Heap buffer overflow.

git-svn-id: file:///var/local/repositories/ffmpeg/trunk@13051 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

Heap buffer overflow.
git-svn-id: file:///var/local/repositories/ffmpeg/trunk@13051 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
ae882e2f · michael · 5950179e · ae882e2f
Commit ae882e2f authored May 03, 2008 by michael
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

libavcodec/alac.c libavcodec/alac.c +5 -1

No files found.
--- a/libavcodec/alac.c
+++ b/libavcodec/alac.c
@@ -405,7 +405,7 @@ static int alac_decode_frame(AVCodecContext *avctx,
    ALACContext *alac = avctx->priv_data;
    int channels;
-    int32_t outputsamples;
+    unsigned int outputsamples;
    int hassize;
    int readsamplesize;
    int wasted_bytes;
@@ -458,6 +458,10 @@ static int alac_decode_frame(AVCodecContext *avctx,
    if (hassize) {
        /* now read the number of samples as a 32bit integer */
        outputsamples = get_bits(&alac->gb, 32);
+        if(outputsamples > alac->setinfo_max_samples_per_frame){
+            av_log(avctx, AV_LOG_ERROR, "outputsamples %d > %d\n", outputsamples, alac->setinfo_max_samples_per_frame);
+            return -1;
+        }
    } else
        outputsamples = alac->setinfo_max_samples_per_frame;