[FFmpeg-cvslog] Check output buffer size in nellymoser decoder.
Laurent Aimar
git at videolan.org
Sun Nov 6 20:18:52 CET 2011
ffmpeg | branch: release/0.5 | Laurent Aimar <fenrir at videolan.org> | Wed Sep 21 20:46:29 2011 +0200| [25bc1108c2d3466358da8d3e27d08dbdb9840ea2] | committer: Michael Niedermayer
Check output buffer size in nellymoser decoder.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 741ec30bd2385f794efa9fafa84d39a917f2574e)
(cherry picked from commit 533dbaa55b7d45d5ca76f9ed46f5690282f86ea9)
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=25bc1108c2d3466358da8d3e27d08dbdb9840ea2
---
libavcodec/nellymoserdec.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index 94e6129..ec35369 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -154,6 +154,7 @@ static int decode_tag(AVCodecContext * avctx,
void *data, int *data_size,
const uint8_t * buf, int buf_size) {
NellyMoserDecodeContext *s = avctx->priv_data;
+ int data_max = *data_size;
int blocks, i;
int16_t* samples;
*data_size = 0;
@@ -177,6 +178,8 @@ static int decode_tag(AVCodecContext * avctx,
}
for (i=0 ; i<blocks ; i++) {
+ if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
+ return i > 0 ? i * NELLY_BLOCK_LEN : -1;
nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
s->dsp.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES);
*data_size += NELLY_SAMPLES*sizeof(int16_t);
More information about the ffmpeg-cvslog
mailing list