[FFmpeg-cvslog] Check output buffer size in nellymoser decoder.
Laurent Aimar
git at videolan.org
Thu Sep 22 01:37:13 CEST 2011
ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Wed Sep 21 20:46:29 2011 +0200| [533dbaa55b7d45d5ca76f9ed46f5690282f86ea9] | committer: Michael Niedermayer
Check output buffer size in nellymoser decoder.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 741ec30bd2385f794efa9fafa84d39a917f2574e)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=533dbaa55b7d45d5ca76f9ed46f5690282f86ea9
---
libavcodec/nellymoserdec.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index 59c1b3b..d85483d 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
NellyMoserDecodeContext *s = avctx->priv_data;
+ int data_max = *data_size;
int blocks, i;
int16_t* samples;
*data_size = 0;
@@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx,
*/
for (i=0 ; i<blocks ; i++) {
+ if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
+ return i > 0 ? i * NELLY_BLOCK_LEN : -1;
nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES);
*data_size += NELLY_SAMPLES*sizeof(int16_t);
More information about the ffmpeg-cvslog
mailing list