check the validity of the amount of the remaining bytes in the bitsteam before memcpy

git-svn-id: file:///var/local/repositories/ffmpeg/trunk@6105 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b

check the validity of the amount of the remaining bytes in the bitsteam before memcpy
git-svn-id: file:///var/local/repositories/ffmpeg/trunk@6105 9553f0bf-9b14-0410-a0b8-cfaf0461ba5b
b5df2630 · michael · f3f56c41 · b5df2630
Commit b5df2630 authored Aug 27, 2006 by michael
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

libavcodec/mpegaudiodec.c libavcodec/mpegaudiodec.c +4 -1

No files found.
--- a/libavcodec/mpegaudiodec.c
+++ b/libavcodec/mpegaudiodec.c
@@ -2522,7 +2522,10 @@ static int mp_decode_frame(MPADecodeContext *s,
        align_get_bits(&s->gb);
        assert((get_bits_count(&s->gb) & 7) == 0);
        s->last_buf_size= (s->gb.size_in_bits - get_bits_count(&s->gb))>>3;
-        memcpy(s->last_buf, s->gb.buffer + (get_bits_count(&s->gb)>>3), s->last_buf_size);
+        if(s->last_buf_size <0 || s->last_buf_size > BACKSTEP_SIZE || nb_frames<0)
+            s->last_buf_size= FFMIN(BACKSTEP_SIZE, buf_size - HEADER_SIZE);
+        assert(s->last_buf_size <= buf_size - HEADER_SIZE);
+        memcpy(s->last_buf, s->gb.buffer + buf_size - HEADER_SIZE - s->last_buf_size, s->last_buf_size);
        break;
    }