[FFmpeg-cvslog] imc: check output buffer size before decoding
Justin Ruggles
git at videolan.org
Thu Nov 3 02:23:12 CET 2011
ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Fri Oct 28 18:24:03 2011 -0400| [86962b13f6d26fee398e4f8264e676461da91dfe] | committer: Justin Ruggles
imc: check output buffer size before decoding
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86962b13f6d26fee398e4f8264e676461da91dfe
---
libavcodec/imc.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/libavcodec/imc.c b/libavcodec/imc.c
index 1a3eeaa..db388e3 100644
--- a/libavcodec/imc.c
+++ b/libavcodec/imc.c
@@ -651,7 +651,7 @@ static int imc_decode_frame(AVCodecContext * avctx,
IMCContext *q = avctx->priv_data;
int stream_format_code;
- int imc_hdr, i, j;
+ int imc_hdr, i, j, out_size;
int flag;
int bits, summer;
int counter, bitscount;
@@ -662,6 +662,12 @@ static int imc_decode_frame(AVCodecContext * avctx,
return -1;
}
+ out_size = COEFFS * av_get_bytes_per_sample(avctx->sample_fmt);
+ if (*data_size < out_size) {
+ av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
+
q->dsp.bswap16_buf(buf16, (const uint16_t*)buf, IMC_BLOCK_SIZE / 2);
q->out_samples = data;
@@ -808,7 +814,7 @@ static int imc_decode_frame(AVCodecContext * avctx,
imc_imdct256(q);
- *data_size = COEFFS * sizeof(float);
+ *data_size = out_size;
return IMC_BLOCK_SIZE;
}
More information about the ffmpeg-cvslog
mailing list