[FFmpeg-cvslog] atrac3: check output buffer size before decoding

[Justin Ruggles]

ffmpeg | branch: master | Justin Ruggles <justin.ruggles at gmail.com> | Fri Oct 14 17:09:58 2011 -0400| [7e4881a2d074a7dfba7ee1990b3e17c9276f985d] | committer: Justin Ruggles

atrac3: check output buffer size before decoding

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=7e4881a2d074a7dfba7ee1990b3e17c9276f985d
---

 libavcodec/atrac3.c |   10 ++++++++--
 1 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/libavcodec/atrac3.c b/libavcodec/atrac3.c
index 8bd6adf..6828ff0 100644
--- a/libavcodec/atrac3.c
+++ b/libavcodec/atrac3.c
@@ -827,7 +827,7 @@ static int atrac3_decode_frame(AVCodecContext *avctx,
     const uint8_t *buf = avpkt->data;
     int buf_size = avpkt->size;
     ATRAC3Context *q = avctx->priv_data;
-    int result = 0;
+    int result = 0, out_size;
     const uint8_t* databuf;
     float *samples = data;
 
@@ -838,6 +838,12 @@ static int atrac3_decode_frame(AVCodecContext *avctx,
         return buf_size;
     }
 
+    out_size = 1024 * q->channels * av_get_bytes_per_sample(avctx->sample_fmt);
+    if (*data_size < out_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+        return AVERROR(EINVAL);
+    }
+
     /* Check if we need to descramble and what buffer to pass on. */
     if (q->scrambled_stream) {
         decode_bytes(buf, q->decoded_bytes_buffer, avctx->block_align);
@@ -858,7 +864,7 @@ static int atrac3_decode_frame(AVCodecContext *avctx,
         q->fmt_conv.float_interleave(samples, (const float **)q->outSamples,
                                      1024, 2);
     }
-    *data_size = 1024 * q->channels * av_get_bytes_per_sample(avctx->sample_fmt);
+    *data_size = out_size;
 
     return avctx->block_align;
 }