avcodec: fix aac/ac3 parser bitstream buffer size

Buffers containing copies of the AAC and AC3 header bits were not padded before parsing, violating init_get_bits() buffer padding requirement, leading to potential buffer read overflows. This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer for parsing the header in each of aac_parser.c and ac3_parser.c. Based on patch by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>

avcodec: fix aac/ac3 parser bitstream buffer size
Buffers containing copies of the AAC and AC3 header bits were not padded before parsing, violating init_get_bits() buffer padding requirement, leading to potential buffer read overflows. This change adds FF_INPUT_BUFFER_PADDING_SIZE bytes to the bit buffer for parsing the header in each of aac_parser.c and ac3_parser.c. Based on patch by: Matt Wolenetz <wolenetz@chromium.org> Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
fccd85b9 · Michael Niedermayer · b3d6543c · fccd85b9 · fccd85b9
Commit fccd85b9 authored Aug 21, 2014 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 2 deletions

aac_parser.c libavcodec/aac_parser.c +1 -1

ac3_parser.c libavcodec/ac3_parser.c +1 -1

No files found.
--- a/libavcodec/aac_parser.c
+++ b/libavcodec/aac_parser.c
@@ -34,7 +34,7 @@ static int aac_sync(uint64_t state, AACAC3ParseContext *hdr_info,
    int size;
    union {
        uint64_t u64;
-        uint8_t  u8[8];
+        uint8_t  u8[8 + FF_INPUT_BUFFER_PADDING_SIZE];
    } tmp;

    tmp.u64 = av_be2ne64(state);

--- a/libavcodec/ac3_parser.c
+++ b/libavcodec/ac3_parser.c
@@ -166,7 +166,7 @@ static int ac3_sync(uint64_t state, AACAC3ParseContext *hdr_info,
    int err;
    union {
        uint64_t u64;
-        uint8_t  u8[8];
+        uint8_t  u8[8 + FF_INPUT_BUFFER_PADDING_SIZE];
    } tmp = { av_be2ne64(state) };
    AC3HeaderInfo hdr, *phdr = &hdr;
    GetBitContext gbc;