[vlc-commits] [Git][videolan/vlc][3.0.x] 2 commits: demux: ogg: fix undefined shift in theora parsing
Steve Lhomme (@robUx4)
gitlab at videolan.org
Wed Dec 3 07:08:32 UTC 2025
Steve Lhomme pushed to branch 3.0.x at VideoLAN / VLC
Commits:
07fbef60 by Tristan Matthews at 2025-12-03T06:50:58+00:00
demux: ogg: fix undefined shift in theora parsing
We can skip the loop since i_granule_shift will always equal the 5-bit value read
from the header.
Fixes #29304
(cherry picked from commit aa26d90296d60833a281adbf31ae2d632e24311f)
- - - - -
b0cbff20 by Tristan Matthews at 2025-12-03T06:50:58+00:00
demux: ogg: fix int overflow when parsing daala header
(cherry picked from commit dda21a9cd95c78f40d8444543a934e945a0ce348)
- - - - -
1 changed file:
- modules/demux/ogg.c
Changes:
=====================================
modules/demux/ogg.c
=====================================
@@ -2643,7 +2643,6 @@ static bool Ogg_ReadTheoraHeader( logical_stream_t *p_stream,
bs_t bitstream;
unsigned int i_fps_numerator;
unsigned int i_fps_denominator;
- int i_keyframe_frequency_force;
int i_major;
int i_minor;
int i_subminor;
@@ -2682,16 +2681,8 @@ static bool Ogg_ReadTheoraHeader( logical_stream_t *p_stream,
p_stream->fmt.i_bitrate = bs_read( &bitstream, 24 );
bs_read( &bitstream, 6 ); /* quality */
- i_keyframe_frequency_force = 1 << bs_read( &bitstream, 5 );
-
/* granule_shift = i_log( frequency_force -1 ) */
- p_stream->i_granule_shift = 0;
- i_keyframe_frequency_force--;
- while( i_keyframe_frequency_force )
- {
- p_stream->i_granule_shift++;
- i_keyframe_frequency_force >>= 1;
- }
+ p_stream->i_granule_shift = bs_read( &bitstream, 5 );
i_version = i_major * 1000000 + i_minor * 1000 + i_subminor;
p_stream->i_keyframe_offset = 0;
@@ -2711,8 +2702,7 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream,
oggpack_buffer opb;
uint32_t i_timebase_numerator;
uint32_t i_timebase_denominator;
- int keyframe_granule_shift;
- unsigned int i_keyframe_frequency_force;
+ int i_keyframe_granule_shift;
uint8_t i_major;
uint8_t i_minor;
uint8_t i_subminor;
@@ -2746,18 +2736,12 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream,
oggpack_adv( &opb, 32 ); /* frame duration */
- keyframe_granule_shift = oggpack_read( &opb, 8 );
- keyframe_granule_shift = __MIN(keyframe_granule_shift, 31);
- i_keyframe_frequency_force = 1u << keyframe_granule_shift;
-
/* granule_shift = i_log( frequency_force -1 ) */
- p_stream->i_granule_shift = 0;
- i_keyframe_frequency_force--;
- while( i_keyframe_frequency_force )
- {
- p_stream->i_granule_shift++;
- i_keyframe_frequency_force >>= 1;
- }
+ i_keyframe_granule_shift = oggpack_read( &opb, 8 );
+ if ( i_keyframe_granule_shift < 0 || i_keyframe_granule_shift > 31 )
+ return false;
+
+ p_stream->i_granule_shift = i_keyframe_granule_shift;
i_version = i_major * 1000000 + i_minor * 1000 + i_subminor;
VLC_UNUSED(i_version);
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/84125cb58eb716dd6c79cdb478051bde0cde6c46...b0cbff20e64ca25095442b1ceaa0af5abfffc178
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/84125cb58eb716dd6c79cdb478051bde0cde6c46...b0cbff20e64ca25095442b1ceaa0af5abfffc178
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list