Check output buffer size before decoding.

Originally committed as revision 15257 to svn://svn.ffmpeg.org/ffmpeg/trunk

Check output buffer size before decoding.
Originally committed as revision 15257 to svn://svn.ffmpeg.org/ffmpeg/trunk
42fe17a0 · Vitor Sessak · d636f0cc · 42fe17a0
Commit 42fe17a0 authored Sep 07, 2008 by Vitor Sessak
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 0 deletions

mace.c libavcodec/mace.c +10 -0

No files found.
--- a/libavcodec/mace.c
+++ b/libavcodec/mace.c
@@ -235,6 +235,11 @@ static int mace3_decode_frame(AVCodecContext *avctx,
    MACEContext *ctx = avctx->priv_data;
    int i, j, k;
+    if (*data_size < 2 * 3 * buf_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer too small!\n");
+        return -1;
+    }
    for(i = 0; i < avctx->channels; i++) {
        int16_t *output = samples + i;
@@ -266,6 +271,11 @@ static int mace6_decode_frame(AVCodecContext *avctx,
    MACEContext *ctx = avctx->priv_data;
    int i, j;
+    if (*data_size < 2 * 6 * buf_size) {
+        av_log(avctx, AV_LOG_ERROR, "Output buffer too small!\n");
+        return -1;
+    }
    for(i = 0; i < avctx->channels; i++) {
        int16_t *output = samples + i;