From 48d20c11ba8141337e2bbc6a779a29142390556e Mon Sep 17 00:00:00 2001 From: Alex Converse Date: Wed, 8 Jul 2009 23:12:53 +0000 Subject: [PATCH] Prevent AAC frame size overflows. Originally committed as revision 19381 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/aacenc.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/libavcodec/aacenc.c b/libavcodec/aacenc.c index 93dbadc2bf..197fe50101 100644 --- a/libavcodec/aacenc.c +++ b/libavcodec/aacenc.c @@ -540,6 +540,8 @@ static int aac_encode_frame(AVCodecContext *avctx, } start_ch += chans; } + do { + int frame_bits; init_put_bits(&s->pb, frame, buf_size*8); if ((avctx->frame_number & 0xFF)==1 && !(avctx->flags & CODEC_FLAG_BITEXACT)) put_bitstream_info(avctx, s, LIBAVCODEC_IDENT); @@ -586,6 +588,14 @@ static int aac_encode_frame(AVCodecContext *avctx, start_ch += chans; } + frame_bits = put_bits_count(&s->pb); + if (frame_bits <= 6144 * avctx->channels - 3) + break; + + s->lambda *= avctx->bit_rate * 1024.0f / avctx->sample_rate / frame_bits; + + } while (1); + put_bits(&s->pb, 3, TYPE_END); flush_put_bits(&s->pb); avctx->frame_bits = put_bits_count(&s->pb); @@ -597,10 +607,6 @@ static int aac_encode_frame(AVCodecContext *avctx, s->lambda = fminf(s->lambda, 65536.f); } - if (avctx->frame_bits > 6144*avctx->channels) - av_log(avctx, AV_LOG_ERROR, "input buffer violation %d > %d.\n", - avctx->frame_bits, 6144*avctx->channels); - if (!data) s->last_frame = 1; memcpy(s->samples, s->samples + 1024 * avctx->channels,