fix exploitable buffer overflow

Originally committed as revision 8850 to svn://svn.ffmpeg.org/ffmpeg/trunk

diff --git a/libavcodec/dca.c b/libavcodec/dca.c
index a547007..1c040e2 100644 (file)
--- a/libavcodec/dca.c
+++ b/libavcodec/dca.c
@@ -1089,6 +1089,9 @@ static int dca_convert_bitstream(uint8_t * src, int src_size, uint8_t * dst,
     uint16_t *ssrc = (uint16_t *) src, *sdst = (uint16_t *) dst;
     PutBitContext pb;
 
+    if((unsigned)src_size > (unsigned)max_size)
+        return -1;
+
     mrk = AV_RB32(src);
     switch (mrk) {
     case DCA_MARKER_RAW_BE: