highperfocused/ffmpeg
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adpcm: Clip step_index values read from the bitstream at the beginning of each frame.

Browse Source 
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
This commit is contained in:
Alex Converse 2012-02-28 11:50:22 -08:00
parent 934cd18a43
commit bbeb29133b
1 changed files with 7 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libavcodec/adpcm.c
View File

@ -696,7 +696,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
for (channel = 0; channel < avctx->channels; channel++) { for (channel = 0; channel < avctx->channels; channel++) {
cs = &c->status[channel]; cs = &c->status[channel];
cs->predictor = (int16_t)bytestream_get_le16(&src); cs->predictor = (int16_t)bytestream_get_le16(&src);
cs->step_index = *src++; cs->step_index = av_clip(*src++, 0, 88);
src++; src++;
*samples++ = cs->predictor; *samples++ = cs->predictor;
} }
@ -719,8 +719,8 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
c->status[0].predictor = (int16_t)AV_RL16(src + 10); c->status[0].predictor = (int16_t)AV_RL16(src + 10);
c->status[1].predictor = (int16_t)AV_RL16(src + 12); c->status[1].predictor = (int16_t)AV_RL16(src + 12);
c->status[0].step_index = src[14]; c->status[0].step_index = av_clip(src[14], 0, 88);
c->status[1].step_index = src[15]; c->status[1].step_index = av_clip(src[15], 0, 88);
/* sign extend the predictors */ /* sign extend the predictors */
src += 16; src += 16;
diff_channel = c->status[1].predictor; diff_channel = c->status[1].predictor;
@ -760,7 +760,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
for (channel = 0; channel < avctx->channels; channel++) { for (channel = 0; channel < avctx->channels; channel++) {
cs = &c->status[channel]; cs = &c->status[channel];
cs->predictor = (int16_t)bytestream_get_le16(&src); cs->predictor = (int16_t)bytestream_get_le16(&src);
cs->step_index = *src++; cs->step_index = av_clip(*src++, 0, 88);
src++; src++;
} }
@ -823,7 +823,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
src += 4; // skip sample count (already read) src += 4; // skip sample count (already read)
for (i=0; i<=st; i++) for (i=0; i<=st; i++)
c->status[i].step_index = bytestream_get_le32(&src); c->status[i].step_index = av_clip(bytestream_get_le32(&src), 0, 88);
for (i=0; i<=st; i++) for (i=0; i<=st; i++)
c->status[i].predictor = bytestream_get_le32(&src); c->status[i].predictor = bytestream_get_le32(&src);
@ -1037,11 +1037,11 @@ static int adpcm_decode_frame(AVCodecContext *avctx, void *data,
case CODEC_ID_ADPCM_IMA_SMJPEG: case CODEC_ID_ADPCM_IMA_SMJPEG:
if (avctx->codec->id == CODEC_ID_ADPCM_IMA_AMV) { if (avctx->codec->id == CODEC_ID_ADPCM_IMA_AMV) {
c->status[0].predictor = sign_extend(bytestream_get_le16(&src), 16); c->status[0].predictor = sign_extend(bytestream_get_le16(&src), 16);
c->status[0].step_index = bytestream_get_le16(&src); c->status[0].step_index = av_clip(bytestream_get_le16(&src), 0, 88);
src += 4; src += 4;
} else { } else {
c->status[0].predictor = sign_extend(bytestream_get_be16(&src), 16); c->status[0].predictor = sign_extend(bytestream_get_be16(&src), 16);
c->status[0].step_index = bytestream_get_byte(&src); c->status[0].step_index = av_clip(bytestream_get_byte(&src), 0, 88);
src += 1; src += 1;
} }