Commit 754ebd1a authored by Justin Ruggles's avatar Justin Ruggles

adxenc: check output buffer size before writing

parent 1fb47728
...@@ -87,6 +87,9 @@ static int adx_encode_header(AVCodecContext *avctx, uint8_t *buf, int bufsize) ...@@ -87,6 +87,9 @@ static int adx_encode_header(AVCodecContext *avctx, uint8_t *buf, int bufsize)
{ {
ADXContext *c = avctx->priv_data; ADXContext *c = avctx->priv_data;
if (bufsize < HEADER_SIZE)
return AVERROR(EINVAL);
bytestream_put_be16(&buf, 0x8000); /* header signature */ bytestream_put_be16(&buf, 0x8000); /* header signature */
bytestream_put_be16(&buf, HEADER_SIZE - 4); /* copyright offset */ bytestream_put_be16(&buf, HEADER_SIZE - 4); /* copyright offset */
bytestream_put_byte(&buf, 3); /* encoding */ bytestream_put_byte(&buf, 3); /* encoding */
...@@ -140,10 +143,19 @@ static int adx_encode_frame(AVCodecContext *avctx, uint8_t *frame, ...@@ -140,10 +143,19 @@ static int adx_encode_frame(AVCodecContext *avctx, uint8_t *frame,
int ch; int ch;
if (!c->header_parsed) { if (!c->header_parsed) {
int hdrsize = adx_encode_header(avctx, dst, buf_size); int hdrsize;
dst += hdrsize; if ((hdrsize = adx_encode_header(avctx, dst, buf_size)) < 0) {
av_log(avctx, AV_LOG_ERROR, "output buffer is too small\n");
return AVERROR(EINVAL);
}
dst += hdrsize;
buf_size -= hdrsize;
c->header_parsed = 1; c->header_parsed = 1;
} }
if (buf_size < BLOCK_SIZE * avctx->channels) {
av_log(avctx, AV_LOG_ERROR, "output buffer is too small\n");
return AVERROR(EINVAL);
}
for (ch = 0; ch < avctx->channels; ch++) { for (ch = 0; ch < avctx->channels; ch++) {
adx_encode(c, dst, samples + ch, &c->prev[ch], avctx->channels); adx_encode(c, dst, samples + ch, &c->prev[ch], avctx->channels);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment