[FFmpeg-devel] [PATCH] check input/output buffer size in dpcm decoders
Kostya
kostya.shishkov
Sun Sep 16 07:44:52 CEST 2007
$subj
Maybe this will help my patch on decode_audio2() get applied.
-------------- next part --------------
Index: libavcodec/dpcm.c
===================================================================
--- libavcodec/dpcm.c (revision 10503)
+++ libavcodec/dpcm.c (working copy)
@@ -173,6 +173,10 @@
if (!buf_size)
return 0;
+ // almost every DPCM variant expands one byte of data into two
+ if(*data_size/2 < buf_size)
+ return -1;
+
switch(avctx->codec->id) {
case CODEC_ID_ROQ_DPCM:
@@ -256,6 +260,8 @@
case CODEC_ID_SOL_DPCM:
in = 0;
if (avctx->codec_tag != 3) {
+ if(*data_size/4 < buf_size)
+ return -1;
while (in < buf_size) {
int n1, n2;
n1 = (buf[in] >> 4) & 0xF;
More information about the ffmpeg-devel
mailing list