Commit 8dfb13ea authored by Michael Niedermayer's avatar Michael Niedermayer

adxdec: Check available space before decoding block.

Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: 's avatarMichael Niedermayer <michaelni@gmx.at>
parent 6d24fe2c
...@@ -100,6 +100,7 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data, ...@@ -100,6 +100,7 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data,
ADXContext *c = avctx->priv_data; ADXContext *c = avctx->priv_data;
int16_t *samples; int16_t *samples;
const uint8_t *buf = avpkt->data; const uint8_t *buf = avpkt->data;
const uint8_t *buf_end = buf + avpkt->size;
int num_blocks, ch, ret; int num_blocks, ch, ret;
if (c->eof) { if (c->eof) {
...@@ -148,7 +149,7 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data, ...@@ -148,7 +149,7 @@ static int adx_decode_frame(AVCodecContext *avctx, void *data,
while (num_blocks--) { while (num_blocks--) {
for (ch = 0; ch < c->channels; ch++) { for (ch = 0; ch < c->channels; ch++) {
if (adx_decode(c, samples + ch, buf, ch)) { if (buf_end - buf < BLOCK_SIZE || adx_decode(c, samples + ch, buf, ch)) {
c->eof = 1; c->eof = 1;
buf = avpkt->data + avpkt->size; buf = avpkt->data + avpkt->size;
break; break;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment