From: Andre <maan@p133.(none)>
Date: Tue, 9 May 2006 22:41:15 +0000 (+0200)
Subject: aacdec: Do not try to feed invalid buffers to libfaad
X-Git-Tag: v0.2.14~144
X-Git-Url: http://git.tuebingen.mpg.de/?p=paraslash.git;a=commitdiff_plain;h=fa54361d9eb07f22cbe6a59faa6321700b807f49;ds=sidebyside

aacdec: Do not try to feed invalid buffers to libfaad

Valid entry points start with 0x21, so look for the next 0x21
and skip everything in between.
---

diff --git a/aacdec.c b/aacdec.c
index e69840cd..3963bbc7 100644
--- a/aacdec.c
+++ b/aacdec.c
@@ -208,25 +208,36 @@ static ssize_t mp4dec(char *inbuffer, size_t len, struct filter_node *fn)
 			ret = padd->consumed;
 			goto out;
 		}
-		PARA_INFO_LOG("consumed total: %lu, first_chunk: %d\n",
-			padd->consumed_total, padd->offset[0]);
+//		PARA_INFO_LOG("consumed total: %lu, first_chunk: %d\n",
+//			padd->consumed_total, padd->offset[0]);
 		ret = len;
 		if (padd->consumed_total + len < padd->offset[0])
 			goto out;
 		if (padd->consumed_total < padd->offset[0])
 			padd->consumed = padd->offset[0] - padd->consumed_total;
 	}
-	p = padd->inbuf + padd->consumed;
+	p = memchr(padd->inbuf + padd->consumed, 0x21,
+		padd->inbuf_len - padd->consumed);
+	if (!p) {
+		padd->consumed = padd->inbuf_len;
+		goto success;
+	}
+	if (p != padd->inbuf + padd->consumed) {
+		int skip = p - padd->inbuf + padd->consumed;
+		PARA_DEBUG_LOG("skipping %d bytes in inbuffer\n", skip);
+		padd->consumed += skip;
+	}
 	outbuffer = NeAACDecDecode(padd->decoder, &padd->frame_info, p,
 		len - padd->consumed);
-	PARA_INFO_LOG("frame_error: %d, consumed: %lu + %d + %lu\n",
-		padd->frame_info.error, padd->consumed_total,
-		padd->consumed, padd->frame_info.bytesconsumed);
 	ret = -E_AAC_DECODE;
 	if (padd->frame_info.error != 0) {
+		PARA_ERROR_LOG("frame_error: %d, consumed: %lu + %d + %lu\n",
+			padd->frame_info.error, padd->consumed_total,
+			padd->consumed, padd->frame_info.bytesconsumed);
 		PARA_ERROR_LOG("%s\n", NeAACDecGetErrorMessage(
 			padd->frame_info.error));
-		goto out;
+		padd->consumed++; /* catch 21 */
+		goto success;
 	}
 	padd->consumed += padd->frame_info.bytesconsumed;
 	ret = padd->consumed;
@@ -238,6 +249,7 @@ static ssize_t mp4dec(char *inbuffer, size_t len, struct filter_node *fn)
 		fn->buf[fn->loaded++] = s[i] & 0xff;
 		fn->buf[fn->loaded++] = (s[i] >> 8) & 0xff;
 	}
+success:
 	ret = padd->consumed;
 out:
 	if (ret > 0)