[FFmpeg-devel] [PATCH 1/5] Check output buffer size in nellymoser decoder.
fenrir at elivagar.org
fenrir at elivagar.org
Wed Sep 21 20:46:29 CEST 2011
From: Laurent Aimar <fenrir at videolan.org>
---
libavcodec/nellymoserdec.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index a153dc0..23fecbf 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
NellyMoserDecodeContext *s = avctx->priv_data;
+ int data_max = *data_size;
int blocks, i;
int16_t* samples;
*data_size = 0;
@@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx,
*/
for (i=0 ; i<blocks ; i++) {
+ if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
+ return i > 0 ? i * NELLY_BLOCK_LEN : -1;
nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES);
*data_size += NELLY_SAMPLES*sizeof(int16_t);
--
1.7.2.5
More information about the ffmpeg-devel
mailing list