aboutsummaryrefslogtreecommitdiffstats
path: root/libavcodec/alac.c
diff options
context:
space:
mode:
authorMichael Niedermayer <michaelni@gmx.at>2008-05-03 21:01:47 +0000
committerMichael Niedermayer <michaelni@gmx.at>2008-05-03 21:01:47 +0000
commit494e353179a138b254630f3a208df3aa639d258f (patch)
tree7864dd60c66adc48e1172329d93b926620d38605 /libavcodec/alac.c
parent83e9a67d7c76b12ca614709f451a2a175cd48721 (diff)
downloadffmpeg-494e353179a138b254630f3a208df3aa639d258f.tar.gz
Heap buffer overflow.
Originally committed as revision 13051 to svn://svn.ffmpeg.org/ffmpeg/trunk
Diffstat (limited to 'libavcodec/alac.c')
-rw-r--r--libavcodec/alac.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/libavcodec/alac.c b/libavcodec/alac.c
index 9fbba9544a..c5a9b767c8 100644
--- a/libavcodec/alac.c
+++ b/libavcodec/alac.c
@@ -405,7 +405,7 @@ static int alac_decode_frame(AVCodecContext *avctx,
ALACContext *alac = avctx->priv_data;
int channels;
- int32_t outputsamples;
+ unsigned int outputsamples;
int hassize;
int readsamplesize;
int wasted_bytes;
@@ -458,6 +458,10 @@ static int alac_decode_frame(AVCodecContext *avctx,
if (hassize) {
/* now read the number of samples as a 32bit integer */
outputsamples = get_bits(&alac->gb, 32);
+ if(outputsamples > alac->setinfo_max_samples_per_frame){
+ av_log(avctx, AV_LOG_ERROR, "outputsamples %d > %d\n", outputsamples, alac->setinfo_max_samples_per_frame);
+ return -1;
+ }
} else
outputsamples = alac->setinfo_max_samples_per_frame;