[FFmpeg-cvslog] mpc7: fix handling of last frame

Michael Niedermayer git at videolan.org
Sat Jun 2 23:50:32 CEST 2012


ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat Jun  2 23:43:31 2012 +0200| [e95233789c08f55c0b2d0657bada609629a59294] | committer: Michael Niedermayer

mpc7: fix handling of last frame

Fixes heap buffer overflow
Fixes ticket1393

Found-by: Piotr Bandurski <ami_stuff at o2.pl>
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>

> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e95233789c08f55c0b2d0657bada609629a59294
---

 libavcodec/mpc7.c |    4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libavcodec/mpc7.c b/libavcodec/mpc7.c
index 14abff4..0a45826 100644
--- a/libavcodec/mpc7.c
+++ b/libavcodec/mpc7.c
@@ -228,7 +228,7 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
     buf_size  -= 4;
 
     /* get output buffer */
-    c->frame.nb_samples = last_frame ? c->lastframelen : MPC_FRAME_SIZE;
+    c->frame.nb_samples = MPC_FRAME_SIZE;
     if ((ret = avctx->get_buffer(avctx, &c->frame)) < 0) {
         av_log(avctx, AV_LOG_ERROR, "get_buffer() failed\n");
         return ret;
@@ -298,6 +298,8 @@ static int mpc7_decode_frame(AVCodecContext * avctx, void *data,
             idx_to_quant(c, &gb, bands[i].res[ch], c->Q[ch] + off);
 
     ff_mpc_dequantize_and_synth(c, mb, c->frame.data[0], 2);
+    if(last_frame)
+        c->frame.nb_samples = c->lastframelen;
 
     bits_used = get_bits_count(&gb);
     bits_avail = buf_size * 8;



More information about the ffmpeg-cvslog mailing list