mp3dec: Fix possibly exploitable crash

I was sadly unable to find a non fuzzed mp3 that uses the feature that contained the bug (and i searched hard ...), thus while this fixes the security issue. It may or may not fix mixed blocks in 8khz mp3s, i cant say due to lack of samples to test. Security issue exists since: b37d945dd4213cb8e92146571b0374cd45d52286 Reported-by: Dale Curtis <dalecurtis@google.com> (Probably) Found-by: inferno@chromium.org Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
author: Michael Niedermayer 2012-09-28 01:38:44 +0200
committer: Michael Niedermayer 2012-09-28 01:45:53 +0200
commit: 94041febc53a6da10e34c2bfff9ff1d580fdce60 (patch)
tree: aca6b22afda401e3833def3d01be9ffe545988be
parent: 13f0cd681e9308efe68802ab03e7443863b4c54f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/libavcodec/mpegaudiodec.c b/libavcodec/mpegaudiodec.c
index 2393da7c04..d6de1f7b53 100644
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -213,7 +213,7 @@ static void ff_compute_band_indexes(MPADecodeContext *s, GranuleDef *g)
             else
                 g->long_end = 6;
 
-            g->short_start = 2 + (s->sample_rate_index != 8);
+            g->short_start = 3;
         } else {
             g->long_end    = 0;
             g->short_start = 0;
author	Michael Niedermayer	2012-09-28 01:38:44 +0200
committer	Michael Niedermayer	2012-09-28 01:45:53 +0200
commit	94041febc53a6da10e34c2bfff9ff1d580fdce60 (patch)
tree	aca6b22afda401e3833def3d01be9ffe545988be
parent	13f0cd681e9308efe68802ab03e7443863b4c54f (diff)