Re: [FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size
On 27.06.2015 23:01, Michael Niedermayer wrote: On Sat, Jun 27, 2015 at 08:36:15PM +0200, Andreas Cadhalpun wrote: Claiming to have decoded more bytes than the packet size is wrong. Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com --- libavcodec/wmavoice.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index ae88d4e..6cd407a 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -1982,7 +1982,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data, *got_frame_ptr) { cnt += s-spillover_nbits; s-skip_bits_next = cnt 7; -return cnt 3; +return FFMIN(cnt 3, avpkt-size); } else skip_bits_long (gb, s-spillover_nbits - cnt + get_bits_count(gb)); // resync @@ -2001,7 +2001,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data, } else if (*got_frame_ptr) { int cnt = get_bits_count(gb); s-skip_bits_next = cnt 7; -return cnt 3; +return FFMIN(cnt 3, avpkt-size); } else if ((s-sframe_cache_size = pos) 0) { /* rewind bit reader to start of last (incomplete) superframe... */ init_get_bits(gb, avpkt-data, size 3); am i assuming correct that gb was read beyond its end ? That only happens in the second case, not in the first. if so this maybe should be treated as an error instead of cliping Treating one like an error, but not the other seems strange as well. One could add an explode mode for both. Would that be better? Best regards, Andreas ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
[FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size
Claiming to have decoded more bytes than the packet size is wrong. Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com --- libavcodec/wmavoice.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index ae88d4e..6cd407a 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -1982,7 +1982,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data, *got_frame_ptr) { cnt += s-spillover_nbits; s-skip_bits_next = cnt 7; -return cnt 3; +return FFMIN(cnt 3, avpkt-size); } else skip_bits_long (gb, s-spillover_nbits - cnt + get_bits_count(gb)); // resync @@ -2001,7 +2001,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data, } else if (*got_frame_ptr) { int cnt = get_bits_count(gb); s-skip_bits_next = cnt 7; -return cnt 3; +return FFMIN(cnt 3, avpkt-size); } else if ((s-sframe_cache_size = pos) 0) { /* rewind bit reader to start of last (incomplete) superframe... */ init_get_bits(gb, avpkt-data, size 3); -- 2.1.4 ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel
Re: [FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size
On Sat, Jun 27, 2015 at 08:36:15PM +0200, Andreas Cadhalpun wrote: Claiming to have decoded more bytes than the packet size is wrong. Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com --- libavcodec/wmavoice.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c index ae88d4e..6cd407a 100644 --- a/libavcodec/wmavoice.c +++ b/libavcodec/wmavoice.c @@ -1982,7 +1982,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data, *got_frame_ptr) { cnt += s-spillover_nbits; s-skip_bits_next = cnt 7; -return cnt 3; +return FFMIN(cnt 3, avpkt-size); } else skip_bits_long (gb, s-spillover_nbits - cnt + get_bits_count(gb)); // resync @@ -2001,7 +2001,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, void *data, } else if (*got_frame_ptr) { int cnt = get_bits_count(gb); s-skip_bits_next = cnt 7; -return cnt 3; +return FFMIN(cnt 3, avpkt-size); } else if ((s-sframe_cache_size = pos) 0) { /* rewind bit reader to start of last (incomplete) superframe... */ init_get_bits(gb, avpkt-data, size 3); am i assuming correct that gb was read beyond its end ? if so this maybe should be treated as an error instead of cliping [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB The educated differ from the uneducated as much as the living from the dead. -- Aristotle signature.asc Description: Digital signature ___ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org http://ffmpeg.org/mailman/listinfo/ffmpeg-devel