aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJustin Ruggles <justin.ruggles@gmail.com>2011-10-14 17:09:58 -0400
committerJustin Ruggles <justin.ruggles@gmail.com>2011-10-29 15:06:31 -0400
commit7e4881a2d074a7dfba7ee1990b3e17c9276f985d (patch)
tree064d04aaefd144adc0aadc1999408a9514f1e63a
parent6ba7f78bbb6cd10ecd3bf5db51295ff288e352ce (diff)
downloadffmpeg-7e4881a2d074a7dfba7ee1990b3e17c9276f985d.tar.gz
atrac3: check output buffer size before decoding
-rw-r--r--libavcodec/atrac3.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c
index 8bd6adffd1..6828ff054e 100644
--- a/libavcodec/atrac3.c
+++ b/libavcodec/atrac3.c
@@ -827,7 +827,7 @@ static int atrac3_decode_frame(AVCodecContext *avctx,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
ATRAC3Context *q = avctx->priv_data;
- int result = 0;
+ int result = 0, out_size;
const uint8_t* databuf;
float *samples = data;
@@ -838,6 +838,12 @@ static int atrac3_decode_frame(AVCodecContext *avctx,
return buf_size;
}
+ out_size = 1024 * q->channels * av_get_bytes_per_sample(avctx->sample_fmt);
+ if (*data_size < out_size) {
+ av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
+
/* Check if we need to descramble and what buffer to pass on. */
if (q->scrambled_stream) {
decode_bytes(buf, q->decoded_bytes_buffer, avctx->block_align);
@@ -858,7 +864,7 @@ static int atrac3_decode_frame(AVCodecContext *avctx,
q->fmt_conv.float_interleave(samples, (const float **)q->outSamples,
1024, 2);
}
- *data_size = 1024 * q->channels * av_get_bytes_per_sample(avctx->sample_fmt);
+ *data_size = out_size;
return avctx->block_align;
}