le16(&src), 0, 
88);
             src += 4;
         } else {
             c->status[0].predictor = sign_extend(bytestream_get_be16(&src), 
16);
-            c->status[0].step_index = bytestream_get_byte(&src);
+            c->status[0].step_index = av_clip(bytestream_get_byte(&src), 0, 
88);
             src += 1;
         }
 
@@ -1125,7 +1125,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void 
*data,
         while (get_bits_count(&gb) <= size - 22*avctx->channels) {
             for (i = 0; i < avctx->channels; i++) {
                 *samples++ = c->status[i].predictor = get_sbits(&gb, 16);
-                c->status[i].step_index = get_bits(&gb, 6);
+                c->status[i].step_index = av_clip(get_bits(&gb, 6), 0, 88);
             }
 
             for (count = 0; get_bits_count(&gb) <= size - 
nb_bits*avctx->channels && count < 4095; count++) {
-- 
1.7.7.3

_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel

Reply via email to