On 09/21/2011 02:46 PM, [email protected] wrote:
> From: Laurent Aimar <[email protected]>
>
> ---
> libavcodec/nellymoserdec.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
> index a153dc0..23fecbf 100644
> --- a/libavcodec/nellymoserdec.c
> +++ b/libavcodec/nellymoserdec.c
> @@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx,
> const uint8_t *buf = avpkt->data;
> int buf_size = avpkt->size;
> NellyMoserDecodeContext *s = avctx->priv_data;
> + int data_max = *data_size;
> int blocks, i;
> int16_t* samples;
> *data_size = 0;
> @@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx,
> */
>
> for (i=0 ; i<blocks ; i++) {
> + if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
> + return i > 0 ? i * NELLY_BLOCK_LEN : -1;
> nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
> s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES], s->float_buf,
> NELLY_SAMPLES);
> *data_size += NELLY_SAMPLES*sizeof(int16_t);
I think it would be simpler to just check before the loop and limit
'blocks' based on the output buffer size.
blocks = FFMIN(buf_size / 64, *data_size / NELLY_BLOCK_LEN);
if (!blocks) {
av_log(avctx, AV_LOG_ERROR, "output buffer is too small\n");
return AVERROR(EINVAL)
}
-Justin
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
