shithub: opus

Download patch

ref: f6066df2b9f8231ba3d5df27962e05cb658aac1f
parent: ca6fac041bc6ffe4a8b21eb6ee429dd32d803764
author: Jean-Marc Valin <[email protected]>
date: Mon Nov 11 08:06:54 EST 2013 

More size-zero VLA fixes and making opus_decode* return BAD_ARG on framesize<0


--- a/celt/quant_bands.c
+++ b/celt/quant_bands.c
@@ -312,6 +312,7 @@
       opus_int32 tell_intra;
       opus_uint32 nstart_bytes;
       opus_uint32 nintra_bytes;
+      opus_uint32 save_bytes;
       int badness2;
       VARDECL(unsigned char, intra_bits);
 
@@ -322,7 +323,8 @@
       nstart_bytes = ec_range_bytes(&enc_start_state);
       nintra_bytes = ec_range_bytes(&enc_intra_state);
       intra_buf = ec_get_buffer(&enc_intra_state) + nstart_bytes;
-      ALLOC(intra_bits, nintra_bytes-nstart_bytes, unsigned char);
+      save_bytes = IMAX(ALLOC_NONE, nintra_bytes-nstart_bytes);
+      ALLOC(intra_bits, save_bytes, unsigned char);
       /* Copy bits from intra bit-stream */
       OPUS_COPY(intra_bits, intra_buf, nintra_bytes - nstart_bytes);
 
--- a/silk/fixed/pitch_analysis_core_FIX.c
+++ b/silk/fixed/pitch_analysis_core_FIX.c
@@ -465,7 +465,7 @@
         /***************************************************************************/
         /* find scaling as max scaling for each subframe */
         silk_sum_sqr_shift( &energy, &shift, frame, frame_length );
-        ALLOC( scratch_mem, shift > 0 ? frame_length : 0, opus_int16 );
+        ALLOC( scratch_mem, shift > 0 ? frame_length : ALLOC_NONE, opus_int16 );
         if( shift > 0 ) {
             /* Move signal to scratch mem because the input signal should be unchanged */
             shift = silk_RSHIFT( shift, 1 );
--- a/src/opus_decoder.c
+++ b/src/opus_decoder.c
@@ -444,7 +444,7 @@
    if (redundancy)
    {
       transition = 0;
-      pcm_transition_silk_size=0;
+      pcm_transition_silk_size=ALLOC_NONE;
    }
 
    ALLOC(pcm_transition_silk, pcm_transition_silk_size, opus_val16);
@@ -456,7 +456,7 @@
    }
 
    /* Only allocation memory for redundancy if/when needed */
-   redundant_audio_size = redundancy ? F5*st->channels : 0;
+   redundant_audio_size = redundancy ? F5*st->channels : ALLOC_NONE;
    ALLOC(redundant_audio, redundant_audio_size, opus_val16);
 
    /* 5 ms redundant frame for CELT->SILK*/
@@ -701,6 +701,11 @@
 int opus_decode(OpusDecoder *st, const unsigned char *data,
       opus_int32 len, opus_val16 *pcm, int frame_size, int decode_fec)
 {
+   if(frame_size<=0)
+   {
+      RESTORE_STACK;
+      return OPUS_BAD_ARG;
+   }
    return opus_decode_native(st, data, len, pcm, frame_size, decode_fec, 0, NULL, 0);
 }
 
@@ -712,6 +717,11 @@
    int ret, i;
    ALLOC_STACK;
 
+   if(frame_size<=0)
+   {
+      RESTORE_STACK;
+      return OPUS_BAD_ARG;
+   }
    ALLOC(out, frame_size*st->channels, opus_int16);
 
    ret = opus_decode_native(st, data, len, out, frame_size, decode_fec, 0, NULL, 0);
@@ -734,7 +744,7 @@
    int ret, i;
    ALLOC_STACK;
 
-   if(frame_size<0)
+   if(frame_size<=0)
    {
       RESTORE_STACK;
       return OPUS_BAD_ARG;
@@ -755,6 +765,11 @@
 int opus_decode_float(OpusDecoder *st, const unsigned char *data,
       opus_int32 len, opus_val16 *pcm, int frame_size, int decode_fec)
 {
+   if(frame_size<=0)
+   {
+      RESTORE_STACK;
+      return OPUS_BAD_ARG;
+   }
    return opus_decode_native(st, data, len, pcm, frame_size, decode_fec, 0, NULL, 0);
 }