[FFmpeg-cvslog] atrac1: check output buffer size before decoding

[Justin Ruggles]

ffmpeg | branch: release/0.8 | Justin Ruggles <justin.ruggles at gmail.com> | Fri Oct 14 00:16:31 2011 -0400| [346e089d25ba5f1f7509a7fbff6843471b7ccf6b] | committer: Michael Niedermayer

atrac1: check output buffer size before decoding
(cherry picked from commit 33684b9c12b74c0140fb91e8150263db4a48d55e)

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=346e089d25ba5f1f7509a7fbff6843471b7ccf6b
---

 libavcodec/atrac1.c |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/libavcodec/atrac1.c b/libavcodec/atrac1.c
index 1f4c36c..9d37e4c 100644
--- a/libavcodec/atrac1.c
+++ b/libavcodec/atrac1.c
@@ -276,7 +276,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
     const uint8_t *buf = avpkt->data;
     int buf_size       = avpkt->size;
     AT1Ctx *q          = avctx->priv_data;
-    int ch, ret, i;
+    int ch, ret, i, out_size;
     GetBitContext gb;
     float* samples = data;
 
@@ -286,6 +286,13 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
         return -1;
     }
 
+    out_size = q->channels * AT1_SU_SAMPLES *
+               av_get_bytes_per_sample(avctx->sample_fmt);
+    if (*data_size < out_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
+    }
+
     for (ch = 0; ch < q->channels; ch++) {
         AT1SUCtx* su = &q->SUs[ch];
 
@@ -318,7 +325,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
         }
     }
 
-    *data_size = q->channels * AT1_SU_SAMPLES * sizeof(*samples);
+    *data_size = out_size;
     return avctx->block_align;
 }