patches/to_upstream/48_vorbis_residue_buffer.patch - Issue 8413019: Fix vorbis decoder bug.

Side by Side Diff

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Side by Side Diff: patches/to_upstream/48_vorbis_residue_buffer.patch

Issue 8413019: Fix vorbis decoder bug. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/deps/third_party/ffmpeg/

Patch Set: Created 9 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 diff -wurp -N orig/libavcodec/vorbisdec.c patched-ffmpeg/libavcodec/vorbisdec.c

	2 --- orig/libavcodec/vorbisdec.c 2011-10-27 15:48:42.027540743 -0700

	3 +++ patched-ffmpeg/libavcodec/vorbisdec.c 2011-10-27 16:00:51.835226983 -0 700

	4 @@ -660,7 +660,7 @@ static int vorbis_parse_setup_hdr_residu

	5 res_setup->partition_size = get_bits(gb, 24) + 1;

	6 /* Validations to prevent a buffer overflow later. */

	7 if (res_setup->begin>res_setup->end \|\|

	8 - res_setup->end > vc->avccontext->channels * vc->blocksize[1] / 2 \|\|

	9 + res_setup->end > (res_setup->type == 2 ? vc->avccontext->channels : 1) * vc->blocksize[1] / 2 \|\|

	10 (res_setup->end-res_setup->begin) / res_setup->partition_size > V_M AX_PARTITIONS) {

	11 av_log(vc->avccontext, AV_LOG_ERROR,

	12 "partition out of bounds: type, begin, end, size, blocksize: %"PRIu16", %"PRIu32", %"PRIu32", %u, %"PRIu32"\n",

	13 @@ -1468,6 +1468,7 @@ static int vorbis_parse_audio_packet(vor

	14 uint8_t res_chan[255];

	15 unsigned res_num = 0;

	16 int retlen = 0;

	17 + int ch_left = vc->audio_channels;

	18

	19 if (get_bits1(gb)) {

	20 av_log(vc->avccontext, AV_LOG_ERROR, "Not a Vorbis I audio packet.\n");

	21 @@ -1542,9 +1543,14 @@ static int vorbis_parse_audio_packet(vor

	22 }

	23 }

	24 residue = &vc->residues[mapping->submap_residue[i]];

	25 + if (ch_left < ch) {

	26 + av_log(vc->avccontext, AV_LOG_ERROR, "Too many channels in vorbis_f loor_decode.\n");

	27 + return -1;

	28 + }

	29 vorbis_residue_decode(vc, residue, ch, do_not_decode, ch_res_ptr, block size/2);

	30

	31 ch_res_ptr += ch * blocksize / 2;

	32 + ch_left -= ch;

	33 }

	34

	35 // Inverse coupling

OLD	NEW

« README.chromium ('K') | « patches/README ('k') | source/patched-ffmpeg/libavcodec/vorbisdec.c » ('j') | source/patched-ffmpeg/libavcodec/vorbisdec.c » ('J')