Skip to content

F
ffmpeg
Commit 33684b9c authored by Justin Ruggles's avatar Justin Ruggles
Browse files
Options

atrac1: check output buffer size before decoding

parent 5c353eb8
Hide whitespace changes
Inline Side-by-side
Showing with 9 additions and 2 deletions
libavcodec/atrac1.c
View file @ 33684b9c
...@@ -276,7 +276,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data, ...@@ -276,7 +276,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
const uint8_t *buf = avpkt->data; const uint8_t *buf = avpkt->data;
int buf_size = avpkt->size; int buf_size = avpkt->size;
AT1Ctx *q = avctx->priv_data; AT1Ctx *q = avctx->priv_data;
int ch, ret, i; int ch, ret, i, out_size;
GetBitContext gb; GetBitContext gb;
float* samples = data; float* samples = data;
...@@ -286,6 +286,13 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data, ...@@ -286,6 +286,13 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
return -1; return -1;
} }
out_size = q->channels * AT1_SU_SAMPLES *
av_get_bytes_per_sample(avctx->sample_fmt);
if (*data_size < out_size) {
av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
return AVERROR(EINVAL);
}
for (ch = 0; ch < q->channels; ch++) { for (ch = 0; ch < q->channels; ch++) {
AT1SUCtx* su = &q->SUs[ch]; AT1SUCtx* su = &q->SUs[ch];
...@@ -318,7 +325,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data, ...@@ -318,7 +325,7 @@ static int atrac1_decode_frame(AVCodecContext *avctx, void *data,
} }
} }
*data_size = q->channels * AT1_SU_SAMPLES * sizeof(*samples); *data_size = out_size;
return avctx->block_align; return avctx->block_align;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment