check the validity of the amount of the remaining bytes in the bitsteam before memcpy

Originally committed as revision 6105 to svn://svn.ffmpeg.org/ffmpeg/trunk

check the validity of the amount of the remaining bytes in the bitsteam before memcpy
Originally committed as revision 6105 to svn://svn.ffmpeg.org/ffmpeg/trunk
39b434c6 · Michael Niedermayer · 716d73b4 · 39b434c6
Commit 39b434c6 authored Aug 27, 2006 by Michael Niedermayer
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

mpegaudiodec.c libavcodec/mpegaudiodec.c +4 -1

No files found.
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -2522,7 +2522,10 @@ static int mp_decode_frame(MPADecodeContext *s,
        align_get_bits(&s->gb);
        assert((get_bits_count(&s->gb) & 7) == 0);
        s->last_buf_size= (s->gb.size_in_bits - get_bits_count(&s->gb))>>3;
-        memcpy(s->last_buf, s->gb.buffer + (get_bits_count(&s->gb)>>3), s->last_buf_size);
+        if(s->last_buf_size <0 || s->last_buf_size > BACKSTEP_SIZE || nb_frames<0)
+            s->last_buf_size= FFMIN(BACKSTEP_SIZE, buf_size - HEADER_SIZE);
+        assert(s->last_buf_size <= buf_size - HEADER_SIZE);
+        memcpy(s->last_buf, s->gb.buffer + buf_size - HEADER_SIZE - s->last_buf_size, s->last_buf_size);

        break;
    }