[FFmpeg-cvslog] avcodec/s302menc: check if buf_size can actually be put into 16bit size
Paul B Mahol
git at videolan.org
Sun Dec 20 16:11:54 CET 2015
ffmpeg | branch: master | Paul B Mahol <onemda at gmail.com> | Sat Dec 19 21:52:19 2015 +0100| [db6e337b41fce401e67daa2f05fbe0663f825240] | committer: Paul B Mahol
avcodec/s302menc: check if buf_size can actually be put into 16bit size
This disallows creating unplayable audio.
Signed-off-by: Paul B Mahol <onemda at gmail.com>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=db6e337b41fce401e67daa2f05fbe0663f825240
---
libavcodec/s302menc.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/libavcodec/s302menc.c b/libavcodec/s302menc.c
index 3706eba..c703e9a 100644
--- a/libavcodec/s302menc.c
+++ b/libavcodec/s302menc.c
@@ -78,6 +78,11 @@ static int s302m_encode2_frame(AVCodecContext *avctx, AVPacket *avpkt,
uint8_t *o;
PutBitContext pb;
+ if (buf_size - AES3_HEADER_LEN > UINT16_MAX) {
+ av_log(avctx, AV_LOG_ERROR, "number of samples in frame too big\n");
+ return AVERROR(EINVAL);
+ }
+
if ((ret = ff_alloc_packet2(avctx, avpkt, buf_size, 0)) < 0)
return ret;
More information about the ffmpeg-cvslog
mailing list