Commit 895d258e authored by Michael Niedermayer's avatar Michael Niedermayer

qdm2dec: fix buffer overflow.

Fixes NGS00144

Thanks to Phillip for suggestions to improve the patch.
Found-by: Phillip Langlois
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 919c00ba
......@@ -170,7 +170,7 @@ typedef struct {
/// I/O data
const uint8_t *compressed_data;
int compressed_size;
float output_buffer[QDM2_MAX_FRAME_SIZE * 2];
float output_buffer[QDM2_MAX_FRAME_SIZE * MPA_MAX_CHANNELS * 2];
/// Synthesis filter
MPADSPContext mpadsp;
......@@ -1896,6 +1896,9 @@ static int qdm2_decode (QDM2Context *q, const uint8_t *in, int16_t *out)
int ch, i;
const int frame_size = (q->frame_size * q->channels);
if((unsigned)frame_size > FF_ARRAY_ELEMS(q->output_buffer)/2)
return -1;
/* select input buffer */
q->compressed_data = in;
q->compressed_size = q->checksum_size;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment