From ce7d842fa68db8676807d55c7005b90bff6a9a31 Mon Sep 17 00:00:00 2001 From: Justin Ruggles Date: Sat, 6 Dec 2008 15:36:23 +0000 Subject: [PATCH] ac3dec: detect out-of-range exponents Originally committed as revision 16015 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/ac3dec.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/libavcodec/ac3dec.c b/libavcodec/ac3dec.c index 83edfe5d02..998c872d1e 100644 --- a/libavcodec/ac3dec.c +++ b/libavcodec/ac3dec.c @@ -372,7 +372,7 @@ static void set_downmix_coeffs(AC3DecodeContext *s) * Decode the grouped exponents according to exponent strategy. * reference: Section 7.1.3 Exponent Decoding */ -static void decode_exponents(GetBitContext *gbc, int exp_strategy, int ngrps, +static int decode_exponents(GetBitContext *gbc, int exp_strategy, int ngrps, uint8_t absexp, int8_t *dexps) { int i, j, grp, group_size; @@ -391,11 +391,14 @@ static void decode_exponents(GetBitContext *gbc, int exp_strategy, int ngrps, /* convert to absolute exps and expand groups */ prevexp = absexp; for(i=0; i 24) + return -1; for(j=0; jchannels; ch++) { if (s->exp_strategy[blk][ch] != EXP_REUSE) { s->dexps[ch][0] = get_bits(gbc, 4) << !ch; - decode_exponents(gbc, s->exp_strategy[blk][ch], + if (decode_exponents(gbc, s->exp_strategy[blk][ch], s->num_exp_groups[ch], s->dexps[ch][0], - &s->dexps[ch][s->start_freq[ch]+!!ch]); + &s->dexps[ch][s->start_freq[ch]+!!ch])) { + av_log(s->avctx, AV_LOG_ERROR, "exponent out-of-range\n"); + return -1; + } if(ch != CPL_CH && ch != s->lfe_ch) skip_bits(gbc, 2); /* skip gainrng */ }