This makes the check that avoids overwrite of the samples array actually
work properly.
fixes CVE-2012-0848
CC: libav-stable@libav.org
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
Signed-off-by: Justin Ruggles <justin.ruggles@gmail.com>
/* make sure we don't write past the output buffer */
switch (code) {
- case 0: smp = 4; break;
- case 1: smp = 2; break;
+ case 0: smp = 4 * (count + 1); break;
+ case 1: smp = 2 * (count + 1); break;
case 2: smp = (count & 0x20) ? 1 : count + 1; break;
default: smp = count + 1; break;
}