beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 23:50:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

LibAudio: Don't overread MP3 granule samples if big_values is too large

Browse source 
There are at most 576 granule samples/frequency lines, but the side data
can specify that the big_values granule type take up to 1024 samples.
The spec says in 2.4.3.4.6 that we should always stop reading Huffman
data once we have 576 samples, so that is what this change does. I also
add some useful spec comments while I'm here.
This commit is contained in:
kleines Filmröllchen 2023-06-28 16:41:29 +02:00 committed by Jelle Raaijmakers
parent 53785a9206
commit 6cddee98a9
Notes: sideshowbarker 2024-07-16 22:34:39 +09:00 
Author: https://github.com/kleinesfilmroellchen
Commit: https://github.com/SerenityOS/serenity/commit/6cddee98a9
Pull-request: https://github.com/SerenityOS/serenity/pull/19688
Reviewed-by: https://github.com/gmta
1 changed files with 9 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
Userland/Libraries/LibAudio/MP3Loader.cpp
View file

@ -521,7 +521,12 @@ MaybeLoaderError MP3LoaderPlugin::read_huffman_data(MP3::MP3Frame& frame, BigEnd
size_t count = 0;
for (; count < granule.big_values * 2; count += 2) {
// 2.4.3.4.6: "Decoding is done until all Huffman code bits have been decoded
// or until quantized values representing 576 frequency lines have been decoded,
// whichever comes first."
auto max_count = min(granule.big_values * 2, MP3::granule_size);
for (; count < max_count; count += 2) {
MP3::Tables::Huffman::HuffmanTreeXY const* tree = nullptr;
if (count < region1_start) {
@ -574,7 +579,7 @@ MaybeLoaderError MP3LoaderPlugin::read_huffman_data(MP3::MP3Frame& frame, BigEnd
// count1 is not known. We have to read huffman encoded values
// until we've exhausted the granule's bits. We know the size of
// the granule from part2_3_length, which is the number of bits
// used for scaleactors and huffman data (in the granule).
// used for scalefactors and huffman data (in the granule).
while (granule_bits_read < granule.part_2_3_length && count <= MP3::granule_size - 4) {
auto const entry = MP3::Tables::Huffman::huffman_decode(reservoir, count1table, granule.part_2_3_length - granule_bits_read);
granule_bits_read += entry.bits_read;
@ -625,6 +630,8 @@ MaybeLoaderError MP3LoaderPlugin::read_huffman_data(MP3::MP3Frame& frame, BigEnd
return LoaderError { LoaderError::Category::Format, m_loaded_samples, "Read too many bits from bit reservoir." };
}
// 2.4.3.4.6: "If there are more Huffman code bits than necessary to decode 576 values
// they are regarded as stuffing bits and discarded."
for (size_t i = granule_bits_read; i < granule.part_2_3_length; i++) {
LOADER_TRY(reservoir.read_bit());
}