On Thu, Sep 22, 2011 at 10:32:07AM -0400, Justin Ruggles wrote:
> > diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
> > index a153dc0..23fecbf 100644
> > --- a/libavcodec/nellymoserdec.c
> > +++ b/libavcodec/nellymoserdec.c
> > @@ -156,6 +156,7 @@ static int decode_tag(AVCodecContext * avctx,
> > const uint8_t *buf = avpkt->data;
> > int buf_size = avpkt->size;
> > NellyMoserDecodeContext *s = avctx->priv_data;
> > + int data_max = *data_size;
> > int blocks, i;
> > int16_t* samples;
> > *data_size = 0;
> > @@ -178,6 +179,8 @@ static int decode_tag(AVCodecContext * avctx,
> > */
> >
> > for (i=0 ; i<blocks ; i++) {
> > + if ((i + 1) * NELLY_SAMPLES * sizeof(int16_t) > data_max)
> > + return i > 0 ? i * NELLY_BLOCK_LEN : -1;
> > nelly_decode_block(s, &buf[i*NELLY_BLOCK_LEN], s->float_buf);
> > s->fmt_conv.float_to_int16(&samples[i*NELLY_SAMPLES],
> > s->float_buf, NELLY_SAMPLES);
> > *data_size += NELLY_SAMPLES*sizeof(int16_t);
>
>
> I think it would be simpler to just check before the loop and limit
> 'blocks' based on the output buffer size.
>
> blocks = FFMIN(buf_size / 64, *data_size / NELLY_BLOCK_LEN);
> if (!blocks) {
> av_log(avctx, AV_LOG_ERROR, "output buffer is too small\n");
> return AVERROR(EINVAL)
> }
Seems fine. I will let you provide (or commit) a full patch as you have
already written the whole code.
Regards,
--
fenrir
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
