RepoMirrors
/
mpv
mirror of https://github.com/mpv-player/mpv
1
0
Fork 0
Code Issues Releases Wiki Activity

Add a few size checks to IMA decoder. The code is still a mess though, 

but bug # 1114 is probably fixed.


git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@27145 b3059339-0415-0410-9bf9-f77b7e298cf2
This commit is contained in:
reimar 2008-06-29 08:08:51 +00:00
parent 15a54da104
commit 2f1ffb093b
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
libmpcodecs/ad_imaadpcm.c
View File

@ -190,6 +190,10 @@ static int qt_ima_adpcm_decode_block(unsigned short *output,
int initial_index_r = 0;
int i;
if (channels > 1) channels = 2;
if (block_size < channels * QT_IMA_ADPCM_BLOCK_SIZE)
return -1;
initial_predictor_l = BE_16(&input[0]);
initial_index_l = initial_predictor_l;
@ -255,6 +259,10 @@ static int ms_ima_adpcm_decode_block(unsigned short *output,
int channel_index_l;
int channel_index_r;
if (channels > 1) channels = 2;
if (block_size < MS_IMA_ADPCM_PREAMBLE_SIZE * channels)
return -1;
predictor_l = LE_16(&input[0]);
SE_16BIT(predictor_l);
index_l = input[2];
@ -322,6 +330,10 @@ static int dk4_ima_adpcm_decode_block(unsigned short *output,
int index_l = 0;
int index_r = 0;
if (channels > 1) channels = 2;
if (block_size < MS_IMA_ADPCM_PREAMBLE_SIZE * channels)
return -1;
// the first predictor value goes straight to the output
predictor_l = output[0] = LE_16(&input[0]);
SE_16BIT(predictor_l);