[FFmpeg-cvslog] shorten: check output buffer size before decoding

Justin Ruggles git at videolan.org
Fri Nov 4 13:22:23 CET 2011


ffmpeg | branch: release/0.8 | Justin Ruggles <justin.ruggles at gmail.com> | Fri Sep 16 18:01:28 2011 -0400| [b08001e00ac4be3dd586825d135b30bdf389d7b0] | committer: Michael Niedermayer

shorten: check output buffer size before decoding

Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=b08001e00ac4be3dd586825d135b30bdf389d7b0
---

 libavcodec/shorten.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/libavcodec/shorten.c b/libavcodec/shorten.c
index 8ebe033..0b9d420 100644
--- a/libavcodec/shorten.c
+++ b/libavcodec/shorten.c
@@ -481,6 +481,12 @@ static int shorten_decode_frame(AVCodecContext *avctx,
 
                     s->cur_chan++;
                     if (s->cur_chan == s->channels) {
+                        int out_size = s->blocksize * s->channels *
+                                       av_get_bytes_per_sample(avctx->sample_fmt);
+                        if (*data_size < out_size) {
+                            av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+                            return AVERROR(EINVAL);
+                        }
                         samples = interleave_buffer(samples, s->channels, s->blocksize, s->decoded);
                         s->cur_chan = 0;
                         goto frame_done;



More information about the ffmpeg-cvslog mailing list