[FFmpeg-cvslog] libopencore-amr: check output buffer size before decoding
Justin Ruggles
git at videolan.org
Thu Oct 27 01:46:46 CEST 2011
ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Tue Sep 27 17:24:27 2011 -0400| [4a6a29a7fbf023b19797c38a86099d9f81d25524] | committer: Justin Ruggles
libopencore-amr: check output buffer size before decoding
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=4a6a29a7fbf023b19797c38a86099d9f81d25524
---
libavcodec/libopencore-amr.c | 20 ++++++++++++++++----
1 files changed, 16 insertions(+), 4 deletions(-)
diff --git a/libavcodec/libopencore-amr.c b/libavcodec/libopencore-amr.c
index 6c54a1d..a705975 100644
--- a/libavcodec/libopencore-amr.c
+++ b/libavcodec/libopencore-amr.c
@@ -131,11 +131,17 @@ static int amr_nb_decode_frame(AVCodecContext *avctx, void *data,
AMRContext *s = avctx->priv_data;
static const uint8_t block_size[16] = { 12, 13, 15, 17, 19, 20, 26, 31, 5, 0, 0, 0, 0, 0, 0, 0 };
enum Mode dec_mode;
- int packet_size;
+ int packet_size, out_size;
av_dlog(avctx, "amr_decode_frame buf=%p buf_size=%d frame_count=%d!!\n",
buf, buf_size, avctx->frame_number);
+ out_size = 160 * av_get_bytes_per_sample(avctx->sample_fmt);
+ if (*data_size < out_size) {
+ av_log(avctx, AV_LOG_ERROR, "output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
+
dec_mode = (buf[0] >> 3) & 0x000F;
packet_size = block_size[dec_mode] + 1;
@@ -149,7 +155,7 @@ static int amr_nb_decode_frame(AVCodecContext *avctx, void *data,
packet_size, buf[0], buf[1], buf[2], buf[3]);
/* call decoder */
Decoder_Interface_Decode(s->dec_state, buf, data, 0);
- *data_size = 160 * 2;
+ *data_size = out_size;
return packet_size;
}
@@ -271,9 +277,15 @@ static int amr_wb_decode_frame(AVCodecContext *avctx, void *data,
int buf_size = avpkt->size;
AMRWBContext *s = avctx->priv_data;
int mode;
- int packet_size;
+ int packet_size, out_size;
static const uint8_t block_size[16] = {18, 24, 33, 37, 41, 47, 51, 59, 61, 6, 6, 0, 0, 0, 1, 1};
+ out_size = 320 * av_get_bytes_per_sample(avctx->sample_fmt);
+ if (*data_size < out_size) {
+ av_log(avctx, AV_LOG_ERROR, "output buffer is too small\n");
+ return AVERROR(EINVAL);
+ }
+
mode = (buf[0] >> 3) & 0x000F;
packet_size = block_size[mode];
@@ -284,7 +296,7 @@ static int amr_wb_decode_frame(AVCodecContext *avctx, void *data,
}
D_IF_decode(s->state, buf, data, _good_frame);
- *data_size = 320 * 2;
+ *data_size = out_size;
return packet_size;
}
More information about the ffmpeg-cvslog
mailing list