From 7f4e432148779b338a6199f50eb70845c78fd060 Mon Sep 17 00:00:00 2001
From: Michael Chinen <mchinen@gmail.com>
Date: Tue, 7 Dec 2010 13:42:52 +0000
Subject: Check validity of the frame sync code in
 ff_flac_decode_frame_header(). Patch by Michael Chinen [mchinen at gmail]

Originally committed as revision 25910 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/flac.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'libavcodec/flac.c')

diff --git a/libavcodec/flac.c b/libavcodec/flac.c
index f6b65ce5e9..2e3197f483 100644
--- a/libavcodec/flac.c
+++ b/libavcodec/flac.c
@@ -38,7 +38,13 @@ int ff_flac_decode_frame_header(AVCodecContext *avctx, GetBitContext *gb,
     int bs_code, sr_code, bps_code;
 
     /* frame sync code */
-    skip_bits(gb, 16);
+    if ((get_bits(gb, 15) & 0x7FFF) != 0x7FFC) {
+        av_log(avctx, AV_LOG_ERROR, "invalid sync code\n");
+        return -1;
+    }
+
+    /* variable block size stream code */
+    skip_bits1(gb);
 
     /* block size and sample rate codes */
     bs_code = get_bits(gb, 4);
-- 
cgit v1.2.3