[FFmpeg-cvslog] r13051 - trunk/libavcodec/alac.c
michael
subversion
Sat May 3 23:01:47 CEST 2008
Author: michael
Date: Sat May 3 23:01:47 2008
New Revision: 13051
Log:
Heap buffer overflow.
Modified:
trunk/libavcodec/alac.c
Modified: trunk/libavcodec/alac.c
==============================================================================
--- trunk/libavcodec/alac.c (original)
+++ trunk/libavcodec/alac.c Sat May 3 23:01:47 2008
@@ -405,7 +405,7 @@ static int alac_decode_frame(AVCodecCont
ALACContext *alac = avctx->priv_data;
int channels;
- int32_t outputsamples;
+ unsigned int outputsamples;
int hassize;
int readsamplesize;
int wasted_bytes;
@@ -458,6 +458,10 @@ static int alac_decode_frame(AVCodecCont
if (hassize) {
/* now read the number of samples as a 32bit integer */
outputsamples = get_bits(&alac->gb, 32);
+ if(outputsamples > alac->setinfo_max_samples_per_frame){
+ av_log(avctx, AV_LOG_ERROR, "outputsamples %d > %d\n", outputsamples, alac->setinfo_max_samples_per_frame);
+ return -1;
+ }
} else
outputsamples = alac->setinfo_max_samples_per_frame;
More information about the ffmpeg-cvslog
mailing list