aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJustin Ruggles <justin.ruggles@gmail.com>2011-10-14 00:16:31 -0400
committerJustin Ruggles <justin.ruggles@gmail.com>2011-10-29 15:06:30 -0400
commit33684b9c12b74c0140fb91e8150263db4a48d55e (patch)
tree8be51fdc6fc217139757d9775473fb4542ff3661
parent5c353eb8e38d4861e325a767fb18d24b316e9799 (diff)
downloadffmpeg-33684b9c12b74c0140fb91e8150263db4a48d55e.tar.gz
atrac1: check output buffer size before decoding
-rw-r--r--libavcodec/atrac1.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/libavcodec/atrac1.c b/libavcodec/atrac1.c
index 0ba2cf6bdd..371f21ae3d 100644
--- a/libavcodec/atrac1.c
+++ b/libavcodec/atrac1.c
@@ -276,7 +276,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size;
AT1Ctx *q = avctx->priv_data;
- int ch, ret, i;
+ int ch, ret, i, out_size;
GetBitContext gb;
float* samples = data;
@@ -286,6 +286,13 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
return -1;
}
+ out_size = q->channels * AT1_SU_SAMPLES *
+ av_get_bytes_per_sample(avctx->sample_fmt);
+ if (*data_size < out_size) {
+ av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
+
for (ch = 0; ch < q->channels; ch++) {
AT1SUCtx* su = &q->SUs[ch];
@@ -318,7 +325,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
}
}
- *data_size = q->channels * AT1_SU_SAMPLES * sizeof(*samples);
+ *data_size = out_size;
return avctx->block_align;
}