From 4d570f94ba055d75f469aacadfccf0bdffcbae6c Mon Sep 17 00:00:00 2001 From: Michael Niedermayer Date: Sat, 13 Oct 2007 12:25:31 +0000 Subject: prevent infinite loop and memcpy of negative amounts fixes issue194 Originally committed as revision 10726 to svn://svn.ffmpeg.org/ffmpeg/trunk --- libavcodec/aac_parser.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'libavcodec/aac_parser.c') diff --git a/libavcodec/aac_parser.c b/libavcodec/aac_parser.c index d6cf2693fc..ac806931ec 100644 --- a/libavcodec/aac_parser.c +++ b/libavcodec/aac_parser.c @@ -67,6 +67,9 @@ static int aac_sync(const uint8_t *buf, int *channels, int *sample_rate, skip_bits1(&bits); /* copyright_identification_bit */ skip_bits1(&bits); /* copyright_identification_start */ size = get_bits(&bits, 13); /* aac_frame_length */ + if(size < AAC_HEADER_SIZE) + return 0; + skip_bits(&bits, 11); /* adts_buffer_fullness */ rdb = get_bits(&bits, 2); /* number_of_raw_data_blocks_in_frame */ -- cgit v1.2.3