57d7ee5a36
- jpegdec: Actually search for and parse RSTn. - mpeg4: Adjust dummy frame threshold for packed DivX. - mpeg4: Fix another packed DivX issue. - jpegdec: Better RSTn skiping. - Fix memory corruption in case of memory allocation failure. - cavsdec: Avoid possible crash with crafted input. - rtp: Fix integer underflow that could allow remote code execution. MSVR-11-008 8 - rtpdec_asf: Fix memleak. - mp3dec: Dont spam the user on multiple MP3 frames. - wavpack: Fixed invalid access with corrupted extra bits sub-blocks. - wavpack: Fixed invalid writes with corrupted bitstreams. - wavpack: Fixed invalid access with corrupted bitstream.
34 lines
1.0 KiB
Plaintext
34 lines
1.0 KiB
Plaintext
$OpenBSD: patch-libavformat_wv_c,v 1.2 2011/09/12 21:04:49 sthen Exp $
|
|
|
|
Skip blocks with no samples.
|
|
|
|
--- libavformat/wv.c.orig Sat Jul 30 00:49:36 2011
|
|
+++ libavformat/wv.c Sat Jul 30 00:51:21 2011
|
|
@@ -109,6 +109,9 @@ static int wv_read_block_header(AVFormatContext *ctx,
|
|
size = wc->blksize;
|
|
}
|
|
wc->flags = AV_RL32(wc->extra + 4);
|
|
+ // blocks with zero samples don't contain actual audio information and should be ignored
|
|
+ if (!AV_RN32(wc->extra))
|
|
+ return 0;
|
|
//parse flags
|
|
bpp = ((wc->flags & 3) + 1) << 3;
|
|
chan = 1 + !(wc->flags & WV_MONO);
|
|
@@ -206,8 +209,14 @@ static int wv_read_header(AVFormatContext *s,
|
|
AVStream *st;
|
|
|
|
wc->block_parsed = 0;
|
|
- if(wv_read_block_header(s, pb, 0) < 0)
|
|
- return -1;
|
|
+ for(;;){
|
|
+ if(wv_read_block_header(s, pb, 0) < 0)
|
|
+ return -1;
|
|
+ if(!AV_RN32(wc->extra))
|
|
+ avio_skip(pb, wc->blksize - 24);
|
|
+ else
|
|
+ break;
|
|
+ }
|
|
|
|
/* now we are ready: build format streams */
|
|
st = av_new_stream(s, 0);
|