Codebase list faad2 / 19b81b0
Merge pull request #36 from hlef/master mp4read/sbr_fbt: security bug fixes Fabian Greffrath authored 4 years ago GitHub committed 4 years ago
4 changed file(s) with 24 addition(s) and 10 deletion(s). Raw diff Collapse all Expand all
+6
-1
frontend/main.c less more
914914
915915 sample_buffer = NeAACDecDecode(hDecoder, &frameInfo, mp4config.bitbuf.data, mp4config.bitbuf.size);
916916
917 if (!sample_buffer) {
918 /* unable to decode file, abort */
919 break;
920 }
921
917922 if (adts_out == 1)
918923 {
919924 adtsData = MakeAdtsHeader(&adtsDataSize, &frameInfo, 0);
13641369 #else
13651370 return faad_main(argc, argv);
13661371 #endif
1367 }
1372 }
+14
-7
frontend/mp4read.c less more
796796 {
797797 long apos = ftell(g_fin);
798798 uint32_t atomsize;
799 int err;
799 creator_t *old_atom = g_atom;
800 int err, ret = sizemax;
800801
801802 static creator_t mvhd[] = {
802803 {ATOM_NAME, "mvhd"},
840841
841842 g_atom = mvhd;
842843 atomsize = sizemax + apos - ftell(g_fin);
843 if (parse(&atomsize) < 0)
844 return ERR_FAIL;
844 if (parse(&atomsize) < 0) {
845 g_atom = old_atom;
846 return ERR_FAIL;
847 }
848
845849 fseek(g_fin, apos, SEEK_SET);
846850
847851 while (1)
855859 err = parse(&atomsize);
856860 //fprintf(stderr, "SIZE: %x/%x\n", atomsize, sizemax);
857861 if (err >= 0)
858 return sizemax;
859 if (err != ERR_UNSUPPORTED)
860 return err;
862 break;
863 if (err != ERR_UNSUPPORTED) {
864 ret = err;
865 break;
866 }
861867 //fprintf(stderr, "UNSUPP\n");
862868 }
863869
864 return sizemax;
870 g_atom = old_atom;
871 return ret;
865872 }
866873
867874
+2
-0
libfaad/sbr_fbt.c less more
525525 }
526526
527527 sbr->M = sbr->f_table_res[HI_RES][sbr->N_high] - sbr->f_table_res[HI_RES][0];
528 if (sbr->M > MAX_M)
529 return 1;
528530 sbr->kx = sbr->f_table_res[HI_RES][0];
529531 if (sbr->kx > 32)
530532 return 1;
+2
-2
libfaad/sbr_syntax.c less more
195195 /* if an error occured with the new header values revert to the old ones */
196196 if (rt > 0)
197197 {
198 calc_sbr_tables(sbr, saved_start_freq, saved_stop_freq,
198 result += calc_sbr_tables(sbr, saved_start_freq, saved_stop_freq,
199199 saved_samplerate_mode, saved_freq_scale,
200200 saved_alter_scale, saved_xover_band);
201201 }
214214 if ((result > 0) &&
215215 (sbr->Reset || (sbr->bs_header_flag && sbr->just_seeked)))
216216 {
217 calc_sbr_tables(sbr, saved_start_freq, saved_stop_freq,
217 result += calc_sbr_tables(sbr, saved_start_freq, saved_stop_freq,
218218 saved_samplerate_mode, saved_freq_scale,
219219 saved_alter_scale, saved_xover_band);
220220 }