[FFmpeg-cvslog] mpc8: check output buffer size before decoding

Justin Ruggles git at videolan.org
Mon Mar 19 05:30:24 CET 2012


ffmpeg | branch: release/0.8 | Justin Ruggles <justin.ruggles at gmail.com> | Wed Sep 14 11:39:21 2011 -0400| [fc0e151cdc03420af92bc21b5399eefcde5efd7c] | committer: Reinhard Tartler

mpc8: check output buffer size before decoding

(cherry picked from commit 5674d4b0a35a34b75e3533a8580e0b5a0a8895a7)

Signed-off-by: Anton Khirnov <anton at khirnov.net>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=fc0e151cdc03420af92bc21b5399eefcde5efd7c
---

 libavcodec/mpc8.c |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/libavcodec/mpc8.c b/libavcodec/mpc8.c
index 3177faf..85c6621 100644
--- a/libavcodec/mpc8.c
+++ b/libavcodec/mpc8.c
@@ -241,10 +241,16 @@ static int mpc8_decode_frame(AVCodecContext * avctx,
     GetBitContext gb2, *gb = &gb2;
     int i, j, k, ch, cnt, res, t;
     Band *bands = c->bands;
-    int off;
+    int off, out_size;
     int maxband, keyframe;
     int last[2];
 
+    out_size = MPC_FRAME_SIZE * 2 * avctx->channels;
+    if (*data_size < out_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
+    }
+
     keyframe = c->cur_frame == 0;
 
     if(keyframe){
@@ -400,7 +406,7 @@ static int mpc8_decode_frame(AVCodecContext * avctx,
     c->last_bits_used = get_bits_count(gb);
     if(c->cur_frame >= c->frames)
         c->cur_frame = 0;
-    *data_size =  MPC_FRAME_SIZE * 2 * avctx->channels;
+    *data_size =  out_size;
 
     return c->cur_frame ? c->last_bits_used >> 3 : buf_size;
 }



More information about the ffmpeg-cvslog mailing list