projects / platform / upstream / libav.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0f943ce)
TTA : Check if the output buffer size is within bounds.
authorJai Menon <jmenon86@gmail.com>
Sun, 28 Mar 2010 17:17:48 +0000 (17:17 +0000)
committerJai Menon <jmenon86@gmail.com>
Sun, 28 Mar 2010 17:17:48 +0000 (17:17 +0000)
Fixes issue 1848.

Originally committed as revision 22711 to svn://svn.ffmpeg.org/ffmpeg/trunk

libavcodec/tta.c patch | blob | history

diff --git a/libavcodec/tta.c b/libavcodec/tta.c
index 7dd4cc5..61ac287 100644 (file)
--- a/libavcodec/tta.c
+++ b/libavcodec/tta.c
@@ -302,6 +302,10 @@ static int tta_decode_frame(AVCodecContext *avctx,
         int cur_chan = 0, framelen = s->frame_length;
         int32_t *p;
 
+        if (*data_size < (framelen * s->channels * 2)) {
+            av_log(avctx, AV_LOG_ERROR,"Output buffer size is too small.\n");
+            return -1;
+        }
         // FIXME: seeking
         s->total_frames--;
         if (!s->total_frames && s->last_frame_length)
Domain: Multimedia / Media Content;