[vlc-commits] [Git][videolan/vlc][master] 2 commits: demux: ogg: fix undefined shift in theora parsing
Steve Lhomme (@robUx4)
gitlab at videolan.org
Fri Sep 19 06:03:28 UTC 2025
Steve Lhomme pushed to branch master at VideoLAN / VLC
Commits:
aa26d902 by Tristan Matthews at 2025-09-19T05:44:26+00:00
demux: ogg: fix undefined shift in theora parsing
We can skip the loop since i_granule_shift will always equal the 5-bit value read
from the header.
Fixes #29304
- - - - -
dda21a9c by Tristan Matthews at 2025-09-19T05:44:26+00:00
demux: ogg: fix int overflow when parsing daala header
- - - - -
1 changed file:
- modules/demux/ogg.c
Changes:
=====================================
modules/demux/ogg.c
=====================================
@@ -2709,7 +2709,6 @@ static bool Ogg_ReadTheoraHeader( logical_stream_t *p_stream,
bs_t bitstream;
unsigned int i_fps_numerator;
unsigned int i_fps_denominator;
- int i_keyframe_frequency_force;
int i_major;
int i_minor;
int i_subminor;
@@ -2748,16 +2747,8 @@ static bool Ogg_ReadTheoraHeader( logical_stream_t *p_stream,
p_stream->fmt.i_bitrate = bs_read( &bitstream, 24 );
bs_skip( &bitstream, 6 ); /* quality */
- i_keyframe_frequency_force = 1 << bs_read( &bitstream, 5 );
-
/* granule_shift = i_log( frequency_force -1 ) */
- p_stream->i_granule_shift = 0;
- i_keyframe_frequency_force--;
- while( i_keyframe_frequency_force )
- {
- p_stream->i_granule_shift++;
- i_keyframe_frequency_force >>= 1;
- }
+ p_stream->i_granule_shift = bs_read( &bitstream, 5 );
i_version = i_major * 1000000 + i_minor * 1000 + i_subminor;
p_stream->i_first_frame_index = (i_version >= 3002001) ? 1 : 0;
@@ -2774,8 +2765,7 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream,
oggpack_buffer opb;
uint32_t i_timebase_numerator;
uint32_t i_timebase_denominator;
- int keyframe_granule_shift;
- unsigned int i_keyframe_frequency_force;
+ int i_keyframe_granule_shift;
uint8_t i_major;
uint8_t i_minor;
uint8_t i_subminor;
@@ -2809,18 +2799,12 @@ static bool Ogg_ReadDaalaHeader( logical_stream_t *p_stream,
oggpack_adv( &opb, 32 ); /* frame duration */
- keyframe_granule_shift = oggpack_read( &opb, 8 );
- keyframe_granule_shift = __MIN(keyframe_granule_shift, 31);
- i_keyframe_frequency_force = 1u << keyframe_granule_shift;
-
/* granule_shift = i_log( frequency_force -1 ) */
- p_stream->i_granule_shift = 0;
- i_keyframe_frequency_force--;
- while( i_keyframe_frequency_force )
- {
- p_stream->i_granule_shift++;
- i_keyframe_frequency_force >>= 1;
- }
+ i_keyframe_granule_shift = oggpack_read( &opb, 8 );
+ if ( i_keyframe_granule_shift < 0 || i_keyframe_granule_shift > 31 )
+ return false;
+
+ p_stream->i_granule_shift = i_keyframe_granule_shift;
i_version = i_major * 1000000 + i_minor * 1000 + i_subminor;
VLC_UNUSED(i_version);
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/777a8a09171d50706c391d0911a52a2a1f24fe54...dda21a9cd95c78f40d8444543a934e945a0ce348
--
View it on GitLab: https://code.videolan.org/videolan/vlc/-/compare/777a8a09171d50706c391d0911a52a2a1f24fe54...dda21a9cd95c78f40d8444543a934e945a0ce348
You're receiving this email because of your account on code.videolan.org.
VideoLAN code repository instance
More information about the vlc-commits
mailing list