fix exploitable buffer overflow

Originally committed as revision 8850 to svn://svn.ffmpeg.org/ffmpeg/trunk
author: Michael Niedermayer <michaelni@gmx.at> 2007-04-27 12:41:55 +0000
committer: Michael Niedermayer <michaelni@gmx.at> 2007-04-27 12:41:55 +0000
commit: 9f1473b304ae11ee09b7ae22016c951fdce31dd2 (patch)
tree: 24fe400394ede4fdb693a7fadeb839fb1b4869f8
parent: e69364b700a6c0cb411ddc7737bc8e9e701d0cb8 (diff)
download: ffmpeg-9f1473b304ae11ee09b7ae22016c951fdce31dd2.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/libavcodec/dca.c b/libavcodec/dca.c
index a5470073f0..1c040e21ee 100644
--- a/libavcodec/dca.c
+++ b/libavcodec/dca.c
@@ -1089,6 +1089,9 @@ static int dca_convert_bitstream(uint8_t * src, int src_size, uint8_t * dst,
     uint16_t *ssrc = (uint16_t *) src, *sdst = (uint16_t *) dst;
     PutBitContext pb;
 
+    if((unsigned)src_size > (unsigned)max_size)
+        return -1;
+
     mrk = AV_RB32(src);
     switch (mrk) {
     case DCA_MARKER_RAW_BE:
author	Michael Niedermayer <michaelni@gmx.at>	2007-04-27 12:41:55 +0000
committer	Michael Niedermayer <michaelni@gmx.at>	2007-04-27 12:41:55 +0000
commit	9f1473b304ae11ee09b7ae22016c951fdce31dd2 (patch)
tree	24fe400394ede4fdb693a7fadeb839fb1b4869f8
parent	e69364b700a6c0cb411ddc7737bc8e9e701d0cb8 (diff)
download	ffmpeg-9f1473b304ae11ee09b7ae22016c951fdce31dd2.tar.gz