Commit c426562c authored by Pascal Massimino's avatar Pascal Massimino

add some buffer checks

Originally committed as revision 24184 to svn://svn.ffmpeg.org/ffmpeg/trunk
parent 42859ddb
...@@ -172,6 +172,10 @@ static int oggvorbis_encode_frame(AVCodecContext *avccontext, ...@@ -172,6 +172,10 @@ static int oggvorbis_encode_frame(AVCodecContext *avccontext,
* not, apparently the end of stream decision is in libogg. */ * not, apparently the end of stream decision is in libogg. */
if(op.bytes==1 && op.e_o_s) if(op.bytes==1 && op.e_o_s)
continue; continue;
if (context->buffer_index + sizeof(ogg_packet) + op.bytes > BUFFER_SIZE) {
av_log(avccontext, AV_LOG_ERROR, "libvorbis: buffer overflow.");
return -1;
}
memcpy(context->buffer + context->buffer_index, &op, sizeof(ogg_packet)); memcpy(context->buffer + context->buffer_index, &op, sizeof(ogg_packet));
context->buffer_index += sizeof(ogg_packet); context->buffer_index += sizeof(ogg_packet);
memcpy(context->buffer + context->buffer_index, op.packet, op.bytes); memcpy(context->buffer + context->buffer_index, op.packet, op.bytes);
...@@ -189,6 +193,11 @@ static int oggvorbis_encode_frame(AVCodecContext *avccontext, ...@@ -189,6 +193,11 @@ static int oggvorbis_encode_frame(AVCodecContext *avccontext,
avccontext->coded_frame->pts= av_rescale_q(op2->granulepos, (AVRational){1, avccontext->sample_rate}, avccontext->time_base); avccontext->coded_frame->pts= av_rescale_q(op2->granulepos, (AVRational){1, avccontext->sample_rate}, avccontext->time_base);
//FIXME we should reorder the user supplied pts and not assume that they are spaced by 1/sample_rate //FIXME we should reorder the user supplied pts and not assume that they are spaced by 1/sample_rate
if (l > buf_size) {
av_log(avccontext, AV_LOG_ERROR, "libvorbis: buffer overflow.");
return -1;
}
memcpy(packets, op2->packet, l); memcpy(packets, op2->packet, l);
context->buffer_index -= l + sizeof(ogg_packet); context->buffer_index -= l + sizeof(ogg_packet);
memmove(context->buffer, context->buffer + l + sizeof(ogg_packet), context->buffer_index); memmove(context->buffer, context->buffer + l + sizeof(ogg_packet), context->buffer_index);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment