[FFmpeg-cvslog] r10485 - in trunk/libavcodec: smacker.c truespeech.c ws-snd1.c
Michael Niedermayer
michaelni
Thu Sep 13 13:25:37 CEST 2007
Hi
On Thu, Sep 13, 2007 at 07:59:59AM +0200, kostya wrote:
> Author: kostya
> Date: Thu Sep 13 07:59:58 2007
> New Revision: 10485
>
> Log:
> Add checks on input/output buffers size for some audio decoders
>
> Modified:
> trunk/libavcodec/smacker.c
> trunk/libavcodec/truespeech.c
> trunk/libavcodec/ws-snd1.c
>
> Modified: trunk/libavcodec/smacker.c
> ==============================================================================
> --- trunk/libavcodec/smacker.c (original)
> +++ trunk/libavcodec/smacker.c Thu Sep 13 07:59:58 2007
> @@ -590,6 +590,10 @@ static int smka_decode_frame(AVCodecCont
> }
> stereo = get_bits1(&gb);
> bits = get_bits1(&gb);
> + if ((unp_size << !bits) > *data_size) {
> + av_log(avctx, AV_LOG_ERROR, "Frame is too large to fit in buffer\n");
> + return -1;
> + }
>
> memset(vlc, 0, sizeof(VLC) * 4);
> memset(h, 0, sizeof(HuffContext) * 4);
not enough if unp_size is 1<<30 and bits is 0 -> (unp_size << !bits) < 0
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
If you really think that XML is the answer, then you definitly missunderstood
the question -- Attila Kinali
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/attachments/20070913/eaec462a/attachment.pgp>
More information about the ffmpeg-cvslog
mailing list