Merge pull request #36 from hlef/master
mp4read/sbr_fbt: security bug fixes
Fabian Greffrath authored 4 years ago
GitHub committed 4 years ago
914 | 914 | |
915 | 915 | sample_buffer = NeAACDecDecode(hDecoder, &frameInfo, mp4config.bitbuf.data, mp4config.bitbuf.size); |
916 | 916 | |
917 | if (!sample_buffer) { | |
918 | /* unable to decode file, abort */ | |
919 | break; | |
920 | } | |
921 | ||
917 | 922 | if (adts_out == 1) |
918 | 923 | { |
919 | 924 | adtsData = MakeAdtsHeader(&adtsDataSize, &frameInfo, 0); |
1364 | 1369 | #else |
1365 | 1370 | return faad_main(argc, argv); |
1366 | 1371 | #endif |
1367 | }⏎ | |
1372 | } |
796 | 796 | { |
797 | 797 | long apos = ftell(g_fin); |
798 | 798 | uint32_t atomsize; |
799 | int err; | |
799 | creator_t *old_atom = g_atom; | |
800 | int err, ret = sizemax; | |
800 | 801 | |
801 | 802 | static creator_t mvhd[] = { |
802 | 803 | {ATOM_NAME, "mvhd"}, |
840 | 841 | |
841 | 842 | g_atom = mvhd; |
842 | 843 | atomsize = sizemax + apos - ftell(g_fin); |
843 | if (parse(&atomsize) < 0) | |
844 | return ERR_FAIL; | |
844 | if (parse(&atomsize) < 0) { | |
845 | g_atom = old_atom; | |
846 | return ERR_FAIL; | |
847 | } | |
848 | ||
845 | 849 | fseek(g_fin, apos, SEEK_SET); |
846 | 850 | |
847 | 851 | while (1) |
855 | 859 | err = parse(&atomsize); |
856 | 860 | //fprintf(stderr, "SIZE: %x/%x\n", atomsize, sizemax); |
857 | 861 | if (err >= 0) |
858 | return sizemax; | |
859 | if (err != ERR_UNSUPPORTED) | |
860 | return err; | |
862 | break; | |
863 | if (err != ERR_UNSUPPORTED) { | |
864 | ret = err; | |
865 | break; | |
866 | } | |
861 | 867 | //fprintf(stderr, "UNSUPP\n"); |
862 | 868 | } |
863 | 869 | |
864 | return sizemax; | |
870 | g_atom = old_atom; | |
871 | return ret; | |
865 | 872 | } |
866 | 873 | |
867 | 874 |
525 | 525 | } |
526 | 526 | |
527 | 527 | sbr->M = sbr->f_table_res[HI_RES][sbr->N_high] - sbr->f_table_res[HI_RES][0]; |
528 | if (sbr->M > MAX_M) | |
529 | return 1; | |
528 | 530 | sbr->kx = sbr->f_table_res[HI_RES][0]; |
529 | 531 | if (sbr->kx > 32) |
530 | 532 | return 1; |
195 | 195 | /* if an error occured with the new header values revert to the old ones */ |
196 | 196 | if (rt > 0) |
197 | 197 | { |
198 | calc_sbr_tables(sbr, saved_start_freq, saved_stop_freq, | |
198 | result += calc_sbr_tables(sbr, saved_start_freq, saved_stop_freq, | |
199 | 199 | saved_samplerate_mode, saved_freq_scale, |
200 | 200 | saved_alter_scale, saved_xover_band); |
201 | 201 | } |
214 | 214 | if ((result > 0) && |
215 | 215 | (sbr->Reset || (sbr->bs_header_flag && sbr->just_seeked))) |
216 | 216 | { |
217 | calc_sbr_tables(sbr, saved_start_freq, saved_stop_freq, | |
217 | result += calc_sbr_tables(sbr, saved_start_freq, saved_stop_freq, | |
218 | 218 | saved_samplerate_mode, saved_freq_scale, |
219 | 219 | saved_alter_scale, saved_xover_band); |
220 | 220 | } |