[FFmpeg-cvslog] qcelp: check output buffer size before decoding
Justin Ruggles
git at videolan.org
Fri Nov 4 20:49:18 CET 2011
ffmpeg | branch: release/0.7 | Justin Ruggles <justin.ruggles at gmail.com> | Wed Sep 14 13:38:07 2011 -0400| [2809f4ab934ca94b32e64f3a70e6008cd3876420] | committer: Michael Niedermayer
qcelp: check output buffer size before decoding
(cherry picked from commit e43dd3d2a8e106169e707484090a2d973ece2184)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=2809f4ab934ca94b32e64f3a70e6008cd3876420
---
libavcodec/qcelpdec.c | 10 ++++++++--
1 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/libavcodec/qcelpdec.c b/libavcodec/qcelpdec.c
index e83704d..61c812c 100644
--- a/libavcodec/qcelpdec.c
+++ b/libavcodec/qcelpdec.c
@@ -738,11 +738,17 @@ static int qcelp_decode_frame(AVCodecContext *avctx, void *data, int *data_size,
int buf_size = avpkt->size;
QCELPContext *q = avctx->priv_data;
float *outbuffer = data;
- int i;
+ int i, out_size;
float quantized_lspf[10], lpc[10];
float gain[16];
float *formant_mem;
+ out_size = 160 * av_get_bytes_per_sample(avctx->sample_fmt);
+ if (*data_size < out_size) {
+ av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
+
if((q->bitrate = determine_bitrate(avctx, buf_size, &buf)) == I_F_Q)
{
warn_insufficient_frame_quality(avctx, "bitrate cannot be determined.");
@@ -837,7 +843,7 @@ erasure:
memcpy(q->prev_lspf, quantized_lspf, sizeof(q->prev_lspf));
q->prev_bitrate = q->bitrate;
- *data_size = 160 * sizeof(*outbuffer);
+ *data_size = out_size;
return buf_size;
}
More information about the ffmpeg-cvslog
mailing list