vlc | branch: master | Tristan Matthews <tma...@videolan.org> | Sat Sep 27 15:07:51 2014 -0400| [9ab9aa37080ed6e8d34717bdf416509c7e38bbf9] | committer: Tristan Matthews
twolame: avoid buffer overflow Refs #12298 > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=9ab9aa37080ed6e8d34717bdf416509c7e38bbf9 --- modules/codec/twolame.c | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/modules/codec/twolame.c b/modules/codec/twolame.c index 3257b76..b44647e 100644 --- a/modules/codec/twolame.c +++ b/modules/codec/twolame.c @@ -251,12 +251,24 @@ static int OpenEncoder( vlc_object_t *p_this ) ****************************************************************************/ static void Bufferize( encoder_t *p_enc, int16_t *p_in, int i_nb_samples ) { - int16_t *p_buffer = p_enc->p_sys->p_buffer - + (p_enc->p_sys->i_nb_samples - * p_enc->fmt_in.audio.i_channels); + encoder_sys_t *p_sys = p_enc->p_sys; + const unsigned i_offset = p_sys->i_nb_samples * p_enc->fmt_in.audio.i_channels; + const unsigned i_len = ARRAY_SIZE(p_sys->p_buffer); + + if( i_offset >= i_len ) + { + msg_Err( p_enc, "buffer full" ); + return; + } + + unsigned i_copy = i_nb_samples * p_enc->fmt_in.audio.i_channels; + if( i_copy + i_offset > i_len) + { + msg_Err( p_enc, "dropping samples" ); + i_copy = i_len - i_offset; + } - memcpy( p_buffer, p_in, i_nb_samples * p_enc->fmt_in.audio.i_channels - * sizeof(int16_t) ); + memcpy( p_sys->p_buffer + i_offset, p_in, i_copy * sizeof(int16_t) ); } static block_t *Encode( encoder_t *p_enc, block_t *p_aout_buf ) _______________________________________________ vlc-commits mailing list vlc-commits@videolan.org https://mailman.videolan.org/listinfo/vlc-commits
