From c2a016ad4d9c29285813ba5806189e63e063e0fb Mon Sep 17 00:00:00 2001
From: Laurent Aimar <fenrir@videolan.org>
Date: Mon, 26 Sep 2011 23:37:30 +0200
Subject: [PATCH] Reset internal state on corrupted blocks in wavpack decoder.

wavpack_decode_block() supposes that it is called back with the exact
same buffer unless it has returned with an error. With multi-channels
files, wavpack_decode_frame() was breaking this assumption.

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
---
 libavcodec/wavpack.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/libavcodec/wavpack.c b/libavcodec/wavpack.c
index 253a9560f8f..0a0d8ab23e0 100644
--- a/libavcodec/wavpack.c
+++ b/libavcodec/wavpack.c
@@ -1174,6 +1174,15 @@ static int wavpack_decode_block(AVCodecContext *avctx, int block_no,
     return samplecount * bpp;
 }
 
+static void wavpack_decode_flush(AVCodecContext *avctx)
+{
+    WavpackContext *s = avctx->priv_data;
+    int i;
+
+    for (i = 0; i < s->fdec_num; i++)
+        wv_reset_saved_context(s->fdec[i]);
+}
+
 static int wavpack_decode_frame(AVCodecContext *avctx,
                             void *data, int *data_size,
                             AVPacket *avpkt)
@@ -1206,11 +1215,14 @@ static int wavpack_decode_frame(AVCodecContext *avctx,
         if(frame_size < 0 || frame_size > buf_size){
             av_log(avctx, AV_LOG_ERROR, "Block %d has invalid size (size %d vs. %d bytes left)\n",
                    s->block, frame_size, buf_size);
+            wavpack_decode_flush(avctx);
             return -1;
         }
         if((samplecount = wavpack_decode_block(avctx, s->block, data,
-                                               data_size, buf, frame_size)) < 0)
+                                               data_size, buf, frame_size)) < 0) {
+            wavpack_decode_flush(avctx);
             return -1;
+        }
         s->block++;
         buf += frame_size; buf_size -= frame_size;
     }
@@ -1219,15 +1231,6 @@ static int wavpack_decode_frame(AVCodecContext *avctx,
     return s->samples_left > 0 ? 0 : avpkt->size;
 }
 
-static void wavpack_decode_flush(AVCodecContext *avctx)
-{
-    WavpackContext *s = avctx->priv_data;
-    int i;
-
-    for (i = 0; i < s->fdec_num; i++)
-        wv_reset_saved_context(s->fdec[i]);
-}
-
 AVCodec ff_wavpack_decoder = {
     .name           = "wavpack",
     .type           = AVMEDIA_TYPE_AUDIO,
-- 
GitLab