shorten: check output buffer size before decoding
authorJustin Ruggles <justin.ruggles@gmail.com>
Fri, 16 Sep 2011 22:01:28 +0000 (18:01 -0400)
committerMichael Niedermayer <michaelni@gmx.at>
Fri, 4 Nov 2011 00:30:29 +0000 (01:30 +0100)
Signed-off-by: Michael Niedermayer <michaelni@gmx.at>
libavcodec/shorten.c

index 8ebe033..0b9d420 100644 (file)
@@ -481,6 +481,12 @@ static int shorten_decode_frame(AVCodecContext *avctx,
 
                     s->cur_chan++;
                     if (s->cur_chan == s->channels) {
+                        int out_size = s->blocksize * s->channels *
+                                       av_get_bytes_per_sample(avctx->sample_fmt);
+                        if (*data_size < out_size) {
+                            av_log(avctx, AV_LOG_ERROR, "Output buffer is too small\n");
+                            return AVERROR(EINVAL);
+                        }
                         samples = interleave_buffer(samples, s->channels, s->blocksize, s->decoded);
                         s->cur_chan = 0;
                         goto frame_done;