[MPlayer-dev-eng] [PATCH 6/6] ad_hwmpa.c: avoid potential out of bounds.
Reimar Döffinger
Reimar.Doeffinger at gmx.de
Mon Jan 18 00:00:40 EET 2021
This happens when the frame size is larger than the
size of the decoded audio - obviously this should not
happen in real audio files as it doesn't make sense
to select a compression mode that increases size.
Note that unless all other MPEG audio codecs are disabled
this codec will never be auto-selected.
Fixes trac issue #2357.
---
libmpcodecs/ad_hwmpa.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/libmpcodecs/ad_hwmpa.c b/libmpcodecs/ad_hwmpa.c
index 30caa9b0f..9c5bd28ed 100644
--- a/libmpcodecs/ad_hwmpa.c
+++ b/libmpcodecs/ad_hwmpa.c
@@ -133,7 +133,8 @@ static int decode_audio(sh_audio_t *sh,unsigned char *buf,int minlen,int maxlen)
break;
}
- memset(&buf[tot], 0, tot2-tot);
+ if (tot > tot2) mp_msg(MSGT_DECAUDIO,MSGL_ERR,"MPEG audio frame is larger than decoded data (%i > %i)!\n", tot, tot2);
+ else memset(&buf[tot], 0, tot2-tot);
return tot2;
}
--
2.30.0
More information about the MPlayer-dev-eng
mailing list