From: Michael Niedermayer <[email protected]> ALS spec: 11.6.3.1.1 Quantization and encoding of parcor coefficients ... In all cases the resulting quantized values ak are restricted to the range [-64,63].
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind Signed-off-by: Michael Niedermayer <[email protected]> Signed-off-by: Justin Ruggles <[email protected]> --- libavcodec/alsdec.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/libavcodec/alsdec.c b/libavcodec/alsdec.c index defe3c4..b4bc41b 100644 --- a/libavcodec/alsdec.c +++ b/libavcodec/alsdec.c @@ -705,6 +705,10 @@ static int read_var_block_data(ALSDecContext *ctx, ALSBlockData *bd) int rice_param = parcor_rice_table[sconf->coef_table][k][1]; int offset = parcor_rice_table[sconf->coef_table][k][0]; quant_cof[k] = decode_rice(gb, rice_param) + offset; + if (quant_cof[k] < -64 || quant_cof[k] > 63) { + av_log(avctx, AV_LOG_ERROR, "quant_cof %d is out of range\n", quant_cof[k]); + return AVERROR_INVALIDDATA; + } } // read coefficients 20 to 126 -- 1.7.1 _______________________________________________ libav-devel mailing list [email protected] https://lists.libav.org/mailman/listinfo/libav-devel
