From patchwork Sat Jul 7 20:29:11 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Karsten Otto X-Patchwork-Id: 9646 Delivered-To: ffmpegpatchwork@gmail.com Received: by 2002:a02:104:0:0:0:0:0 with SMTP id c4-v6csp956030jad; Sat, 7 Jul 2018 13:29:22 -0700 (PDT) X-Google-Smtp-Source: AAOMgpdn8s1V5iYEQtuYWzyqUUblN2ssg53yqDqihoFSCsrU+kOUG1krsc4k0LSDTqd7ktv573xv X-Received: by 2002:adf:a3d6:: with SMTP id m22-v6mr11192838wrb.1.1530995362099; Sat, 07 Jul 2018 13:29:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1530995362; cv=none; d=google.com; s=arc-20160816; b=e3doUDp0jFskTGn/e/xBSftjN1sFZGsGJTHQhYypSnwCmA+Gsw5aViBwk3BYdPeVkY HgnswuxRgZwOsYR5wI1RAgdOULQUGcSFMcKB5JPvXMT9r28iDlZbmJeogyr0D3jhhaV+ Bz1xGUaJ5vvaCIEe6Q/kPPHawlx5vECfK0lfh6YwA7gPMC1ywv1I2GGJ7kdXfwGOhp6f I0mLgdmuR0GQEzWuXL52/UTDOVIOj4O6bevrKlW/aFupED9GN1n2iocvPB2b767wcxAj bsvCQbhdj1p9BUX9y+WNt+TpsElqMKkk00J6S+noP4dV50269qnbv8ugmLCPPNsxDwEz Y7Gw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:reply-to :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=s5wtkJvZP8ktmGjvg3OMHeL+evoB30mvn3WQEo+yBus=; b=0JpajhecEZJS66+Q9UOPimX7BGZLG7mu4eX6C3AXSK6eOrVx//693gFSszKcrfcUj6 hX7lTolN81PL8oDzNDN9ZWhYXP716YTPo6ldaVK85zs+tZmy6So+Wm713rs3HtWYE5tX b8dJluXRtPNEH20qZy7LX0a45hLuwRgZUxCIxeXPyn20rEPK6QxuQAQuzR1J7J3qRNi9 7d0d+JGEkzN7IkXMplNbykCdmuNI+ltP97uRHVdiPSDkJt7QuVQRsu34gamtJxAp5SZa o2DahaV1bVcYDoX+Tes8o4O5oagJPuBcalWfX/QsuqytUQXQ6WyiIWPmjyknraWSFSTz jBiQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@posteo.de header.s=2017 header.b=qC33HJ0k; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=posteo.de Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org. [79.124.17.100]) by mx.google.com with ESMTP id j190-v6si9186409wmf.202.2018.07.07.13.29.21; Sat, 07 Jul 2018 13:29:22 -0700 (PDT) Received-SPF: pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) client-ip=79.124.17.100; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@posteo.de header.s=2017 header.b=qC33HJ0k; spf=pass (google.com: domain of ffmpeg-devel-bounces@ffmpeg.org designates 79.124.17.100 as permitted sender) smtp.mailfrom=ffmpeg-devel-bounces@ffmpeg.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=posteo.de Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 76549689C54; Sat, 7 Jul 2018 23:29:13 +0300 (EEST) X-Original-To: ffmpeg-devel@ffmpeg.org Delivered-To: ffmpeg-devel@ffmpeg.org Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id BC6F968996D for ; Sat, 7 Jul 2018 23:29:06 +0300 (EEST) Received: from submission (posteo.de [89.146.220.130]) by mout01.posteo.de (Postfix) with ESMTPS id 2ECF720DCF for ; Sat, 7 Jul 2018 22:29:12 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1530995352; bh=bsdj6xHq/t08QqGL36w+XVLdsk2KIysKhi33jt+zAuM=; h=From:To:Subject:Date:From; b=qC33HJ0keBHHATqbanl1c7lOX0ynVARc3j/Nt/FDDJT6ZC1LJIl+mm9uENLnr2MDc 4tmWhLTPx7hOFv8I8ZARGs1piOGrAwuMB9Ju0xKRNNOiyTA8+/pyex2ay+YmLru2T1 uNk1PmYEGAjnrlqWY/SnCL02CNuaFxlvfIml7lk7xghidAfMzuYEmCOf++TP2k6M7m uQ+Sijaqn6OCepXYJqyI0uIpz5/bRmYznJ6O0df/imsUBbDCr4caLZFkPPOLKfUqiR BtPbZeVc6iyuzg11VAnI/YH1NBvqKkPuanMWccL1o9p34zgdtlF96R6OC3Be+yQfoK Dg7uAd/VyzHcQ== Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 41NNVH4JsXz9rxG for ; Sat, 7 Jul 2018 22:29:11 +0200 (CEST) From: Karsten Otto To: ffmpeg-devel@ffmpeg.org Date: Sat, 7 Jul 2018 22:29:11 +0200 Message-Id: <20180707202911.39315-1-ottoka@posteo.de> X-Mailer: git-send-email 2.14.3 (Apple Git-98) Subject: [FFmpeg-devel] [PATCH] libavcodec/mpegaudiodecheader.c : prevent reserved id misinterpretation X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches MIME-Version: 1.0 Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Check the MPEG version ID for the reserved bit pattern 01, and abort header parsing in that case. This reduces the chance of misinterpreting arbitrary data as a valid frame start, and prevents the resulting audio artifacts. --- libavcodec/mpegaudiodecheader.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libavcodec/mpegaudiodecheader.c b/libavcodec/mpegaudiodecheader.c index 6cc79f18b5..23029f186a 100644 --- a/libavcodec/mpegaudiodecheader.c +++ b/libavcodec/mpegaudiodecheader.c @@ -46,10 +46,11 @@ int avpriv_mpegaudio_decode_header(MPADecodeHeader *s, uint32_t header) if (header & (1<<20)) { s->lsf = (header & (1<<19)) ? 0 : 1; mpeg25 = 0; - } else { + } else if (!(header & (1<<19))) { s->lsf = 1; mpeg25 = 1; - } + } else + return -1; // reserved id s->layer = 4 - ((header >> 17) & 3); /* extract frequency */