From e0168e3b9c4d7366c10ce8a78406b6270b511390 Mon Sep 17 00:00:00 2001
From: Michael Niedermayer <michaelni@gmx.at>
Date: Fri, 18 Jul 2008 12:03:21 +0000
Subject: Support reading large metadata. fixes issue187

Originally committed as revision 14281 to svn://svn.ffmpeg.org/ffmpeg/trunk
---
 libavcodec/flac.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'libavcodec/flac.c')

diff --git a/libavcodec/flac.c b/libavcodec/flac.c
index 2d65c11922..fc1e0ec0e4 100644
--- a/libavcodec/flac.c
+++ b/libavcodec/flac.c
@@ -181,6 +181,7 @@ void ff_flac_parse_streaminfo(AVCodecContext *avctx, struct FLACStreaminfo *s,
 static int metadata_parse(FLACContext *s)
 {
     int i, metadata_last, metadata_type, metadata_size, streaminfo_updated=0;
+    int initial_pos= get_bits_count(&s->gb);
 
     if (show_bits_long(&s->gb, 32) == MKBETAG('f','L','a','C')) {
         skip_bits(&s->gb, 32);
@@ -191,6 +192,11 @@ static int metadata_parse(FLACContext *s)
             metadata_type = get_bits(&s->gb, 7);
             metadata_size = get_bits_long(&s->gb, 24);
 
+            if(get_bits_count(&s->gb) + 8*metadata_size > s->gb.size_in_bits){
+                skip_bits_long(&s->gb, initial_pos - get_bits_count(&s->gb));
+                break;
+            }
+
             av_log(s->avctx, AV_LOG_DEBUG,
                    " metadata block: flag = %d, type = %d, size = %d\n",
                    metadata_last, metadata_type, metadata_size);
@@ -612,9 +618,16 @@ static int flac_decode_frame(AVCodecContext *avctx,
     }
 
     if(1 && s->max_framesize){//FIXME truncated
-            buf_size= FFMAX(FFMIN(buf_size, s->max_framesize - s->bitstream_size), 0);
+            if(s->bitstream_size < 4 || AV_RL32(s->bitstream) != MKTAG('f','L','a','C'))
+                buf_size= FFMIN(buf_size, s->max_framesize - FFMIN(s->bitstream_size, s->max_framesize));
             input_buf_size= buf_size;
 
+            if(s->bitstream_size + buf_size < buf_size || s->bitstream_index + s->bitstream_size + buf_size < s->bitstream_index)
+                return -1;
+
+            if(s->allocated_bitstream_size < s->bitstream_size + buf_size)
+                s->bitstream= av_fast_realloc(s->bitstream, &s->allocated_bitstream_size, s->bitstream_size + buf_size);
+
             if(s->bitstream_index + s->bitstream_size + buf_size > s->allocated_bitstream_size){
 //                printf("memmove\n");
                 memmove(s->bitstream, &s->bitstream[s->bitstream_index], s->bitstream_size);
-- 
cgit v1.2.3