Hi, On Sat, Mar 17, 2012 at 5:49 PM, Ronald S. Bultje <[email protected]> wrote: > On Sat, Mar 17, 2012 at 5:19 PM, Alex Converse <[email protected]> > wrote: >> On Mar 17, 2012 5:07 PM, "Ronald S. Bultje" <[email protected]> wrote: >> >> --- >> libavcodec/adpcm.c | 19 ++++++++++--------- >> 1 files changed, 10 insertions(+), 9 deletions(-) >> >> diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c >> index 54c3e6d..5ddd0f8 100644 >> --- a/libavcodec/adpcm.c >> +++ b/libavcodec/adpcm.c >> @@ -544,6 +544,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, >> void *data, >> int st; /* stereo */ >> int count1, count2; >> int nb_samples, coded_samples, ret; >> + GetByteContext gb; >> >> nb_samples = get_nb_samples(avctx, buf, buf_size, &coded_samples); >> if (nb_samples <= 0) { >> @@ -568,6 +569,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, >> void *data, >> } >> >> src = buf; >> + bytestream2_init(&gb, buf, buf_size); >> >> st = avctx->channels == 2 ? 1 : 0; >> >> @@ -582,12 +584,10 @@ static int adpcm_decode_frame(AVCodecContext *avctx, >> void *data, >> /* (pppppp) (piiiiiii) */ >> >> /* Bits 15-7 are the _top_ 9 bits of the 16-bit initial >> predictor value */ >> - predictor = AV_RB16(src); >> + predictor = bytestream2_get_be16u(&gb); >> step_index = predictor & 0x7F; >> predictor &= 0xFF80; >> >> - src += 2; >> - >> if (cs->step_index == step_index) { >> int diff = (int)predictor - cs->predictor; >> if (diff < 0) >> @@ -601,18 +601,19 @@ static int adpcm_decode_frame(AVCodecContext *avctx, >> void *data, >> } >> >> if (cs->step_index > 88){ >> - av_log(avctx, AV_LOG_ERROR, "ERROR: step_index = %i\n", >> cs->step_index); >> - cs->step_index = 88; >> + av_log(avctx, AV_LOG_ERROR, "ERROR: step_index[%d] = %i\n", >> + channel, cs->step_index); >> + return AVERROR_INVALIDDATA; >> } >> >> ^ this seems to be unrelated. > > Yeah, I did that in a few places. Hard-coding an invalid value in the > stream as a starter is almost certainly a corrupt stream (as opposed > as a wrongly predicted next predictor after 10-20 samples, or so). So > I added errors for all of these cases.
So, it can be < 0 also, I'll re-do these parts of the patches to compare to 88u, i.e. protect against >88 as well as <0. Ronald _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
