avoids silently truncating the output
---
libavcodec/nellymoserdec.c | 6 +++++-
1 files changed, 5 insertions(+), 1 deletions(-)
diff --git a/libavcodec/nellymoserdec.c b/libavcodec/nellymoserdec.c
index ec045af..3812d78 100644
--- a/libavcodec/nellymoserdec.c
+++ b/libavcodec/nellymoserdec.c
@@ -176,8 +176,12 @@ static int decode_tag(AVCodecContext * avctx,
return buf_size;
}
block_size = NELLY_SAMPLES * av_get_bytes_per_sample(avctx->sample_fmt);
- blocks = FFMIN(buf_size / NELLY_BLOCK_LEN, *data_size / block_size);
+ blocks = buf_size / NELLY_BLOCK_LEN;
if (blocks <= 0) {
+ av_log(avctx, AV_LOG_ERROR, "Packet is too small\n");
+ return AVERROR_INVALIDDATA;
+ }
+ if (*data_size < blocks * block_size) {
av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
return AVERROR(EINVAL);
}
--
1.7.1
_______________________________________________
libav-devel mailing list
[email protected]
https://lists.libav.org/mailman/listinfo/libav-devel
