apedec: use unsigned int for 'nblocks' and make sure that it's within int range

author Justin Ruggles <justin.ruggles@gmail.com>

Tue, 11 Oct 2011 17:17:44 +0000 (13:17 -0400)

committer Justin Ruggles <justin.ruggles@gmail.com>

Fri, 28 Oct 2011 15:47:27 +0000 (11:47 -0400)
author Justin Ruggles <justin.ruggles@gmail.com>
Tue, 11 Oct 2011 17:17:44 +0000 (13:17 -0400)
committer Justin Ruggles <justin.ruggles@gmail.com>
Fri, 28 Oct 2011 15:47:27 +0000 (11:47 -0400)
diff --git a/libavcodec/apedec.c b/libavcodec/apedec.c

index a741c7d..f6ec470 100644 (file)
--- a/libavcodec/apedec.c
+++ b/libavcodec/apedec.c
@@ -812,7 +812,7 @@ static int ape_decode_frame(AVCodecContext *avctx,
      int buf_size = avpkt->size;
      APEContext *s = avctx->priv_data;
      int16_t *samples = data;
-    int nblocks;
+    uint32_t nblocks;
      int i, n;
      int blockstodecode;
      int bytes_used;
@@ -843,9 +843,9 @@ static int ape_decode_frame(AVCodecContext *avctx,
  
          s->currentframeblocks = nblocks;
          buf += 4;
-        if (nblocks <= 0) {
-            *data_size = 0;
-            return buf_size;
+        if (!nblocks || nblocks > INT_MAX) {
+            av_log(avctx, AV_LOG_ERROR, "Invalid sample count: %u.\n", nblocks);
+            return AVERROR_INVALIDDATA;
          }
          s->samples = nblocks;
author	Justin Ruggles <justin.ruggles@gmail.com>
	Tue, 11 Oct 2011 17:17:44 +0000 (13:17 -0400)
committer	Justin Ruggles <justin.ruggles@gmail.com>
	Fri, 28 Oct 2011 15:47:27 +0000 (11:47 -0400)