[FFmpeg-cvslog] Check output buffer size in nellymoser decoder.
    Laurent Aimar 
    git at videolan.org
       
    Thu Sep 22 01:37:13 CEST 2011
    
    
  
ffmpeg | branch: release/0.8 | Laurent Aimar <fenrir at videolan.org> | Wed Sep 21 20:46:29 2011 +0200| [533dbaa55b7d45d5ca76f9ed46f5690282f86ea9] | committer: Michael Niedermayer
Check output buffer size in nellymoser decoder.
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
(cherry picked from commit 741ec30bd2385f794efa9fafa84d39a917f2574e)
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=533dbaa55b7d45d5ca76f9ed46f5690282f86ea9
---
 libavcodec/nellymoserdec.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index 59c1b3b..d85483d 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx,
     const uint8_t *buf = avpkt->data;
     int buf_size = avpkt->size;
     NellyMoserDecodeContext *s = avctx->priv_data;
+    int data_max = *data_size;
     int blocks, i;
     int16_t* samples;
     *data_size = 0;
@@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx,
      */
 
     for (i=0 ; i<blocks ; i++) {
+        if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
+            return i > 0 ? i * NELLY_BLOCK_LEN : -1;
         nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
         s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf, NELLY_SAMPLES);
         *data_size += NELLY_SAMPLES*sizeof(int16_t);
    
    
More information about the ffmpeg-cvslog
mailing list