diff options
| author | Kostya Shishkov <kostya.shishkov@gmail.com> | 2007-09-24 03:32:24 +0000 |
|---|---|---|
| committer | Kostya Shishkov <kostya.shishkov@gmail.com> | 2007-09-24 03:32:24 +0000 |
| commit | 4783cf0d09ce472a4724d9cd509565e9c283418f (patch) | |
| tree | 15ad90fa87ea4046b2bcb4a8c12af9017d02cbc8 | |
| parent | 8b505fc6894b99afc217f57f404a0705f75a464c (diff) | |
| download | ffmpeg-4783cf0d09ce472a4724d9cd509565e9c283418f.tar.gz | |
Do not try to decode more data than output buffer may hold
Originally committed as revision 10560 to svn://svn.ffmpeg.org/ffmpeg/trunk
| -rw-r--r-- | libavcodec/adx.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/libavcodec/adx.c b/libavcodec/adx.c index 593c19de65..2b44b89f98 100644 --- a/libavcodec/adx.c +++ b/libavcodec/adx.c @@ -328,6 +328,11 @@ static int adx_decode_frame(AVCodecContext *avctx, rest -= hdrsize; } + /* 18 bytes of data are expanded into 32*2 bytes of audio, + so guard against buffer overflows */ + if(rest/18 > *data_size/64) + rest = (*data_size/64) * 18; + if (c->in_temp) { int copysize = 18*avctx->channels - c->in_temp; memcpy(c->dec_temp+c->in_temp,buf,copysize); |