subject:"\\\[FFmpeg\\\-devel\\\] \\\[PATCH\\\] wmavoice\\\: limit wmavoice_decode

Re: [FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size

2015-06-28 Thread Andreas Cadhalpun

On 27.06.2015 23:01, Michael Niedermayer wrote:
 On Sat, Jun 27, 2015 at 08:36:15PM +0200, Andreas Cadhalpun wrote:
 Claiming to have decoded more bytes than the packet size is wrong.

 Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com
 ---
  libavcodec/wmavoice.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

 diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
 index ae88d4e..6cd407a 100644
 --- a/libavcodec/wmavoice.c
 +++ b/libavcodec/wmavoice.c
 @@ -1982,7 +1982,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, 
 void *data,
  *got_frame_ptr) {
  cnt += s-spillover_nbits;
  s-skip_bits_next = cnt  7;
 -return cnt  3;
 +return FFMIN(cnt  3, avpkt-size);
  } else
  skip_bits_long (gb, s-spillover_nbits - cnt +
  get_bits_count(gb)); // resync
 @@ -2001,7 +2001,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, 
 void *data,
  } else if (*got_frame_ptr) {
  int cnt = get_bits_count(gb);
  s-skip_bits_next = cnt  7;
 -return cnt  3;
 +return FFMIN(cnt  3, avpkt-size);
  } else if ((s-sframe_cache_size = pos)  0) {
  /* rewind bit reader to start of last (incomplete) superframe... */
  init_get_bits(gb, avpkt-data, size  3);
 
 am i assuming correct that gb was read beyond its end ?

That only happens in the second case, not in the first.

 if so this maybe should be treated as an error instead of cliping

Treating one like an error, but not the other seems strange as well.
One could add an explode mode for both. Would that be better?

Best regards,
Andreas
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

[FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size

2015-06-27 Thread Andreas Cadhalpun

Claiming to have decoded more bytes than the packet size is wrong.

Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com
---
 libavcodec/wmavoice.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
index ae88d4e..6cd407a 100644
--- a/libavcodec/wmavoice.c
+++ b/libavcodec/wmavoice.c
@@ -1982,7 +1982,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, 
void *data,
 *got_frame_ptr) {
 cnt += s-spillover_nbits;
 s-skip_bits_next = cnt  7;
-return cnt  3;
+return FFMIN(cnt  3, avpkt-size);
 } else
 skip_bits_long (gb, s-spillover_nbits - cnt +
 get_bits_count(gb)); // resync
@@ -2001,7 +2001,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, 
void *data,
 } else if (*got_frame_ptr) {
 int cnt = get_bits_count(gb);
 s-skip_bits_next = cnt  7;
-return cnt  3;
+return FFMIN(cnt  3, avpkt-size);
 } else if ((s-sframe_cache_size = pos)  0) {
 /* rewind bit reader to start of last (incomplete) superframe... */
 init_get_bits(gb, avpkt-data, size  3);
-- 
2.1.4
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size

2015-06-27 Thread Michael Niedermayer

On Sat, Jun 27, 2015 at 08:36:15PM +0200, Andreas Cadhalpun wrote:
 Claiming to have decoded more bytes than the packet size is wrong.
 
 Signed-off-by: Andreas Cadhalpun andreas.cadhal...@googlemail.com
 ---
  libavcodec/wmavoice.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/libavcodec/wmavoice.c b/libavcodec/wmavoice.c
 index ae88d4e..6cd407a 100644
 --- a/libavcodec/wmavoice.c
 +++ b/libavcodec/wmavoice.c
 @@ -1982,7 +1982,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, 
 void *data,
  *got_frame_ptr) {
  cnt += s-spillover_nbits;
  s-skip_bits_next = cnt  7;
 -return cnt  3;
 +return FFMIN(cnt  3, avpkt-size);
  } else
  skip_bits_long (gb, s-spillover_nbits - cnt +
  get_bits_count(gb)); // resync
 @@ -2001,7 +2001,7 @@ static int wmavoice_decode_packet(AVCodecContext *ctx, 
 void *data,
  } else if (*got_frame_ptr) {
  int cnt = get_bits_count(gb);
  s-skip_bits_next = cnt  7;
 -return cnt  3;
 +return FFMIN(cnt  3, avpkt-size);
  } else if ((s-sframe_cache_size = pos)  0) {
  /* rewind bit reader to start of last (incomplete) superframe... */
  init_get_bits(gb, avpkt-data, size  3);

am i assuming correct that gb was read beyond its end ?
if so this maybe should be treated as an error instead of cliping

[...]

-- 
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The educated differ from the uneducated as much as the living from the
dead. -- Aristotle 


signature.asc
Description: Digital signature
___
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
http://ffmpeg.org/mailman/listinfo/ffmpeg-devel

Re: [FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size

[FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size

Re: [FFmpeg-devel] [PATCH] wmavoice: limit wmavoice_decode_packet return value to packet size

3 matches

Site Navigation

Mail list logo

Footer information