On 11/03/15 20:25, Vittorio Giovara wrote:
Prevents unsigned overflow and variable truncation.Bug-Id: CID 603186 --- libavcodec/aacsbr.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libavcodec/aacsbr.c b/libavcodec/aacsbr.c index 3da8a5b..b389e10 100644 --- a/libavcodec/aacsbr.c +++ b/libavcodec/aacsbr.c @@ -628,7 +628,7 @@ static int read_sbr_grid(AACContext *ac, SpectralBandReplication *sbr, GetBitContext *gb, SBRData *ch_data) { int i; - unsigned bs_pointer = 0; + int bs_pointer = 0; // frameLengthFlag ? 15 : 16; 960 sample length frames unsupported; this value is numTimeSlots int abs_bord_trail = 16; int num_rel_lead, num_rel_trail; @@ -721,7 +721,7 @@ static int read_sbr_grid(AACContext *ac, SpectralBandReplication *sbr, break; } - if (bs_pointer > ch_data->bs_num_env + 1) { + if (bs_pointer < 0 || bs_pointer > ch_data->bs_num_env + 1) { av_log(ac->avctx, AV_LOG_ERROR, "Invalid bitstream, bs_pointer points to a middle noise border outside the time borders table: %d\n", bs_pointer); @@ -740,7 +740,7 @@ static int read_sbr_grid(AACContext *ac, SpectralBandReplication *sbr, ch_data->t_q[0] = ch_data->t_env[0]; ch_data->t_q[ch_data->bs_num_noise] = ch_data->t_env[ch_data->bs_num_env]; if (ch_data->bs_num_noise > 1) { - unsigned int idx; + int idx; if (ch_data->bs_frame_class == FIXFIX) { idx = ch_data->bs_num_env >> 1; } else if (ch_data->bs_frame_class & 1) { // FIXVAR or VARVAR
Probably ok. _______________________________________________ libav-devel mailing list libav-devel@libav.org https://lists.libav.org/mailman/listinfo/libav-devel
