[FFmpeg-cvslog] nellymoser: check output buffer size before decoding
Justin Ruggles
git at videolan.org
Mon Mar 19 05:30:24 CET 2012
ffmpeg | branch: release/0.8 | Justin Ruggles <justin.ruggles at gmail.com> | Wed Sep 14 12:16:05 2011 -0400| [d46efbebe7c54932d5a4a1e807607424c2986481] | committer: Reinhard Tartler
nellymoser: check output buffer size before decoding
(cherry picked from commit 8b31c086b6065084644b86a63c9171f3094cf6ad)
Signed-off-by: Anton Khirnov <anton at khirnov.net>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=d46efbebe7c54932d5a4a1e807607424c2986481
---
libavcodec/nellymoserdec.c | 17 ++++++++++++-----
1 files changed, 12 insertions(+), 5 deletions(-)
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index 59c1b3b..2e4c5b0 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,19 +156,26 @@ static int decode_tag(AVCodecContext * avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
NellyMoserDecodeContext *s = avctx->priv_data;
- int blocks, i;
+ int blocks, i, block_size;
int16_t* samples;
- *data_size = 0;
samples = (int16_t*)data;
- if (buf_size < avctx->block_align)
+ if (buf_size < avctx->block_align) {
+ *data_size = 0;
return buf_size;
+ }
if (buf_size % 64) {
av_log(avctx, AV_LOG_ERROR, "Tag size %d.\n", buf_size);
+ *data_size = 0;
return buf_size;
}
- blocks = buf_size / 64;
+ block_size = NELLY_SAMPLES * av_get_bytes_per_sample(avctx->sample_fmt);
+ blocks = FFMIN(buf_size / 64, *data_size / block_size);
+ if (blocks <= 0) {
+ av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
/* Normal numbers of blocks for sample rates:
* 8000 Hz - 1
* 11025 Hz - 2
@@ -180,8 +187,8 @@ static int decode_tag(AVCodecContext * avctx,
for (i=0 ; i<blocks ; i++) {
nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES);
- *data_size += NELLY_SAMPLES*sizeof(int16_t);
}
+ *data_size = blocks * block_size;
return buf_size;
}
More information about the ffmpeg-cvslog
mailing list