From 125cf771f6d17b9b9db7588cbf8f36619bc41f35 Mon Sep 17 00:00:00 2001 From: Ramiro Polla Date: Mon, 30 Mar 2009 03:20:01 +0000 Subject: mlpdec: More validation for read_channel_params() Originally committed as revision 18235 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/mlpdec.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'libavcodec/mlpdec.c') diff --git a/libavcodec/mlpdec.c b/libavcodec/mlpdec.c index 4b152a8b20..ff725e43d9 100644 --- a/libavcodec/mlpdec.c +++ b/libavcodec/mlpdec.c @@ -561,6 +561,11 @@ static int read_channel_params(MLPDecodeContext *m, unsigned int substr, if (read_filter_params(m, gbp, ch, IIR) < 0) return -1; + if (fir->order + iir->order > 8) { + av_log(m->avctx, AV_LOG_ERROR, "Total filter orders too high.\n"); + return -1; + } + if (fir->order && iir->order && fir->shift != iir->shift) { av_log(m->avctx, AV_LOG_ERROR, @@ -582,9 +587,12 @@ static int read_channel_params(MLPDecodeContext *m, unsigned int substr, cp->codebook = get_bits(gbp, 2); cp->huff_lsbs = get_bits(gbp, 5); - cp->sign_huff_offset = calculate_sign_huff(m, substr, ch); + if (cp->huff_lsbs > 24) { + av_log(m->avctx, AV_LOG_ERROR, "Invalid huff_lsbs.\n"); + return -1; + } - /* TODO: validate */ + cp->sign_huff_offset = calculate_sign_huff(m, substr, ch); return 0; } -- cgit v1.2.1