[FFmpeg-cvslog] Fix input buffer size check in adpcm_ea decoder.
Reimar Döffinger
git at videolan.org
Sun Apr 10 11:40:56 CEST 2011
ffmpeg | branch: master | Reimar Döffinger <Reimar.Doeffinger at gmx.de> | Fri Apr 8 01:19:21 2011 +0200| [701d0eb185192542c4a17f296e39e37cedf7abc6] | committer: Reimar Döffinger
Fix input buffer size check in adpcm_ea decoder.
Unfortunately the output buffer size check assumes that the
input buffer is never over-consumed, thus this actually
also allowed to write outside the output buffer if "lucky".
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=701d0eb185192542c4a17f296e39e37cedf7abc6
---
libavcodec/adpcm.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/libavcodec/adpcm.c b/libavcodec/adpcm.c
index 826c588..6252dbc 100644
--- a/libavcodec/adpcm.c
+++ b/libavcodec/adpcm.c
@@ -1291,7 +1291,7 @@ static int adpcm_decode_frame(AVCodecContext *avctx,
}
break;
case CODEC_ID_ADPCM_EA:
- if (buf_size < 4 || AV_RL32(src) >= ((buf_size - 12) * 2)) {
+ if (buf_size < 12 || AV_RL32(src) > (buf_size - 12)/30*28) {
src += buf_size;
break;
}
More information about the ffmpeg-cvslog
mailing list