atrac3: Fix crash in tonal component decoding.
authorMichael Niedermayer <michaelni@gmx.at>
Sat, 17 Dec 2011 02:18:58 +0000 (03:18 +0100)
committerMichael Niedermayer <michaelni@gmx.at>
Thu, 12 Jan 2012 21:15:00 +0000 (22:15 +0100)
Fixes Ticket780
Bug Found by: cosminamironesei

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
(cherry picked from commit 9af6abdc17deb95c9b1f1d9242ba49b8b5e0b016)

Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/atrac3.c

index 81d25ec..22dfdfc 100644 (file)
@@ -454,6 +454,8 @@ static int decodeTonalComponents (GetBitContext *gb, tonal_component *pComponent
 
             for (k=0; k<coded_components; k++) {
                 sfIndx = get_bits(gb,6);
+                if(component_count>=64)
+                    return AVERROR_INVALIDDATA;
                 pComponent[component_count].pos = j * 64 + (get_bits(gb,6));
                 max_coded_values = 1024 - pComponent[component_count].pos;
                 coded_values = coded_values_per_component + 1;