shorten: check output buffer size before decoding
authorJustin Ruggles <justin.ruggles@gmail.com>
Fri, 16 Sep 2011 22:01:28 +0000 (18:01 -0400)
committerJustin Ruggles <justin.ruggles@gmail.com>
Thu, 20 Oct 2011 17:09:26 +0000 (13:09 -0400)
libavcodec/shorten.c

index ec50fc1..8031758 100644 (file)
@@ -550,9 +550,15 @@ static int shorten_decode_frame(AVCodecContext *avctx,
             /* if this is the last channel in the block, output the samples */
             s->cur_chan++;
             if (s->cur_chan == s->channels) {
+                int out_size = s->blocksize * s->channels *
+                               av_get_bytes_per_sample(avctx->sample_fmt);
+                if (*data_size < out_size) {
+                    av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+                    return AVERROR(EINVAL);
+                }
                 samples = interleave_buffer(samples, s->channels, s->blocksize, s->decoded);
                 s->cur_chan = 0;
-                *data_size = (int8_t *)samples - (int8_t *)data;
+                *data_size = out_size;
             } else {
                 *data_size = 0;
             }