Commit | Line | Data |
---|---|---|
aac6c53a MW |
1 | Copied from Debian. |
2 | ||
3 | From: Kurt Roeckx <kurt@roeckx.be> | |
4 | Date: Sun, 28 Jan 2018 15:44:08 +0100 | |
5 | Subject: Check the size of the main data | |
6 | ||
7 | The main data to decode a frame can come from the current frame and part of the | |
8 | previous frame, the so called bit reservoir. si.main_data_begin is the part of | |
9 | the previous frame we need for this frame. frame_space is the amount of main | |
10 | data that can be in this frame, and next_md_begin is the part of this frame that | |
11 | is going to be used for the next frame. | |
12 | ||
13 | The maximum amount of data from a previous frame that the format allows is 511 | |
14 | bytes. The maximum frame size for the defined bitrates is at MPEG 2.5 layer 2 | |
15 | at 320 kbit/s and 8 kHz sample rate which gives 72 * (320000 / 8000) + 1 = 2881. | |
16 | So those defines are not large enough: | |
17 | # define MAD_BUFFER_GUARD 8 | |
18 | # define MAD_BUFFER_MDLEN (511 + 2048 + MAD_BUFFER_GUARD) | |
19 | ||
20 | There is also support for a "free" bitrate which allows you to create any frame | |
21 | size, which can be larger than the buffer. | |
22 | ||
23 | Changing the defines is not an option since it's part of the ABI, so we check | |
24 | that the main data fits in the bufer. | |
25 | ||
26 | The previous frame data is stored in *stream->main_data and contains | |
27 | stream->md_len bytes. If stream->md_len is larger than the data we | |
28 | need from the previous frame (si.main_data_begin) it still wouldn't fit | |
29 | in the buffer, so just keep the data that we need. | |
30 | ||
31 | Index: libmad-0.15.1b/layer3.c | |
32 | =================================================================== | |
33 | --- libmad-0.15.1b.orig/layer3.c | |
34 | +++ libmad-0.15.1b/layer3.c | |
35 | @@ -2608,6 +2608,11 @@ int mad_layer_III(struct mad_stream *str | |
36 | next_md_begin = 0; | |
37 | ||
38 | md_len = si.main_data_begin + frame_space - next_md_begin; | |
39 | + if (md_len + MAD_BUFFER_GUARD > MAD_BUFFER_MDLEN) { | |
40 | + stream->error = MAD_ERROR_LOSTSYNC; | |
41 | + stream->sync = 0; | |
42 | + return -1; | |
43 | + } | |
44 | ||
45 | frame_used = 0; | |
46 | ||
47 | @@ -2625,8 +2630,11 @@ int mad_layer_III(struct mad_stream *str | |
48 | } | |
49 | } | |
50 | else { | |
51 | - mad_bit_init(&ptr, | |
52 | - *stream->main_data + stream->md_len - si.main_data_begin); | |
53 | + memmove(stream->main_data, | |
54 | + *stream->main_data + stream->md_len - si.main_data_begin, | |
55 | + si.main_data_begin); | |
56 | + stream->md_len = si.main_data_begin; | |
57 | + mad_bit_init(&ptr, *stream->main_data); | |
58 | ||
59 | if (md_len > si.main_data_begin) { | |
60 | assert(stream->md_len + md_len - |