From 49568851bf1700e3d9ea9cda29208d0df3c2c38b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Martin=20Storsj=C3=B6?= <martin@martin.st>
Date: Wed, 11 Sep 2013 22:17:13 +0300
Subject: [PATCH] shorten: Use a checked bytestream reader for the wave header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Reported-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Signed-off-by: Martin Storsjö <martin@martin.st>
---
libavcodec/shorten.c | 29 ++++++++++++++++-------------
1 file changed, 16 insertions(+), 13 deletions(-)
diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 15279461727..130bde63037 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -202,31 +202,34 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header,
{
int len;
short wave_format;
+ GetByteContext gb;
- if (bytestream_get_le32(&header) != MKTAG('R', 'I', 'F', 'F')) {
+ bytestream2_init(&gb, header, header_size);
+
+ if (bytestream2_get_le32(&gb) != MKTAG('R', 'I', 'F', 'F')) {
av_log(avctx, AV_LOG_ERROR, "missing RIFF tag\n");
return AVERROR_INVALIDDATA;
}
- header += 4; /* chunk size */
+ bytestream2_skip(&gb, 4); /* chunk size */
- if (bytestream_get_le32(&header) != MKTAG('W', 'A', 'V', 'E')) {
+ if (bytestream2_get_le32(&gb) != MKTAG('W', 'A', 'V', 'E')) {
av_log(avctx, AV_LOG_ERROR, "missing WAVE tag\n");
return AVERROR_INVALIDDATA;
}
- while (bytestream_get_le32(&header) != MKTAG('f', 'm', 't', ' ')) {
- len = bytestream_get_le32(&header);
- header += len;
+ while (bytestream2_get_le32(&gb) != MKTAG('f', 'm', 't', ' ')) {
+ len = bytestream2_get_le32(&gb);
+ bytestream2_skip(&gb, len);
}
- len = bytestream_get_le32(&header);
+ len = bytestream2_get_le32(&gb);
if (len < 16) {
av_log(avctx, AV_LOG_ERROR, "fmt chunk was too short\n");
return AVERROR_INVALIDDATA;
}
- wave_format = bytestream_get_le16(&header);
+ wave_format = bytestream2_get_le16(&gb);
switch (wave_format) {
case WAVE_FORMAT_PCM:
@@ -236,11 +239,11 @@ static int decode_wave_header(AVCodecContext *avctx, const uint8_t *header,
return AVERROR(ENOSYS);
}
- header += 2; // skip channels (already got from shorten header)
- avctx->sample_rate = bytestream_get_le32(&header);
- header += 4; // skip bit rate (represents original uncompressed bit rate)
- header += 2; // skip block align (not needed)
- avctx->bits_per_coded_sample = bytestream_get_le16(&header);
+ bytestream2_skip(&gb, 2); // skip channels (already got from shorten header)
+ avctx->sample_rate = bytestream2_get_le32(&gb);
+ bytestream2_skip(&gb, 4); // skip bit rate (represents original uncompressed bit rate)
+ bytestream2_skip(&gb, 2); // skip block align (not needed)
+ avctx->bits_per_coded_sample = bytestream2_get_le16(&gb);
if (avctx->bits_per_coded_sample != 16) {
av_log(avctx, AV_LOG_ERROR, "unsupported number of bits per sample\n");
--
GitLab