Commit 67e3345a authored by alexc's avatar alexc

Prevent AAC frame size overflows.


git-svn-id: file:///var/local/repositories/ffmpeg/trunk@19381 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
parent 4e432bcb
...@@ -540,6 +540,8 @@ static int aac_encode_frame(AVCodecContext *avctx, ...@@ -540,6 +540,8 @@ static int aac_encode_frame(AVCodecContext *avctx,
} }
start_ch += chans; start_ch += chans;
} }
do {
int frame_bits;
init_put_bits(&s->pb, frame, buf_size*8); init_put_bits(&s->pb, frame, buf_size*8);
if ((avctx->frame_number & 0xFF)==1 && !(avctx->flags & CODEC_FLAG_BITEXACT)) if ((avctx->frame_number & 0xFF)==1 && !(avctx->flags & CODEC_FLAG_BITEXACT))
put_bitstream_info(avctx, s, LIBAVCODEC_IDENT); put_bitstream_info(avctx, s, LIBAVCODEC_IDENT);
...@@ -586,6 +588,14 @@ static int aac_encode_frame(AVCodecContext *avctx, ...@@ -586,6 +588,14 @@ static int aac_encode_frame(AVCodecContext *avctx,
start_ch += chans; start_ch += chans;
} }
frame_bits = put_bits_count(&s->pb);
if (frame_bits <= 6144 * avctx->channels - 3)
break;
s->lambda *= avctx->bit_rate * 1024.0f / avctx->sample_rate / frame_bits;
} while (1);
put_bits(&s->pb, 3, TYPE_END); put_bits(&s->pb, 3, TYPE_END);
flush_put_bits(&s->pb); flush_put_bits(&s->pb);
avctx->frame_bits = put_bits_count(&s->pb); avctx->frame_bits = put_bits_count(&s->pb);
...@@ -597,10 +607,6 @@ static int aac_encode_frame(AVCodecContext *avctx, ...@@ -597,10 +607,6 @@ static int aac_encode_frame(AVCodecContext *avctx,
s->lambda = fminf(s->lambda, 65536.f); s->lambda = fminf(s->lambda, 65536.f);
} }
if (avctx->frame_bits > 6144*avctx->channels)
av_log(avctx, AV_LOG_ERROR, "input buffer violation %d > %d.\n",
avctx->frame_bits, 6144*avctx->channels);
if (!data) if (!data)
s->last_frame = 1; s->last_frame = 1;
memcpy(s->samples, s->samples + 1024 * avctx->channels, memcpy(s->samples, s->samples + 1024 * avctx->channels,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment