Commit 57c0da6f authored by Michael Niedermayer's avatar Michael Niedermayer

smacker: sanity check audio size.

Fixes, excessive memory allocation
Fixes Ticket1892
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 014058ab
...@@ -608,6 +608,11 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data, ...@@ -608,6 +608,11 @@ static int smka_decode_frame(AVCodecContext *avctx, void *data,
unp_size = AV_RL32(buf); unp_size = AV_RL32(buf);
if (unp_size > (1U<<24)) {
av_log(avctx, AV_LOG_ERROR, "packet is too big\n");
return AVERROR_INVALIDDATA;
}
init_get_bits(&gb, buf + 4, (buf_size - 4) * 8); init_get_bits(&gb, buf + 4, (buf_size - 4) * 8);
if(!get_bits1(&gb)){ if(!get_bits1(&gb)){
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment