Browse code
Fixed a segfault in the DCA decoder with corrupted streams.
It happens when the number of channels defined by DCAContext:acmod is lower
than DCAContext:prim_channels. In this case, dca_subsubframe() will call
qmf_32_subbands() using s->channel_order_tab[] entries equal to -1.
Originally committed as revision 22083 to svn://svn.ffmpeg.org/ffmpeg/trunk
Laurent Aimar authored on 2010/02/27 03:50:01Showing 1 changed files
| ... | ... |
@@ -1244,6 +1244,10 @@ static int dca_decode_frame(AVCodecContext * avctx, |
| 1244 | 1244 |
} else |
| 1245 | 1245 |
s->channel_order_tab = dca_channel_reorder_nolfe[s->amode]; |
| 1246 | 1246 |
|
| 1247 |
+ if (s->prim_channels > 0 && |
|
| 1248 |
+ s->channel_order_tab[s->prim_channels - 1] < 0) |
|
| 1249 |
+ return -1; |
|
| 1250 |
+ |
|
| 1247 | 1251 |
if(avctx->request_channels == 2 && s->prim_channels > 2) {
|
| 1248 | 1252 |
channels = 2; |
| 1249 | 1253 |
s->output = DCA_STEREO; |