har0ke/FFmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dpcm: ignore extra unpaired bytes in stereo streams.

Browse Source 
Fixes: CVE-2011-3951

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This commit is contained in:
Alex Converse 2012-02-17 14:13:40 -08:00
parent 3e13005cac
commit ce7aee9b73
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
libavcodec/dpcm.c
View File

@ -183,6 +183,11 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data,
int stereo = s->channels - 1; int stereo = s->channels - 1;
int16_t *output_samples; int16_t *output_samples;
if (stereo && (buf_size & 1)) {
buf_size--;
buf_end--;
}
/* calculate output size */ /* calculate output size */
switch(avctx->codec->id) { switch(avctx->codec->id) {
case CODEC_ID_ROQ_DPCM: case CODEC_ID_ROQ_DPCM:
@ -317,7 +322,7 @@ static int dpcm_decode_frame(AVCodecContext *avctx, void *data,
*got_frame_ptr = 1; *got_frame_ptr = 1;
*(AVFrame *)data = s->frame; *(AVFrame *)data = s->frame;
return buf_size; return avpkt->size;
} }
#define DPCM_DECODER(id_, name_, long_name_) \ #define DPCM_DECODER(id_, name_, long_name_) \