[FFmpeg-cvslog] qdm2: check output buffer size before decoding
Justin Ruggles
git at videolan.org
Wed Oct 5 04:14:08 CEST 2011
ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Wed Sep 14 13:57:04 2011 -0400| [7d49f79f1cd47783a963a757a6563b9cac29db62] | committer: Justin Ruggles
qdm2: check output buffer size before decoding
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7d49f79f1cd47783a963a757a6563b9cac29db62
---
libavcodec/qdm2.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/libavcodec/qdm2.c b/libavcodec/qdm2.c
index b68197d..5068e67 100644
--- a/libavcodec/qdm2.c
+++ b/libavcodec/qdm2.c
@@ -1960,13 +1960,20 @@ static int qdm2_decode_frame(AVCodecContext *avctx,
int buf_size = avpkt->size;
QDM2Context *s = avctx->priv_data;
int16_t *out = data;
- int i;
+ int i, out_size;
if(!buf)
return 0;
if(buf_size < s->checksum_size)
return -1;
+ out_size = 16 * s->channels * s->frame_size *
+ av_get_bytes_per_sample(avctx->sample_fmt);
+ if (*data_size < out_size) {
+ av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
+
av_log(avctx, AV_LOG_DEBUG, "decode(%d): %p[%d] -> %p[%d]\n",
buf_size, buf, s->checksum_size, data, *data_size);
@@ -1976,7 +1983,7 @@ static int qdm2_decode_frame(AVCodecContext *avctx,
out += s->channels * s->frame_size;
}
- *data_size = (uint8_t*)out - (uint8_t*)data;
+ *data_size = out_size;
return s->checksum_size;
}
More information about the ffmpeg-cvslog
mailing list