[FFmpeg-cvslog] imc: check output buffer size before decoding

[Justin Ruggles]

ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Fri Oct 28 18:24:03 2011 -0400| [86962b13f6d26fee398e4f8264e676461da91dfe] | committer: Justin Ruggles

imc: check output buffer size before decoding

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=86962b13f6d26fee398e4f8264e676461da91dfe
---

 libavcodec/imc.c |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/libavcodec/imc.c b/libavcodec/imc.c
index 1a3eeaa..db388e3 100644
--- a/libavcodec/imc.c
+++ b/libavcodec/imc.c
@@ -651,7 +651,7 @@ static int imc_decode_frame(AVCodecContext * avctx,
     IMCContext *q = avctx->priv_data;
 
     int stream_format_code;
-    int imc_hdr, i, j;
+    int imc_hdr, i, j, out_size;
     int flag;
     int bits, summer;
     int counter, bitscount;
@@ -662,6 +662,12 @@ static int imc_decode_frame(AVCodecContext * avctx,
         return -1;
     }
 
+    out_size = COEFFS * av_get_bytes_per_sample(avctx->sample_fmt);
+    if (*data_size < out_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
+    }
+
     q->dsp.bswap16_buf(buf16, (const uint16_t*)buf, IMC_BLOCK_SIZE / 2);
 
     q->out_samples = data;
@@ -808,7 +814,7 @@ static int imc_decode_frame(AVCodecContext * avctx,
 
     imc_imdct256(q);
 
-    *data_size = COEFFS * sizeof(float);
+    *data_size = out_size;
 
     return IMC_BLOCK_SIZE;
 }