fenix/fdk-aac
1
0
Fork 0
mirror of https://github.com/mstorsjo/fdk-aac.git synced 2025-02-25 23:17:39 +01:00
Code Issues Projects Releases Wiki Activity

Add checks to avoid overreading supplied buffers and fix issue #61.

Browse Source
This commit is contained in:
Robert Kausch 2017-04-23 21:31:36 +02:00 committed by Martin Storsjo
parent 3aa26e273e
commit fdc8fe94a6
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
libFDK/src/FDK_bitbuffer.cpp
View File

@ -157,6 +157,8 @@ void FDK_ResetBitBuffer(HANDLE_FDK_BITBUF hBitBuf) {
#ifndef FUNCTION_FDK_get #ifndef FUNCTION_FDK_get
INT FDK_get(HANDLE_FDK_BITBUF hBitBuf, const UINT numberOfBits) { INT FDK_get(HANDLE_FDK_BITBUF hBitBuf, const UINT numberOfBits) {
if (numberOfBits == 0 || numberOfBits > hBitBuf->ValidBits) return 0;
UINT byteOffset = hBitBuf->BitNdx >> 3; UINT byteOffset = hBitBuf->BitNdx >> 3;
UINT bitOffset = hBitBuf->BitNdx & 0x07; UINT bitOffset = hBitBuf->BitNdx & 0x07;
@ -166,15 +168,12 @@ INT FDK_get(HANDLE_FDK_BITBUF hBitBuf, const UINT numberOfBits) {
UINT byteMask = hBitBuf->bufSize - 1; UINT byteMask = hBitBuf->bufSize - 1;
UINT tx = (hBitBuf->Buffer[byteOffset & byteMask] << 24) | UINT tx = hBitBuf->Buffer [ byteOffset & byteMask] << 24 << bitOffset;
(hBitBuf->Buffer[(byteOffset + 1) & byteMask] << 16) |
(hBitBuf->Buffer[(byteOffset + 2) & byteMask] << 8) |
hBitBuf->Buffer[(byteOffset + 3) & byteMask];
if (bitOffset) { if (numberOfBits + bitOffset > 8) tx |= hBitBuf->Buffer [(byteOffset+1) & byteMask] << 16 << bitOffset;
tx <<= bitOffset; if (numberOfBits + bitOffset > 16) tx |= hBitBuf->Buffer [(byteOffset+2) & byteMask] << 8 << bitOffset;
tx |= hBitBuf->Buffer[(byteOffset + 4) & byteMask] >> (8 - bitOffset); if (numberOfBits + bitOffset > 24) tx |= hBitBuf->Buffer [(byteOffset+3) & byteMask] << bitOffset;
} if (numberOfBits + bitOffset > 32) tx |= hBitBuf->Buffer [(byteOffset+4) & byteMask] >> (8 - bitOffset);
return (tx >> (32 - numberOfBits)); return (tx >> (32 - numberOfBits));
} }
@ -182,6 +181,8 @@ INT FDK_get(HANDLE_FDK_BITBUF hBitBuf, const UINT numberOfBits) {
#ifndef FUNCTION_FDK_get32 #ifndef FUNCTION_FDK_get32
INT FDK_get32(HANDLE_FDK_BITBUF hBitBuf) { INT FDK_get32(HANDLE_FDK_BITBUF hBitBuf) {
if (hBitBuf->ValidBits < 32) return 0;
UINT BitNdx = hBitBuf->BitNdx + 32; UINT BitNdx = hBitBuf->BitNdx + 32;
hBitBuf->BitNdx = BitNdx & (hBitBuf->bufBits - 1); hBitBuf->BitNdx = BitNdx & (hBitBuf->bufBits - 1);
hBitBuf->BitCnt += 32; hBitBuf->BitCnt += 32;