diff options
author | reimar <reimar@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2008-06-29 08:08:51 +0000 |
---|---|---|
committer | reimar <reimar@b3059339-0415-0410-9bf9-f77b7e298cf2> | 2008-06-29 08:08:51 +0000 |
commit | 2f1ffb093bafe5377382e479b6448b2de2b15a31 (patch) | |
tree | 2f36c0cd1a598a0b4d0f30d1e64552def2c633d5 /libmpcodecs/ad_imaadpcm.c | |
parent | 15a54da104cf4670eef3d15330ac9d09f644cbbc (diff) | |
download | mpv-2f1ffb093bafe5377382e479b6448b2de2b15a31.tar.bz2 mpv-2f1ffb093bafe5377382e479b6448b2de2b15a31.tar.xz |
Add a few size checks to IMA decoder. The code is still a mess though,
but bug # 1114 is probably fixed.
git-svn-id: svn://svn.mplayerhq.hu/mplayer/trunk@27145 b3059339-0415-0410-9bf9-f77b7e298cf2
Diffstat (limited to 'libmpcodecs/ad_imaadpcm.c')
-rw-r--r-- | libmpcodecs/ad_imaadpcm.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/libmpcodecs/ad_imaadpcm.c b/libmpcodecs/ad_imaadpcm.c index a4a5bfaf5e..b3011106f7 100644 --- a/libmpcodecs/ad_imaadpcm.c +++ b/libmpcodecs/ad_imaadpcm.c @@ -190,6 +190,10 @@ static int qt_ima_adpcm_decode_block(unsigned short *output, int initial_index_r = 0; int i; + if (channels > 1) channels = 2; + if (block_size < channels * QT_IMA_ADPCM_BLOCK_SIZE) + return -1; + initial_predictor_l = BE_16(&input[0]); initial_index_l = initial_predictor_l; @@ -255,6 +259,10 @@ static int ms_ima_adpcm_decode_block(unsigned short *output, int channel_index_l; int channel_index_r; + if (channels > 1) channels = 2; + if (block_size < MS_IMA_ADPCM_PREAMBLE_SIZE * channels) + return -1; + predictor_l = LE_16(&input[0]); SE_16BIT(predictor_l); index_l = input[2]; @@ -322,6 +330,10 @@ static int dk4_ima_adpcm_decode_block(unsigned short *output, int index_l = 0; int index_r = 0; + if (channels > 1) channels = 2; + if (block_size < MS_IMA_ADPCM_PREAMBLE_SIZE * channels) + return -1; + // the first predictor value goes straight to the output predictor_l = output[0] = LE_16(&input[0]); SE_16BIT(predictor_l); |