diff options
| author | Justin Ruggles <justin.ruggles@gmail.com> | 2011-10-28 18:24:03 -0400 |
|---|---|---|
| committer | Justin Ruggles <justin.ruggles@gmail.com> | 2011-11-02 17:02:22 -0400 |
| commit | 86962b13f6d26fee398e4f8264e676461da91dfe (patch) | |
| tree | f5c284a6caeba80776cb50e6b109914c85062ec6 | |
| parent | e9362aaedf81c723bd9167d3ec1e7eb457d1fbfb (diff) | |
| download | ffmpeg-86962b13f6d26fee398e4f8264e676461da91dfe.tar.gz | |
imc: check output buffer size before decoding
| -rw-r--r-- | libavcodec/imc.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/libavcodec/imc.c b/libavcodec/imc.c index 1a3eeaa1ee..db388e383b 100644 --- a/libavcodec/imc.c +++ b/libavcodec/imc.c @@ -651,7 +651,7 @@ static int imc_decode_frame(AVCodecContext * avctx, IMCContext *q = avctx->priv_data; int stream_format_code; - int imc_hdr, i, j; + int imc_hdr, i, j, out_size; int flag; int bits, summer; int counter, bitscount; @@ -662,6 +662,12 @@ static int imc_decode_frame(AVCodecContext * avctx, return -1; } + out_size = COEFFS * av_get_bytes_per_sample(avctx->sample_fmt); + if (*data_size < out_size) { + av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n"); + return AVERROR(EINVAL); + } + q->dsp.bswap16_buf(buf16, (const uint16_t*)buf, IMC_BLOCK_SIZE / 2); q->out_samples = data; @@ -808,7 +814,7 @@ static int imc_decode_frame(AVCodecContext * avctx, imc_imdct256(q); - *data_size = COEFFS * sizeof(float); + *data_size = out_size; return IMC_BLOCK_SIZE; } |